We are not seeing any traffic from iOS to App-Proxy extension. We have a Safari domains specified in the per App App Proxy VPN configuration which is pushed to our device. When we tap on the safari and start loading one of these domains, safari will not load any websites with these domains. But if we load any other websites with any other domain, the websites are loaded properly. But the same behavior works fine and app receives traffic on iOS 17.5.1 and older iOS versions. The issue is observed only on iOS 18 Beta versions.

I am using the SIMInserted API on Xcode 16 beta. However, when I checked with a SIM card inserted, it returned "No". [Enviroment] Xcode：16beta iOS：18beta1,18beta2 [The modified implementation area is as follows] 1.Add "CarrierDescriptors" to the plist. <key>CarrierDescriptors</key> <array> <dict> <key>MCC</key> <string>440</string> <key>MNC</key> <string>10</string> </dict> </array> 2.Add "SIM Inserted for Wireless Carriers" to the capabilities. <key>com.apple.developer.coretelephony.sim-inserted</key> <true/> 3.In case of iOS 18 and above, perform SIM detection using "isSIMInserted" of CTSubscriber. - (BOOL)isSIMInseted { if(@available(iOS 18.0,*)){ CTSubscriber* ctSubscriber = [CTSubscriber new]; return = ctSubscriber.isSIMInserted; } return NO; } Is there any mistake in the implementation steps you provided? Why is it not possible to retrieve the desired information with this implementation? Please assistant me.

I regularly get asked questions about local network privacy. This is my attempt to collect together the answers for the benefit of all. Before you delve into the details, familiarise yourself with the basics by watching WWDC 2020 Session 10110 Support local network privacy in your app. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Local Network Privacy FAQ With local network privacy, any app that wants to interact with devices on your network must ask for permission the first time that it attempts that access. Local network privacy is implemented on iOS, iPadOS, visionOS, and macOS. It’s not implemented on other platforms, most notably tvOS. IMPORTANT macOS 15 (currently in beta) introduced local network privacy support to the Mac. WWDC 2024 Session 10123 What’s new in privacy is the official announcement. This works much like it does on iOS, but there are some subtle differences. I’ll update this FAQ as I gain more experience with this change. Some common questions about local network privacy are: FAQ-1 What is a local network? FAQ-2 What operations require local network access? FAQ-3 What operations require the multicast entitlement? FAQ-4 Do I need the multicast entitlement? FAQ-5 I’ve been granted the multicast entitlement; how do I enable it? FAQ-6 Can App Clips access the local network? FAQ-7 How does local network privacy work with app extensions? FAQ-8 How do I explicitly trigger the local network privacy alert? FAQ-9 How do I tell whether I’ve been granted local network access? FAQ-10 How do I use the unsatisfied reason property? FAQ-11 Do I need a local network usage description property? FAQ-12 Can I test on the simulator? FAQ-13 Once my app has displayed the local network privacy alert, how can I reset its state so that it shows again? FAQ-14 How do I map my Multipeer Connectivity service type to an entry in the Bonjour services property? FAQ-15 My app presents the local network privacy alert unexpectedly. Is there a way to track down the cause? FAQ-16 On a small fraction of devices my app fails to present the local network privacy alert. What’s going on? FAQ-17 Why does local network privacy get confused when I install two variants of my app? FAQ-18 Can my app trigger the local network privacy alert when the device is on WWAN? Revision History 2024-07-22 Added a callout explaining that local network privacy is now an issue on macOS. 2023-10-31 Fixed a bug in the top-level FAQ that mistakenly removed some recent changes. Added FAQ-18. 2023-10-19 Added a preamble to clarify that local network privacy is only relevant on specific platforms. 2023-09-14 Added FAQ-17. 2023-08-29 Added FAQ-16. 2023-03-13 Added connecting a UDP socket to FAQ-2. 2022-10-04 Added screen shots to FAQ-11. 2022-09-22 Fixed the pointer from FAQ-9 to FAQ-10. 2022-09-19 Updated FAQ-3 to cover iOS 16 changes. Made other minor editorial changes. 2020-11-12 Made a minor tweak to FAQ-9. 2020-10-17 Added FAQ-15. Added a second suggestion to FAQ-13. 2020-10-16 First posted.

I am developing an app which heavily relies on TCP device to device connections in the local network. The devices (multiple iPhones 13) are connected through a common consumer wifi router and act as server and client simultaneously. My problem is that 2 out of 3 iPhones can't establish outgoing TCP connections. However, they can act as server and accept incoming connections. All devices have the same iOS version (17.5.1) and access to Local Network is granted in the Privacy & Security settings. All devices have IPs in the range 192.168.x.x and the correct subnet is set. Safari can connect to IPs in the local network but not my app. The wifi network does not provide access to internet. Mobile data is turned off on all devices. As the error is happening out in the field, I cannot reproduce it under controlled conditions. What settings (beside not granting access to Local Network) may block outgoing connections to local IPs? What configurations of the app (e.g. entries in Info.plist) may result in or fix this behaviour?

Hi all, I'm working on deploying a VPN for users of our enterprise app, using the built-in IKEv2 provider (configured either by a configuration profile or an app). I'm struggling to get the user experience right and was curious to hear if the behaviors I'm observing have been seen by other developers. The main behavior I am observing is that the client tends to randomly disconnect, and it does not attempt to reconnect. This is particularly problematic when paired with the includeAllNetworks option. Paired with includeAllNetworks: The device does not attempt to reconnect the tunnel Once the tunnel disconnects, onDemandRules don't seem to evaluate. Even if a NEOnDemandRuleConnect rule matches the current network, the connection does not reestablish. All network traffic remains blocked on both WiFi and Cellular (rendering any network-dependent app unusable) until the user intervenes and toggles the connection in the Settings app This seems like a problematic user experience and I would be surprised if this is by design. As for the disconnects themselves, I have had a hard time correlating them to any particular network condition or protocol behavior. I've seen a connection drop after as little as 10 minutes and stay up for over 16 hours (including while the device roamed from WiFi to Cellular networks and in and out of connectivity). We confirmed with server logs that the clients were able to successfully re-key both the IKE SA and CHILD SAs. I had difficulty retrieving system logs from iOS, but on macOS I was able to observe this error from NEIKEv2Provider that lined up with one of the disconnect events: "Internal: Initiate MOBIKE failed to migrate child SAs" (server logs showed a successful rekey exchange at the same time). Thanks, Lucas

Hi, I'm new to swift programming and right now writing an app for esp8266-controlled lamp device. My lamp is broadcasting it's own IP through bonjour. So all I want is to discover any lamps in my network (http.tcp) and to read name and value. Is there any example of such implementation? All I found so far is old or a lit bit complicated for such simple question. Thanks in advance!

My requirement is to create a App and all the traffic from this App will be forwarded to relay servers(only implement socks5 protocol), the relay server then forward the traffic to the destination server. I have tried the two plans below: A. I tried the NEAppProxyProvider but it seemed to work only under MDM, MDM looks like very complex , so I gave it up. Actually this way is more appropraite for me. B. the other way is NEPacketTunnelProvider. I have figured out a common solution, steps: config the routes for NEPacketTunnelProvider get the fd from packetFlow start a tun2socks service to forward the traffic from the fd。 Sadly the way gettting the traffic from the fd is not recommened by apple official. so the only way to deal with the traffic is handling the packets. may be steps: parse the packet modify the packet write the packet back ... it seems even more complex than plan A,Besides, we have multiple relay servers, if there is a whole request we can make sure all this request data is forwarded by a same relay server, But if there is a packet, may be god can tell which relay server it should go to. We have implemented the same functionality in Android devices. can you help me to find out which way is better in iOS devices? I will be appreciated if you can provide more advice. Thanks.

I have an application that enables recording video from multiple iPhones through an iPad. It uses Multipeer Connectivity for all the device communication. When the user presses record on the iPad, it sends a command to each device in parallel and they start capturing video. But since network latency varies, I cannot guarantee that the recording start and stop times are consistent among all the iPhones. I need the frames to be exactly in sync. I tried using the system clock on each device for synchronizing the videos. If all the device system clocks were in sync within 3ms (30 frames per second), then it should be okay. But I tested and the clocks vary quite a bit, multiple seconds. So that won't work. I ultimately solved the problem by having a countdown timer on the iPad. The user puts the iPad in view of each phone with the countdown. Then later I use a python script to cut all the videos when the countdown timer goes to 0. But that's more work for the end user and requires manual work on our end. With a little ML text recognition, this could get better. Some people have suggested using a time server and syncing the clocks that way. I still haven't tried this out, and I'm not sure if it's even possible to run a NTP server on an iPad, and whether the NTP resolution will be below 3ms. I tried out Final Cut Camera and it has solved the synchronization problem. Each frame is in sync. The phones don't start and stop at exactly the same time, and they account for this by adding black frames to the front and/or back of videos to account for differences. I've searched online and other people have the same problem. I'd love to know how Apple was able to solve the synchronization issue when recording video from multiple iPhones from an iPad over what I assume is Multipeer Connectivity.

I have a project with two processes: a UI app (non root) and a system extension (root). The XPC communication between them is functioning correctly. Now, I want to add another process for a different task. I created a new XPC target (HelperProcess) in Xcode and set up an XPC connection between the UI process and this new HelperProcess, which works fine. However, when I try to establish an XPC connection between the HelperProcess and the system extension, it fails. I used the same steps I did to set up the XPC connection between the HelperProcess and the UI process. Specifically, I am using initWithServiceName: to identify the process for communication, but this approach only fails for the system extension and not for the UI part.

We have a product which uses a Network Extension (a socket filter and a packet content filter). The application contains the network extension, as well as an un-sandboxed LaunchDaemon which connects to the service at the NEMachServiceName. Occasionally, usually after an upgrade where the system extension is swapped for the new version, our un-sandboxed process isn't able to contact the network extension. From the logging, we receive the following XPC error (libxpc.dylib) [com.apple.xpc:connection] [0x7fd6d0307f40] failed to do a bootstrap look-up: xpc_error=[3: No such process] in the unsandboxed process. Eventually, we receive an invalidated callback on the XPC connection with the error Couldn’t communicate with a helper application.. We have confirmed that an appropriate service is running via the launchctl command, and the network extension process appears to have initialised correctly. We don't see any indication of a received connection at the Network Extension process however (probably not surprising given the error). Once a system enters this state, repeated attempts to connect are unsuccessful and continue to produce the same error. We've also confirmed that there are no XPC codec exceptions apparent that might cause the connection to fail. I'm at a bit of a loss to explain why this failure might be occurring, other than a problem in the bootstrap/launchd being able to find the appropriate service. Is there possibly some problem with unsandboxed processes accessing the sandboxed network extension via XPC? They are both provisioned in an app group together. Is there possibly some issue where attempting to connect at a critical point during network extension installation causes it to become inaccessible? We've observed this specifically on macOS 14.5 (23F79), however this is something we've noticed on other versions of macOS and our code. The problem isn't systematic, and systems end up in this state only occasionally. We do seem to find some customers have more instances of this problems than others, but we haven't been successful at teasing out any common thread that might explain why.

Hi everyone! I'm developing a smart shutter motor control application for a custom electric shutter motor. I'm creating the application in MAUI using Visual Studio Code. Almost everything works except for the initial setup of the motor, during which the phone needs to connect to the shutter motor's AP and send about 500 bytes via TCP socket. The TCP socket solution works when I upload the application with HOT RELOAD, but it doesn't work when I distribute it via TestFlight. I've tried using both the TcpClient class and the Socket class, but neither works under TestFlight. iOS 17.5.1 .net 8 It works on android, windows... Do you have any ideas? Thank you in advance.

Is there any cause that would make this happen? We all know that Apple does not provide any API to disconnect cellular data.

Hello, I am trying to apply ProxyConfiguration on the WebKit webview. I referred to the following sources: https://forums.developer.apple.com/forums/thread/110312 and https://developer.apple.com/videos/play/wwdc2023/10002/ import WebKit class WebKitViewModel: ObservableObject { let webView: WKWebView @Published var urlString: String = "https://example.com" init() { webView = WKWebView(frame: .zero) } func loadUrl() { guard let url = URL(string: urlString) else { return } var request = URLRequest(url: url) let endpoint = NWEndpoint.hostPort(host: "127.0.0.1", port: 9077) let proxyConfig = ProxyConfiguration.init(httpCONNECTProxy: endpoint) let websiteDataStore = WKWebsiteDataStore.default() websiteDataStore.proxyConfigurations = [proxyConfig] webView.configuration.websiteDataStore = websiteDataStore webView.load(request) } } However, this configuration only works for HTTP proxies. When I try to use an HTTPS proxy, it does not work. When I use NWConnection to connect to the proxy, it works successfully: import Foundation import Network public class HTTPProxy { private let proxyHost: NWEndpoint.Host private let proxyPort: NWEndpoint.Port private var connection: NWConnection? public init(proxyHost: String, proxyPort: UInt16) { self.proxyHost = NWEndpoint.Host(proxyHost) self.proxyPort = NWEndpoint.Port(rawValue: proxyPort)! } public func sendHTTPRequest(completion: @escaping (Result<String, Error>) -> Void) { let tlsOptions = NWProtocolTLS.Options() let parameters = NWParameters(tls: tlsOptions) connection = NWConnection(host: proxyHost, port: proxyPort, using: parameters) connection?.stateUpdateHandler = { [weak self] state in switch state { case .ready: self?.sendConnectRequest(completion: completion) case .failed(let error): completion(.failure(error)) default: break } } connection?.start(queue: .global()) } private func sendConnectRequest(completion: @escaping (Result<String, Error>) -> Void) { guard let connection = connection else { completion(.failure(NSError(domain: "Connection not available", code: -1, userInfo: nil))) return } let username = "xxxx" let password = "xxxx" let credentials = "\(username):\(password)" guard let credentialsData = credentials.data(using: .utf8) else { print("Error encoding credentials") fatalError() } let base64Credentials = credentialsData.base64EncodedString() let proxyAuthorization = "Basic \(base64Credentials)" let connectString = "CONNECT api.ipify.org:80 HTTP/1.1\r\n" + "Host: api.ipify.org:80\r\n" + "Proxy-Authorization: \(proxyAuthorization)\r\n" + "Connection: keep-alive\r\n" + "\r\n" if let connectData = connectString.data(using: .utf8) { connection.send(content: connectData, completion: .contentProcessed { error in if let error = error { completion(.failure(error)) } else { self.receiveConnectResponse(completion: completion) } }) } } private func receiveConnectResponse(completion: @escaping (Result<String, Error>) -> Void) { connection?.receive(minimumIncompleteLength: 1, maximumLength: 65536) { data, context, isComplete, error in if let data = data, let responseString = String(data: data, encoding: .utf8) { if responseString.contains("200 OK") { self.sendRequest(completion: completion) } else { completion(.failure(NSError(domain: "Failed to establish connection", code: -1, userInfo: nil))) } } else if let error = error { completion(.failure(error)) } } } private func sendRequest(completion: @escaping (Result<String, Error>) -> Void) { guard let connection = connection else { completion(.failure(NSError(domain: "Connection not available", code: -1, userInfo: nil))) return } let requestString = "GET /?format=json HTTP/1.1\r\n" + "Host: api.ipify.org\r\n" + // "Proxy-Authorization: Basic xxxxxxxx\r\n" + "Connection: keep-alive\r\n" + "\r\n" print("Sending HTTP request:\n\(requestString)") if let requestData = requestString.data(using: .utf8) { connection.send(content: requestData, completion: .contentProcessed { error in if let error = error { completion(.failure(error)) } else { self.receiveResponse(completion: completion) } }) } } private func receiveResponse(completion: @escaping (Result<String, Error>) -> Void) { connection?.receive(minimumIncompleteLength: 1, maximumLength: 65536) { data, context, isComplete, error in if let data = data, !data.isEmpty { print ("Data: \(data)") if let responseString = String(data: data, encoding: .utf8) { print("Received response:\n\(responseString)") completion(.success(responseString)) } else { completion(.failure(NSError(domain: "Invalid response data", code: -1, userInfo: nil))) } } else if let error = error { completion(.failure(error)) } if isComplete { self.connection?.cancel() self.connection = nil } else { self.receiveResponse(completion: completion) } } } } This approach works for connecting to the proxy, but it does not help with configuring the proxy for WebKit. Could someone please assist me in configuring a proxy for WebKit WebView to work with HTTPS proxies? Thank you!

HI, I have Mac Sequoia Beta3. I installed Content Filer network extension which is same as https://developer.apple.com/documentation/networkextension/filtering_network_traffic in my machine. When I try to connect a machine through "ssh", NEFilterFlow.description in handleNewFlow(_ flow: NEFilterFlow) is showing "sourceAppIdentifier" (process name) as "Terminal" instead of "ssh". But other Mac OS versions, it is showing as "ssh". Is there any issue with Sequoia Beta3? or Is this expected? Thanks

Using NWBrowser and NWListener I'm trying to send a small package of data from the listener/server to the device. However the device never receives the actual bytes. It either: gets stuck the preparing state the connection gets reset the data is null and is marked as isComplete = true The only way I can get the device to receive the data is by calling cancel on the NWConnection on the server/NWListener end. Here is some sample code I am working with: https://github.com/leogdion/JustBonjour/tree/nwlistener Is this expected behavior that cancel is required?

Hi Team, We are trying to set MDM with NETransparentProxyManager to auto-approve the proxy, but it did not work. We have tried the below Apple document for NETransparentProxyManager. https://developer.apple.com/documentation/devicemanagement/vpn/transparentproxy. Attached is the config file. ApplicationProxy.VPN.mobileconfg.txt could you please suggest how to configure NETransparentProxyManager via MDM?

I'm very interested in whether it works and, if so, how the system decides to enable or not TFO when working with the network using URLSession. I didn't find any information in the documentation. For example, for NWConnection we need to manually add additional option: /* Allow fast open on the connection parameters */ parameters.allowFastOpen = true let connection = NWConnection(to: endpoint, using: parameters) /* Call send with idempotent initial data before starting the connection */ connection.send(content: initialData, completion: .idempotent) connection.start(queue: myQueue)

I am applying for the NEHotspot API Entitlement with the details below, but Apple has rejected it multiple times. Can you help me understand what I am doing wrong? Q. In how many countries are your hotspots located? A - 1 Q. What is the approximate total number of hotspots you manage? A - 1000 Q. Which of the following best explains the relationship between you, the app publisher, and the users of these hotspots? A - These hotspots are free for anyone to use. Hotspot Helper API usage Q. A hotspot helper must claim the hotspot networks that it supports by setting a confidence value of either .low or .high when responding to the .evaluate command. See Figure 1-1 in Hotspot Network Subsystem Programming Guide for more background on this. When the helper claims a network, its display name (kNEHotspotHelperOptionDisplayName) is shown in Settings &amp;gt; Wi-Fi. What value do you intend to use for this? A - BSSID(MAC) Q. When responding to the .authenticate command, you system must interact with your hotspot to instruct it to pass traffic from the device to the wider internet. What network protocols does it use? A - DNS , HTTP Q. Provide any additional details about your usage to help us understand your planned implementation. A - We are implementing the following functionalities in our project: Connect to a Wi-Fi hotspot with a specified SSID. Remove Wi-Fi configurations for specific SSIDs. Initialize a new hotspot configuration with the specified SSID.

My iPhone 6s (iOS 15.0) is the national version of Chinese Mainland, without a sim card I have connected the WiFi of intelligent hardware, which is not connected to the Internet When downloading the app for the first time, the network permission pop-up cannot appear I have tried all the methods that can be found online, including simulating triggering network requests and making socket connections with devices What's even more outrageous is that there is no access option for network requests in the app settings Of course, I know that permission can be triggered when I connect to the Internet, but my usage scenario is not like that I am very grateful for any suggestions.

Is that possible to capture inbound DNS traffic using NEDNSProxyProvider using swift ? I can see the outbound DNS traffic via handleNewUDPFlow. how to get the inbound DNS traffic? I want to see all the DNS response in a macos device