Hello dear Apple Platform Engineers, I'm working on an iOS App that connects to a Bluetooth Low Energy Peripheral in the foreground. Whenever the App moves into Background, we want to continue syncing data & therefore implemented State Restoration to be informed about Discovery, Connect, Disconnect or Characteristic changes in the Background in order to wake the App up whenever it was "Terminated due to memory issue". I consulted https://aninterestingwebsite.com/library/archive/documentation/NetworkingInternetWeb/Conceptual/CoreBluetooth_concepts/CoreBluetoothBackgroundProcessingForIOSApps/PerformingTasksWhileYourAppIsInTheBackground.html#//apple_ref/doc/uid/TP40013257-CH7-SW1 for this & assigned: CBCentralManagerOptionRestoreIdentifierKey Reinstantiate the dedicated CentralManager & implemented the centralManager(_ central: CBCentralManager, willRestoreState dict: [String : Any]) Delegate Additionally, I assigned the following keys on connect(_ peripheral: CBPeripheral, options: [String : Any]? = nil) CBConnectPeripheralOptionNotifyOnConnectionKey CBConnectPeripheralOptionNotifyOnDisconnectionKey CBConnectPeripheralOptionNotifyOnNotificationKey However, from my experience the App gets woken up, but neither the willRestoreState nor the didDiscover, didConnect or didDisconnectPeripheral is called even though launchOptions?[UIApplication.LaunchOptionsKey.bluetoothCentrals] as? [String] is not empty. What might I be missing when trying to make this approach work? Thanks a lot for any insights & support!

The production macOS build is showing severe performance problems, while Mac_Dev performs normally. Observed behavior in production Mac build: Issue board scrolling becomes inconsistent or nearly unusable Changing an issue status in detail view is very slow Scrolling the status menu/options can be slow Typing in issue description/notes fields becomes sluggish Dragging issues between milestones/statuses on the board can lag badly Observed behavior in Mac_Dev: Board scrolling is smooth Status changes are immediate Typing in description fields is responsive Drag/drop between milestones works well Important comparison: Mac_Dev appears to run against an isolated local SwiftData store Production Mac app uses the normal CloudKit-backed store Because the same UI is fast in Mac_Dev, this does not look like a pure rendering problem Most likely cause is production store / CloudKit sync churn amplifying existing SwiftUI invalidation and save behavior Current hypothesis: The production app is saving or observing live Issue mutations too aggressively Detail view edits and some quick actions may be causing repeated saves / broad view invalidation Cloud-backed persistence likely makes the problem much worse than the isolated dev store The UI architecture may still need cleanup, but the production data lane is likely a major factor Any help in understanding how best to address this would be helpful.

Development environment: Xcode 26.4, macOS 26.3.1 Run-time configuration: iOS 18.7.6 and higher We have an application running on supervised devices, with an MDM profile typically deployed via jamf. The profile enables a Content Filter, with the two flags "Socket Filter" and "Browser Filter" set to true. On the device side, we implement the content filter as a network extension via: a class FilterDataProvider extending NEFilterDataProvider, a class FilterControlProvider extending NEFilerControlProvider. For the record, the FilterDataProvider overrides the handle*() methods to allow all traffic; the handleNewFlow() simply reports the new connection to FilterControlProvider for analysis. Problem: some customers reported that after a reboot of their device, they would not get access to the internet for up to 60s/90s. We have not been able to reproduce the problem on our own devices. What we see is that, even with our app uninstalled, without any Content Filter, it takes roughly 20s to 25s for a device to have internet access, so we can probably consider this 20s delay as a baseline. But would you be aware of a reason that would explain the delay observed by these customers? More details: We have conducted some tests on our devices, with extended logging. In particular: we have added an internet probe in the app that is triggered when the app starts up: it will try to connect to apple.com every 2s and report success or failure, we also have a network monitor (nw_path_monitor_set_update_handler) that reacts to network stack status updates and logs the said status. A typical boot up sequence shows the following: the boot time is 7:59:05, the app starts up at 7:59:30 (manually launched when the device is ready), the probe fails and keeps failing, the content filter is initialized/started up 7:59:53 and is ready at 7:59:55, the network monitor shows that the network stack is connected (status = nw_path_status_satisfied) right after that, and the probe succeeds in connecting 2s later. In other words, internet is available about 50s after boot time, 25s after app startup (i.e. after the device is actually ready). For some customers, this 25s delay can go up to 60/90s.

I’m working on an iOS Network Extension where a NEPacketTunnelProviderconfigures a local HTTP/HTTPS proxy usingNEPacketTunnelNetworkSettings.proxySettings. Per NEProxySettings.exceptionList docs: If the destination host name of an HTTP connection matches one of these patterns then the proxy settings will not be used for the connection. However, I’m seeing two distinct issues: Issue A (exception bypass not working): HTTPS traffic to a host that matches exceptionList still reaches the proxy. Issue B (domain-scoped proxy not applied): When matchDomains is set to match a specific domain (example: ["googlevideo.com"]), I still observe its traffic in some apps is not proxied. If I remove the domain from matchDomains, the same traffic is proxied. Environment OS: iOS (reproduced with 26.4 and other versions) Devices: Reproduced with several iPhones (likely iPads as well) Xcode: 26.3 Extension: NEPacketTunnelProvider Minimal Repro (code) This is the minimal configuration. Toggle between CONFIG A / CONFIG B to reproduce each issue. import NetworkExtension final class PacketTunnelProvider: NEPacketTunnelProvider { override func startTunnel( options: [String : NSObject]? = nil, completionHandler: @escaping (Error?) -> Void ) { let proxyPort = 12345 // proxy listening port let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "8.8.8.8") let proxySettings = NEProxySettings() proxySettings.httpEnabled = true proxySettings.httpsEnabled = true proxySettings.httpServer = NEProxyServer(address: "1.2.3.4", port: proxyPort) // proxy listening address proxySettings.httpsServer = NEProxyServer(address: "1.2.3.4", port: proxyPort) // proxy listening address // CONFIG A: proxy all domains, but exclude some domains // proxySettings.matchDomains can be set to match all domains // proxySettings.exceptionList = ["*.cdninstagram.com", "cdninstagram.com"] // CONFIG B: proxy only a specific domain // proxySettings.matchDomains = ["googlevideo.com"] settings.proxySettings = proxySettings setTunnelNetworkSettings(settings) { error in completionHandler(error) } } } Repro steps Issue A (exceptionList bypass not working) Enable the VPN configuration and start the tunnel with CONFIG A (exceptionList = ["*.cdninstagram.com", "cdninstagram.com"]). Open the Instagram app to trigger HTTPS connections to *.cdninstagram.com Inspect proxy logs: cdninstagram.com traffic is still received by the proxy. Safari comparison: If I access URLs that trigger the same *.cdninstagram.com hosts from Safari, it can behave as expected. When the traffic is triggered from the Instagram app, the excluded host still reaches the proxy as CONNECT, which is unexpected. Issue B (matchDomains not applied for YouTube traffic) Start the tunnel with CONFIG B (matchDomains = ["googlevideo.com"]). Open the YouTube app and start playing a video (traffic typically targets *.googlevideo.com). Inspect proxy logs: googlevideo.com traffic is not received by the proxy. Remove the host from matchDomains and observe that googlevideo.com traffic is received by the proxy. Safari comparison: If I access a googlevideo.com host from Safari while matchDomains = ["googlevideo.com"], it behaves as expected (proxied). In contrast, the YouTube app’s googlevideo.com traffic is not proxied unless I match all domains. Expected Issue A Connections to *.cdninstagram.com in the Instagram app should not use the proxy and should not reach the local proxy server. Issue B With matchDomains = ["googlevideo.com"], traffic to *.googlevideo.com (YouTube video traffic) should be proxied and therefore reach the local proxy. Actual Issue A The local proxy still receives the request as: CONNECT scontent-mad1-1.cdninstagram.com:443 HTTP/1.1 So the bypass does not happen. Issue B With matchDomains = ["googlevideo.com"], I still observe googlevideo.com traffic in the YouTube app that is not delivered to the proxy. When all traffic is proxied, the same traffic is delivered to the proxy.

I've been working on an app. It uses iCloud syncing. 48 hours ago everything was working 100%. Make a change on the iPhone it immediately changed on the Mac. Change on the Mac, it immediately changed on the iPhone. I didn't work on it yesterday. I updated to iOS26.4 on the iPhone and 26.4 on the Mac yesterday instead. Today, I pull up the project again. I made NO changes to the code or settings. Make a change on the iPhone it immediately updates on the Mac. Make a change on the Mac, nothing happens on the iPhone. I've waited an hour, and the change never happens. If you leave the iPhone app, then return, it updates as it should. It appears that iCloud's silent notification is to being received by the iPhone. Anyone else having the issue? Is there something new with iOS 26.4 that needs to be adjusted to get this to work? Again, works flawlessly with the Mac, just not with the iPhone.

System-wide deadlock in removexattr from revisiond / APFS We're experiencing a deadlock on certains systems when our software is installed, which is causing side effects in our process (and likely others) such as blocked queues and increased memory usage. According to the spindump, revisiond appears to be holding an exclusive lock within the kernel. Process: revisiond [426] UUID: 5E9B9E04-984B-31AD-A4FF-A1A90B7D53A1 Path: /System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/Support/revisiond Codesigning ID: com.apple.revisiond Shared Cache: 25AE5A2A-FE2A-3998-8D4E-F3C5C6E6CEB6 slid base address 0x189834000, slide 0x9834000 (System Primary) Architecture: arm64e Parent: launchd [1] UID: 0 Sudden Term: Tracked Memory Limit: 50MB Jetsam Priority: 40 Footprint: 6225 KB Time Since Fork: 1740319s Num samples: 940 (1-940) Num threads: 5 Note: 1 idle work queue thread omitted [...] Thread 0xc0616d 940 samples (1-940) priority 46 (base 4) last ran 241692.754s ago 940 start_wqthread + 8 (libsystem_pthread.dylib + 7068) [0x189d0ab9c] 940 _pthread_wqthread + 292 (libsystem_pthread.dylib + 11852) [0x189d0be4c] 940 _dispatch_workloop_worker_thread + 692 (libdispatch.dylib + 85356) [0x189b65d6c] 940 _dispatch_root_queue_drain_deferred_wlh + 292 (libdispatch.dylib + 87156) [0x189b66474] 940 _dispatch_lane_invoke + 440 (libdispatch.dylib + 45048) [0x189b5bff8] 940 _dispatch_lane_serial_drain + 944 (libdispatch.dylib + 42420) [0x189b5b5b4] 940 _dispatch_client_callout + 16 (libdispatch.dylib + 113364) [0x189b6cad4] 940 _dispatch_call_block_and_release + 32 (libdispatch.dylib + 7004) [0x189b52b5c] 940 ??? (revisiond + 168768) [0x10494d340] 940 ??? (revisiond + 165940) [0x10494c834] 940 ??? (revisiond + 40264) [0x10492dd48] 940 ??? (revisiond + 56680) [0x104931d68] 940 <patched truncated backtrace> 940 removexattr + 8 (libsystem_kernel.dylib + 23768) [0x189cd1cd8] *940 ??? (kernel.release.t6000 + 15240) [0xfffffe000886fb88] *940 ??? (kernel.release.t6000 + 1886348) [0xfffffe0008a3888c] *940 ??? (kernel.release.t6000 + 7730436) [0xfffffe0008fcb504] *940 ??? (kernel.release.t6000 + 2759592) [0xfffffe0008b0dba8] *940 ??? (kernel.release.t6000 + 2808244) [0xfffffe0008b199b4] *940 apfs_vnop_removexattr + 1044 (apfs + 474512) [0xfffffe000be8d4d0] *940 decmpfs_cnode_set_vnode_state + 80 (kernel.release.t6000 + 2945816) [0xfffffe0008b3b318] *940 IORWLockWrite + 184 (kernel.release.t6000 + 496184) [0xfffffe00088e5238] *940 ??? (kernel.release.t6000 + 494624) [0xfffffe00088e4c20] *940 ??? (kernel.release.t6000 + 619452) [0xfffffe00089033bc] *940 ??? (kernel.release.t6000 + 624472) [0xfffffe0008904758] The bulk of the other processes are waiting for that lock. (suspended, blocked by krwlock for reading owned by revisiond [426] thread 0xc0616d) (blocked by krwlock for writing owned by revisiond [426] thread 0xc0616d) Around the time of the event, these messages were logged by revision: 2026-03-06 18:49:37.781673-0500 0x16b7 Error 0x7f92f364 426 14 revisiond: [com.apple.revisiond:default] [ERROR] CSCopyChunkIDsForToken failed for 41639 2026-03-06 18:49:37.781716-0500 0x16b7 Error 0x7f92f365 426 14 revisiond: [com.apple.revisiond:default] [ERROR] updateEntry for new entry <private> failed 2026-03-06 18:49:37.781738-0500 0x16b7 Error 0x7f92f366 426 14 revisiond: [com.apple.revisiond:default] [ERROR] no entry for '<private>' 2026-03-06 18:49:37.781754-0500 0x16b7 Error 0x7f92f367 426 14 revisiond: [com.apple.revisiond:default] [ERROR] failed assembleInfoForOffset for fsid 16777234 fileid 359684022 offset 0 size 14334 (path <private>) Our agent uses Endpoint Security Framework to monitor events, and provide anti-tamper functionality for installed components and processes. While several EndpointSecurity calls appear in the spindump stack traces, we don't have any evidence that any calls from revisiond were blocked. What we'd really like to to understand what that lock is (appears to be decompressing an object on an APFS volume), what revisiond and APFS are doing with it, and what might cause it to deadlock. Of note, one of our processes is also waiting on that lock, one thread for reading and the other for writing. This issue affects machines running several macOS versions (15.x, 26.x). The machine in the examples is running macOS 26.3 (25D125)

I have a FetchDescriptor that uses starts(with:) which works fine in debug builds but crashes in TestFlight and archive. For background information I'm using iCloud and model inheritance where the property being used in fetch descriptor is defined on the superclass, the fetch descriptor is for the subclass. Implementation: static func fetchDescriptor(nameStartingWith prefix: String) -> FetchDescriptor<ColorAsset> { let predicate = #Predicate<ColorAsset> { asset in asset.name.starts(with: prefix) } return FetchDescriptor<ColorAsset>(predicate: predicate) } @Model public class Asset: Identifiable { // MARK: - Properties var name: String = "" .... } @available(macOS 26.0, *) @Model public class ColorAsset: Asset { ... }

Are there some requirements to use Notification Content Extensions other than including the target to my iOS app? I have done it, configured it to match a certain category of notifications, but my custom interface doesn’t show up. is there anything I need to configure on my main app? Is that anything that should be changed there, such as disabking its botifications handling? is there any requirement concerning the payload? I tried to disable time sensitive and content-available notifications, but it didn’t help.

We have an app that controls InDesign Desktop and InDesignServer via hundreds of AppleScripts. Some macOS security updates a while back dictated that we start communicating with other apps via ScriptingBridge. We couldn't afford to convert the hundreds of AppleScripts into direct ScriptingBridge nomenclature, so we opted to keep them as is and instead tell the external apps to: [app doScript:<the script text> language:InDesignScLgApplescriptLanguage withArguments:nil undoMode:InDesignESUMScriptRequest undoName:@"blah"] There are a handful of scripts that we did convert to direct ScriptingBridge. There are times (and under the right circumstances, it's repeatable) when a certain script will have run perfectly dozens of times, and then it will throw errOSAInternalTableOverflow. We create a new SBApplication for every job (which could be a single instance of Desktop or the multiple instances of Server). Why is this error happening seemingly randomly? Is there anything we can do to work around or prevent this?

I’m trying to submit the first release of my iOS app together with the app’s first consumable in-app purchases, and I’m stuck in what looks like an App Store Connect state issue. My app was already rejected by App Review because the in-app purchases did not appear inside the app when the reviewer opened the paywall. Current setup: First app release Current app version page: iOS App Version 1.0.2 Current attached build: 5 App has never been released before 4 consumable IAPs: com.glowup.credits.100 com.glowup.credits.500 com.glowup.credits.1000 com.glowup.credits.2500 What I see in App Store Connect: All 4 IAPs show Waiting for Review On the iOS App Version 1.0.2 page, the In-App Purchases and Subscriptions section does not appear at all Because of that, I cannot explicitly select or attach the IAPs from the version page What I’ve already done: Uploaded a new build and attached build 5 to version 1.0.2 Removed my local StoreKit configuration file so the app now uses live App Store / StoreKit only Confirmed RevenueCat is configured correctly and sees the offering/packages RevenueCat logs show the products exist remotely, but StoreKit cannot fetch any live products and returns an “offerings empty / none of the products could be fetched” type error RevenueCat also reports the products are still in WAITING_FOR_REVIEW My questions: If the IAPs already show Waiting for Review, are they automatically linked to the current app submission? Is it expected that the In-App Purchases and Subscriptions section can disappear from the app version page in this state? For a first-release app that was already rejected, is attaching a new build and clicking Update Review enough, or is there another step required to associate the IAPs with the resubmission? Has anyone seen App Review reject an app for missing IAPs while the IAPs were still pending review and not yet fetchable from StoreKit? Any guidance from someone who has dealt with this exact first-release + first-IAP submission flow would help a lot.

I am working on a large-scale e-commerce application and we are trying to solve a specific issue regarding push notifications and user experience. We have a use case where we need to send a standard push notification to the user, but under certain local conditions on the device, we want to intercept that notification via a Notification Service Extension and suppress/drop it so it does not alert the user. We understand that the com.apple.developer.usernotifications.filtering entitlement allows a Notification Service Extension to drop notifications. However, looking at the entitlement request form, the categories seem strictly limited to: End-to-end encrypted messaging Earthquake warnings Education/learning platforms Enterprise healthcare apps My questions for the community and Apple staff: Is it possible for an e-commerce or retail app to be approved for this entitlement if we have a highly specific, valid use case that improves user experience. If this entitlement is strictly off-limits for our domain, what is the Apple-recommended architecture to achieve this? Thank you in advance for any insights or guidance!

Hi everyone, I’m currently reviewing the app transfer criteria in Apple’s official documentation and came across the following statement: “Mac apps that have used the sandbox environment and share the Application Group Container Directory with other Mac apps can't be transferred.” We are planning to add Widget support to our iOS app before initiating an app transfer. As part of this, the app would likely: Enable App Sandbox Use App Groups to share data between the main app and the Widget Given this, I have a couple of questions: Although the documentation explicitly mentions Mac apps, would the same restriction for app transfer apply to iOS apps that use App Groups (e.g., for Widgets)? If iOS apps are not subject to this restriction, will the Widget extension and its associated App Group data transfer correctly along with the main app during the transfer process? We want to make sure we don’t introduce any blockers before proceeding with the transfer. Any clarification or related experience would be greatly appreciated. Thanks in advance!

Hello team, I have implemented sample project for URL Filtering as well as setup PIR server at backend but currently I am facing a major issue, If PIR server is re started then the app shows error code 9 every time until. and unless I disconnect and connect it back to internet

I have a macOS VPN app with a Network Extension (packet tunnel provider) distributed outside the App Store via Developer ID. Everything works perfectly when running from Xcode. After archiving and exporting for Developer ID distribution, the extension launches but immediately gets killed by nesessionmanager. The error: Signature check failed: code failed to satisfy specified code requirement(s) followed by: started with PID 0 status changed to disconnected, last stop reason Plugin failed What makes this interesting: the extension process does launch. AMFI approves it, taskgated-helper validates the provisioning profile and says allowing entitlement(s) due to provisioning profile, the sandbox is applied, PacketTunnelProvider is created — but then Apple's Security framework internally fails the designated requirement check and nesessionmanager kills the session. Key log sequence: taskgated-helper: Checking profile: Developer ID - MacOS WireGuardExtension taskgated-helper: allowing entitlement(s) for com.xx.xx.WireGuardNetworkExtension due to provisioning profile (isUPP: 1) WireGuardNetworkExtensionMac: AppSandbox request successful WireGuardNetworkExtensionMac: creating principle object: PacketTunnelProvider WireGuardNetworkExtensionMac: Signature check failed: code failed to satisfy specified code requirement(s) nesessionmanager: started with PID 0 error (null) nesessionmanager: status changed to disconnected, last stop reason Plugin failed Setup: macOS 15, Xcode 16 Developer ID Application certificate Manual code signing, Developer ID provisioning profiles with Network Extensions capability Extension in Contents/PlugIns/ (standard appex, not System Extension) Extension entitlement: packet-tunnel-provider-systemextension NSExtensionPointIdentifier: com.apple.networkextension.packet-tunnel codesign --verify --deep --strict PASSES on the exported app Hardened runtime enabled on all targets What I've verified: Both app and extension have matching TeamIdentifier Both are signed with the same Developer ID Application certificate The designated requirement correctly references the cert's OIDs The provisioning profiles are valid and taskgated-helper explicitly approves them No custom signature validation code exists in the extension — the "Signature check failed" comes from Apple's Security framework What I've tried (all produce the same error): Normal Xcode archive + export (Direct Distribution) Manual build + sign script (bypassing Xcode export entirely) Stripping all signatures and re-signing from scratch Different provisioning profiles (freshly generated) Comparison with official WireGuard app: I noticed the official WireGuard macOS app (which works with Developer ID) uses packet-tunnel-provider (without -systemextension suffix) in its entitlements. My app uses packet-tunnel-provider-systemextension. However, I cannot switch to the non-systemextension variant because the provisioning profiles from Apple Developer portal always include the -systemextension variants when "Network Extensions" capability is enabled, and AMFI rejects the mismatch. Questions: Is there a known issue with packet-tunnel-provider-systemextension entitlement + PlugIn-based Network Extension + Developer ID signing? Should the extension be using packet-tunnel-provider (without -systemextension) for Developer ID distribution? If so, how do I get a provisioning profile that allows it? The "Signature check failed" happens after taskgated-helper approves the profile — what additional code requirement check is the NE framework performing, and how can I satisfy it? Any guidance would be appreciated. I've exhausted all signing approaches I can think of.

I regularly see folks struggle to debug their Network Extension providers. For an app, and indeed various app extensions, debugging is as simple as choosing Product > Run in Xcode. That’s not the case with a Network Extension provider, so I thought I’d collect together some hints and tips to help you get started. If you have any comments or questions, create a new thread here on DevForums. Put it in the App & System Services > Networking and tag it with Network Extension. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Debugging a Network Extension Provider Debugging a Network Extension provider presents some challenges; its not as simple as choosing Product > Run in Xcode. Rather, you have to run the extension first and then choose Debug > Attach to Process. Attaching is simple, it’s the running part that causes all the problems. When you first start out it can be a challenge to get your extension to run at all. Add a First Light Log Point The first step is to check whether the system is actually starting your extension. My advice is to add a first light log point, a log point on the first line of code that you control. The exact mechanics of this depend on your development, your deployment target, and your NE provider’s packaging. In all cases, however, I recommend that you log to the system log. The system log has a bunch of cool features. If you’re curious, see Your Friend the System Log. The key advantage is that your log entries are mixed in with system log entries, which makes it easier to see what else is going on when your extension loads, or fails to load. IMPORTANT Use a unique subsystem and category for your log entries. This makes it easier to find them in the system log. For more information about Network Extension packaging options, see TN3134 Network Extension provider deployment. Logging in Swift If you’re using Swift, the best logging API depends on your deployment target. On modern systems — macOS 11 and later, iOS 14 and later, and aligned OS releases — it’s best to use the Logger API, which is shiny and new and super Swift friendly. For example: let log = Logger(subsystem: "com.example.galactic-mega-builds", category: "earth") let client = "The Mice" let answer = 42 log.log(level: .debug, "run complete, client: \(client), answer: \(answer, privacy: .private)") If you support older systems, use the older, more C-like API: let log = OSLog(subsystem: "com.example.galactic-mega-builds", category: "earth") let client = "The Mice" let answer = 42 os_log(.debug, log: log, "run complete, client: %@, answer: %{private}d", client as NSString, answer) Logging in C If you prefer a C-based language, life is simpler because you only have one choice: #import <os/log.h> os_log_t log = os_log_create("com.example.galactic-mega-builds", "earth"); const char * client = "The Mice"; int answer = 42; os_log_debug(log, "run complete, client: %s, answer: %{private}d", client, answer); Add a First Light Log Point to Your App Extension If your Network Extension provider is packaged as an app extension, the best place for your first light log point is an override of the provider’s initialiser. There are a variety of ways you could structure this but here’s one possibility: import NetworkExtension import os.log class PacketTunnelProvider: NEPacketTunnelProvider { static let log = Logger(subsystem: "com.example.myvpnapp", category: "packet-tunnel") override init() { self.log = Self.log log.log(level: .debug, "first light") super.init() } let log: Logger … rest of your code here … } This uses a Swift static property to ensure that the log is constructed in a race-free manner, something that’s handy for all sorts of reasons. It’s possible for your code to run before this initialiser — for example, if you have a C++ static constructor — but that’s something that’s best to avoid. Add a First Light Log Point to Your System Extension If your Network Extension provider is packaged as a system extension, add your first light log point to main.swift. Here’s one way you might structure that: import NetworkExtension func main() -> Never { autoreleasepool { let log = PacketTunnelProvider.log log.log(level: .debug, "first light") NEProvider.startSystemExtensionMode() } dispatchMain() } main() See how the main function gets the log object from the static property on PacketTunnelProvider. I told you that’d come in handy (-: Again, it’s possible for your code to run before this but, again, that’s something that’s best to avoid. App Extension Hints Both iOS and macOS allow you to package your Network Extension provider as an app extension. On iOS this is super reliable. I’ve never seen any weirdness there. That’s not true on macOS. macOS lets the user put apps anywhere; they don’t have to be placed in the Applications directory. macOS maintains a database, the Launch Services database, of all the apps it knows about and their capabilities. The app extension infrastructure uses that database to find and load app extensions. It’s not uncommon for this database to get confused, which prevents Network Extension from loading your provider’s app extension. This is particularly common on developer machines, where you are building and rebuilding your app over and over again. The best way to avoid problems is to have a single copy of your app extension’s container app on the system. So, while you’re developing your app extension, delete any other copies of your app that might be lying around. If you run into problems you may be able to fix them using: lsregister, to interrogate and manipulate the Launch Services database pluginkit, to interrogate and manipulate the app extension state [1] IMPORTANT Both of these tools are for debugging only; they are not considered API. Also, lsregister is not on the default path; find it at /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister. For more details about pluginkit, see the pluginkit man page. When debugging a Network Extension provider, add buttons to make it easy to save and remove your provider’s configuration. For example, if you’re working on a packet tunnel provider you might add: A Save Config button that calls the saveToPreferences(completionHandler:) method to save the tunnel configuration you want to test with A Remove Config button that calls the removeFromPreferences(completionHandler:) method to remove your tunnel configuration These come in handy when you want to start again from scratch. Just click Remove Config and then Save Config and you’ve wiped the slate clean. You don’t have to leave these buttons in your final product, but it’s good to have them during bring up. [1] This tool is named after the PluginKit framework, a private framework used to load this type of app extension. It’s distinct from the ExtensionKit framework which is a new, public API for managing extensions. System Extension Hints macOS allows you to package your Network Extension provider as a system extension. For this to work the container app must be in the Applications directory [1]. Copying it across each time you rebuild your app is a chore. To avoid that, add a Build post-action script: Select your app’s scheme and choose Product > Scheme > Edit Scheme. On the left, select Build. Click the chevron to disclose all the options. Select Post-actions. In the main area, click the add (+) button and select New Run Script Action. In the “Provide build settings from” popup, select your app target. In the script field, enter this script: ditto "${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}" "/Applications/${FULL_PRODUCT_NAME}" Now, each time you build your app, this script will copy it to the Applications directory. Build your app now, both to confirm that this works and to enable the next step. The next issue you’ll find is that choosing Product > Run runs the app from the build products directory rather than the Applications directory. To fix that: Edit your app’s scheme again. On the left, select Run. In the main area, select the Info tab. From the Executable popup, choose Other. Select the copy of your app in the Applications directory. Now, when you choose Product > Run, Xcode will run that copy rather than the one in the build products directory. Neat-o! For your system extension to run your container app must activate it. As with the Save Config and Remote Config buttons described earlier, it’s good to add easy-to-access buttons to activate and deactivate your system extension. With an app extension the system automatically terminates your extension process when you rebuild it. This is not the case with a system extension; you’ll have to deactivate and then reactivate it each time. Each activation must be approved in System Settings > Privacy & Security. To make that easier, leave System Settings running all the time. This debug cycle leaves deactivated but not removed system extensions installed on your system. These go away when you restart, so do that from time to time. Once a day is just fine. macOS includes a tool, systemextensionctl, to interrogate and manipulate system extension state. The workflow described above does not require that you use it, but it’s good to keep in mind. Its man page is largely content free so run the tool with no arguments to get help. [1] Unless you disable System Integrity Protection, but who wants to do that? You Can Attach with the Debugger Once your extension is running, attach with the debugger using one of two commands: To attach to an app extension, choose Debug > Attach to Process > YourAppExName. To attach to a system extension, choose Debug > Attach to Process by PID or Name. Make sure to select Debug Process As root. System extensions run as root so the attach will fail if you select Debug Process As Me. But Should You? Debugging networking code with a debugger is less than ideal because it’s common for in-progress network requests to time out while you’re stopped in the debugger. Debugging Network Extension providers this way is especially tricky because of the extra steps you have to take to get your provider running. So, while you can attach with the debugger, and that’s a great option in some cases, it’s often better not to do that. Rather, consider the following approach: Write the core logic of your provider so that you can unit test each subsystem outside of the provider. This may require some scaffolding but the time you take to set that up will pay off once you encounter your first gnarly problem. Add good logging to your provider to help debug problems that show up during integration testing. I recommend that you treat your logging as a feature of your product. Carefully consider where to add log points and at what level to log. Check this logging code into your source code repository and ship it — or at least the bulk of it — as part of your final product. This logging will be super helpful when it comes to debugging problems that only show up in the field. Remember that, when using the system log, log points that are present but don’t actually log anything are very cheap. In most cases it’s fine to leave these in your final product. Now go back and read Your Friend the System Log because it’s full of useful hints and tips on how to use the system log to debug the really hard problems. General Hints and Tips Install the Network Diagnostics and VPN (Network Extension) profiles [1] on your test device. These enable more logging and, most critically, the recording of private data. For more info about that last point, see… you guessed it… Your Friend the System Log. Get these profiles from our Bug Reporting > Profiles and Logs page. When you’re bringing up a Network Extension provider, do your initial testing with a tiny test app. I regularly see folks start out by running Safari and that’s less than ideal. Safari is a huge app with lots of complexity, so if things go wrong it’s hard to tell where to look. I usually create a small test app to use during bring up. The exact function of this test app varies by provider type. For example: If I’m building a packet tunnel provider, I might have a test function that makes an outgoing TCP connection to an IP address. Once I get that working I add another function that makes an outgoing TCP connection to a DNS name. Then I start testing UDP. And so on. Similarly for a content filter, but then it makes sense to add a test that runs a request using URLSession and another one to bring up a WKWebView. If I’m building a DNS proxy provider, my test app might use CFHost to run a simple name-to-address query. Also, consider doing your bring up on the Mac even if your final target is iOS. macOS has a bunch of handy tools for debugging networking issues, including: dig for DNS queries nc for TCP and UDP connections netstat to display the state of the networking stack tcpdump for recording a packet trace [2] Read their respective man pages for all the details. On the other hand, the build / run / debug cycle is simpler on iOS than it is on macOS, especially when you’re building a system extension on macOS. Even if your ultimate goal is to build a macOS-only system extension, if your provider type supports app extension packaging then you should consider whether it makes sense to adopt that packaging just for to speed up your development. If you do decide to try this, be aware that a packaging change can affect your code. See Network Extension Provider Packaging for more on that. [1] The latter is not a profile on macOS, but just a set of instructions. [2] You can use an RVI packet trace on iOS but it’s an extra setup step. Revision History 2026-04-01 Added a suggestion about provider packaging to the General Hints and Tips section. 2023-12-15 Fixed a particularly egregious typo (and spelling error in a section title, no less!). 2023-04-02 Fixed one of the steps in Sytem Extension Hints.

I’m encountering a persistent issue with my Network Extension (specifically NEFilterDataProvider) and would really appreciate any insights. The extension generally works as expected, but after some time — especially after sleep/wake cycles or network changes — a global network outage occurs. During this state, no network traffic works: pings fail, browsers can’t load pages, etc. As soon as I stop the extension (by disabling it in System Preferences), the network immediately recovers. If I re-enable it, the outage returns instantly. I’ve also noticed that once this happens, the extension stops receiving callbacks like handleNewFlow(), and reinstalling the app or restarting the extension doesn’t help. The only thing that resolves the issue is rebooting the system. After reboot, the extension works fine again — until the problem reoccurs later. I asked AI about this behavior, and it suggested the possibility that the kernel might have marked the extension as untrusted, causing the system to intentionally block all network traffic as a safety mechanism. Has anyone experienced similar behavior with NEFilterDataProvider? Could there be a way to detect or prevent this state without rebooting? Is there any logging or diagnostic data I should collect when it happens again? Any guidance or pointers would be greatly appreciated. Thanks in advance!

I'm experiencing an issue where the App Group shared container appears to be recreated (with a new creation date) during an app update, resulting in complete loss of locally stored data. Background My app uses UserDefaults, Realm, Core Data, and CloudKit, with all local data stored in the App Group container (FileManager.containerURL(forSecurityApplicationGroupIdentifier:)). The app has been available since 2016 and has a stable user base. Starting last year, I began receiving occasional reports from users saying all their data in the app had disappeared. To investigate, I added diagnostic logging that detects when an existing user's data appears to have been reset — specifically by checking the App Group container's file system creation date, and the existence and values of expected files. What the diagnostics revealed When the issue occurs, I observe the following: The App Group container has a recent creation date, far newer than the user's first launch date The Core Data store file's creation date is also immediately after the App Group container's recreation date I write the same values to both standard UserDefaults and the App Group version (UserDefaults(suiteName:)). Only the App Group version is reset — the standard side retains historical data The standard side still holds firstLaunchDate, initialVersion, and launchCount, confirming this is not a fresh install Here is a sample diagnostic log from an affected user: appGroupContainerCreationDate: 2026-03-30T18:44:10Z firstLaunchDate: 2025/01/05 4:00 initialVersion: 10.8.0 currentAppVersion: 10.14.14 previousVersion: 10.10.0 launchCount: 44 availableStorageMB: 46646 The container creation date (2026-03-30) is clearly inconsistent with the user's first launch date (2025-01-05) and launch count (44). The container creation date is obtained with the following code: let appGroupURL = FileManager.default.containerURL( forSecurityApplicationGroupIdentifier: "group.xxx.xxx" )! let attributes = try? FileManager.default.attributesOfItem(atPath: appGroupURL.path) let containerCreationDate = attributes?[.creationDate] as? Date Scale and pattern Reports began increasing in late November last year Over 85% of affected cases are on iOS 26 Most affected devices have plenty of available storage (46GB+ in the example above) This is likely occurring during a normal app update (not a fresh install or device restore) Ruled-out hypotheses Not a fresh install — firstLaunchDate, initialVersion, and launchCount are preserved in standard UserDefaults Not a storage issue — affected users typically have tens of GBs of free space, making it unlikely that iOS purged the data due to low storage Not an app-side code change — the App Group identifier and entitlements have not been changed Not triggered by silent notifications, background tasks, or widget activity — these processes do write to the App Group container, but the recreation does not appear to occur immediately after any of these operations Questions Has anyone else observed App Group containers being recreated (new creation date, empty contents) during a standard app update? Is there a known iOS behavior or bug that could cause this, particularly on iOS 26? Are there any recommended mitigations? Any insight would be greatly appreciated. This is a data loss issue affecting real users, and I'd like to understand whether this is an iOS-level problem or something I should be handling differently on my end.

I'm encountering a null pointer dereference crash pointing to the internals of CFNetwork library code on iOS. I'm spawning URLSessionTasks at a decently fast rate (~1-5 per second), with the goal being to generate application layer network traffic. I can reliably encounter this crash pointing to NetConnection::dequeue right after a new task has been spawned and had the resume method called. I suspect that this is perhaps a race condition or some delegate/session object lifecycle bug. The crash appears to be more easily reproduced with a higher rate of spawning URLSessionTasks. I've included the JSON crash file, the lldb stack trace, and the source code of my URLSession(Task) usage. urlsession_stuff_stacktrace.txt urlsession_stuff_source.txt urlsession_crash_report.txt

We probably triggered a bug within Rosetta: https://github.com/docker/desktop-feedback/issues/230

I am facing an intermittent problem where iPhones are failing to pair/connect with Xcode under Xcode -> Windows -> Devices and Simulators. This happens when more than one web content filters are present, for instance, I have my web content filter (FilterSockets true, FilterGrade Firewall) and there is also Sentinel One web content filter with same configuration. Note: We are not blocking any flow from remoted / remotepairingd / core device service / MDRemoteServiceSupport etc processes. But they do get paused and resumed at times for our internal traffic verification logic. So, we are trying to understand what impact our content filter may be having on this iPhone Pairing?? If we stop either one of the filters the problem goes away. I have tracked the network traffic to the phone, and it seems to be using a ethernet interface (en5/en10) over the USB-C cable. I can see endpoints like this: localEndpoint = fe80::7:afff:fea1:edb8%en5.54442 remoteEndpoint = fe80::7:afff:fea1:ed47%en5.49813 I also see remoted process has the below ports open : sudo lsof -nP -iTCP -iUDP | grep remoted remoted 376 root 4u IPv6 0xce4a89bddba37bce 0t0 TCP [fe80:15::7:afff:fea1:edb8]:57395->[fe80:15::7:afff:fea1:ed47]:58783 (ESTABLISHED) remoted 376 root 6u IPv6 0xf20811f6922613c7 0t0 TCP [fe80:15::7:afff:fea1:edb8]:57396 (LISTEN) remoted 376 root 7u IPv6 0x2c393a52251fcc56 0t0 TCP [fe80:15::7:afff:fea1:edb8]:57397 (LISTEN) remoted 376 root 8u IPv6 0xcb9c311b0ec1d6a0 0t0 TCP [fd6e:8a96:a57d::2]:57398 (LISTEN) remoted 376 root 9u IPv6 0xc582859e0623fe4e 0t0 TCP [fd6e:8a96:a57d::2]:57399 (LISTEN) remoted 376 root 10u IPv6 0x2f7d9cee24a44c5b 0t0 TCP [fd6e:8a96:a57d::2]:57400->[fd6e:8a96:a57d::1]:60448 (ESTABLISHED) remoted 376 root 11u IPv6 0xbdb7003643659de 0t0 TCP [fd07:2e7e:2a83::2]:57419 (LISTEN) remoted 376 root 12u IPv6 0x569a5b649ff8f957 0t0 TCP [fd07:2e7e:2a83::2]:57420 (LISTEN) remoted 376 root 13u IPv6 0xa034657978a7da29 0t0 TCP [fd07:2e7e:2a83::2]:57421->[fd07:2e7e:2a83::1]:61729 (ESTABLISHED) But due to the dynamic nature of port and IPs used we are not able to decide on an effective early bypass NEFilterRule. We don't want to use a very broad bypass criteria like all link local IPs etc. Any help will be greatly appreciated.