I have checked the storage space of my phone. There is still over a hundred gigabytes of space left. An error occurred when the app was checking the network interface status. The error message is as follows:Error : Error Domain=NSPOSIXErrorDomain Code=28 "No space left on device" UserInfo={_NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <7DB1CBFD-B9BE-422D-9C9A-78D8FC04DC1B>.<76>, _kCFStreamErrorDomainKey=1, _kCFStreamErrorCodeKey=28, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <7DB1CBFD-B9BE-422D-9C9A-78D8FC04DC1B>.<76>" ), _NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: pdp_ip0[lte], ipv4, ipv6, dns, expensive, estimated upload: 65536Bps, uses cell}

We are a Layer 3 VPN provider offering a comprehensive SASE (Secure Access Service Edge) solution that includes TLS inspection, threat protection, granular access control, and secure access to private resources. One of the key challenges we face involves TLS inspection. Many mobile applications, especially on iOS, implement certificate pinning, which causes them to fail when TLS inspection is applied. These apps expect connections to be secured with a specific certificate or trusted certificate authority, and inspection disrupts this trust model. On iOS, the current limitation is that the Packet Tunnel Provider extension does not provide visibility into the originating application (i.e., there is no API to obtain the app’s bundle ID or package name associated with a given network connection). Due to this, we are unable to dynamically determine whether TLS inspection should be bypassed for a particular app. While Apple’s Per-App VPN is one possible solution, it introduces a significant drawback: any applications that are excluded from the VPN configuration are entirely outside the VPN tunnel. This means they do not benefit from any of our SASE features — including secure access to internal resources, DNS/web content filtering, or threat detection. This limits the effectiveness of our solution in environments where both inspection and secure access are critical. We would like to understand whether iOS has any current or planned capabilities to associate a network flow (e.g., a 5-tuple: source IP, destination IP, source port, destination port, and protocol) with the originating app. Such a capability would allow us to programmatically identify certificate-pinned apps and selectively disable TLS inspection without excluding them entirely from the VPN, thereby preserving the full set of SASE protections. Is there any guidance or roadmap update from Apple that addresses this use case?

For our outdoor power supply company that builds public WiFi networks at camping sites, we want to implement the following features in our app: Scan surrounding WiFi networks When detecting specific public WiFi SSIDs, provide users with corresponding passwords Automatically connect to those WiFi networks Regarding the NEHotspotHelper API permission application, when I clicked on https://developer.apple.com/contact/request/network-extension, it redirected me to https://developer.apple.com/unauthorized/. I'm not sure where to properly apply for this permission now.

Sometimes when adding a VPN configuration, it just redirects to the Settings app and doesn’t continue with the rest of the configuration process like prompting for passcode. But it proceeds as normal after the 2nd or 3rd try. This issue is occurring on iOS 18.5 build 22F5068a but it has been a problem over several versions now. Feedback ID: FB17458055

I develop a terminal app with c++. Everything was fin until i upgraded to Sequoia. If i debug my program with Xcode, all requests to a local network like MQTT fails. How can i grant XCODE the privilege to access the local network?

I want to create a NAT64/DNS64 test network as shown here, but I cannot figure out how to do it in the latest versions of MacOS. Is this still available and how can I access the "Create NAT64 Network" checkbox?

I am unable to apply for Multicast Entitlement at https://developer.apple.com/contact/request/networking-multicast The reason for this is unclear. I have paid for a developer account and believe I'm up to date with all agreements.

In our iOS networking related app for the app store (with network extension using packet tunnel provider), we are supposed to read the list of nameservers for the network. We use res_ninit function. This function returns only 3 items (but in reality the network has more dns servers. In my case 5. Some ipv4 and some ipv6) Looking at the header file at iOS 18.2 -> user/include/resolve.h, it shows that the __res_state struct has a maximum limit of 3 for the nsaddr_list array. It seems that the reason the res_ninit function returns only 3 values is because of this. For our code to work correctly, it needs to know all the dns servers, but we only get partial results. Is there any other api that can get us all the dns servers ?

Hi there, I'm having an issue hoping someone could help. We have an iOS app that uses CoreBluetooth to connect to peripherals using the central manager. The app works great - However, when using the same exact central manager for our watchos app, it will attempt to connect, but I never get a callback for either didConnect or didFailToConnect. The watch can connect successfully to other BLE devices, so the watch itself is capable of BLE connectivity. Here's a list of thing's I've tried (unsuccessfully): 1) Added every bluetooth-related entitlement to info.plist Privacy - Bluetooth Always Usage Description Privacy - Bluetooth Peripheral Usage Description Background Modes: App communicates using CoreBluetooth, App shares data using CoreBluetooth 2) Checked for Single-Connection Limits Verified that the iPhone was fully disconnected from the peripheral to ensure the device wasn’t limited to one connection. Attempted to connect on watchOS alone (with iPhone turned off) 3) Tried various options for CBCentralManager, scanForPeripherals, and connect I went through all the keys for various options and tried just setting them, they had no effect CBCentralManagerOptionShowPowerAlertKey, CBConnectPeripheralOptionEnableTransportBridgingKey Item 2 4) Tried .registerForConnectionEvents() 5) Set peripheral's delegate to the central in the didDiscover, stored it in a variable to ensure a strong reference to it I get no warnings either. The last time I ran into something like this, I found out the watchOS blocks TCP sockets. If I print out the CBPeripheralState a few seconds after trying to connect, it shows its stuck on CBPeripheralStateConnecting. Any advice or direction is greatly appreciated Below is the code and various print outs (day 2 into debugging, so it's not pretty) class WatchBLEManager:NSObject,CBCentralManagerDelegate, ObservableObject{ var centralManager: CBCentralManager? @Published var devices : [String:AtomBLEDevice] = [:] private var scanningDevice:AtomBLEDevice? var bleStatus:WatchBLEStatus = .blePoweredOff func startBLE() { centralManager = CBCentralManager(delegate: self, queue: nil,options: [CBCentralManagerOptionShowPowerAlertKey: true]) self.centralManager?.delegate = self } func startScan() { self.centralManager?.scanForPeripherals(withServices: [],options: [CBCentralManagerScanOptionAllowDuplicatesKey : true]) self.centralManager?.delegate = self } func stopScan() { print("stopping scan") self.centralManager?.stopScan() filterName = "" scanningDevice = nil } func centralManagerDidUpdateState(_ central: CBCentralManager) { switch (central.state) { //... other states omitted case .poweredOff: bleStatus = .blePoweredOff // bleStateDelegate?.didBlePoweredOff() for device in devices.values{ device.isConnected = false } print("BLE is Powered Off") case .poweredOn: bleStatus = .blePoweredOn // bleStateDelegate?.didBlePoweredOn() startScan() centralManager?.registerForConnectionEvents() print("Central supports extended scan and connect: ", CBCentralManager.supports(.extendedScanAndConnect)) print("powered on") @unknown default: print("BLE is Unknown") } } private let connectionQueue = DispatchQueue(label: "com.atom.connectionQueue") var connectingTo: String? = nil var peripheral: CBPeripheral? = nil func centralManager(_ central: CBCentralManager, didDiscover peripheral: CBPeripheral, advertisementData: [String : Any], rssi RSSI: NSNumber) { guard let localName = advertisementData[CBAdvertisementDataLocalNameKey] as? String else { return} if localName.contains("Atom") { print("\nConnecting to \(localName)") print("\tAdvertising data: \(advertisementData)") print("\tANCS Authorized: ",peripheral.ancsAuthorized) print("\tServices", peripheral.services, "\n") self.peripheral = peripheral self.peripheral?.delegate = self // central.registerForConnectionEvents() // central.delegate = self peripheral.delegate = self DispatchQueue.main.async { // central.connect(peripheral) self.centralManager?.connect(peripheral, options: [ CBConnectPeripheralOptionEnableTransportBridgingKey: true]) } DispatchQueue.main.asyncAfter(deadline: .now() + 5.0) { print("\tState", String(describing: peripheral.state)) print("Connected Peripherals: \(self.centralManager?.retrieveConnectedPeripherals(withServices: []))") } } } // Never gets called for watchos func centralManager(_ central: CBCentralManager, didConnect peripheral: CBPeripheral) { print("Connected to peripheral: \(peripheral.identifier)") if let atomDevice = getAtomBLEDevice(peripheral: peripheral) { //atomDevice.setPeripheral(perpipheral: <#T##CBPeripheral?#>) atomDevice.isConnected = true atomDevice.isConnecting = false //delegate?.didConnected(atomBLE: atomDevice!) atomDevice.startDiscoveringService() //atomDevice?.delegate?.didConnected(atomBLE: atomDevice!) print("Connected: \(peripheral.name)") } else { print("no matching atom device found for didConnect") print("connected peripheral :",peripheral.identifier.uuidString) } } func centralManager(_ central: CBCentralManager, connectionEventDidOccur event: CBConnectionEvent, for peripheral: CBPeripheral) { print("Connection event: \(event)") } func centralManager(_ central: CBCentralManager, didFailToConnect peripheral: CBPeripheral, error: (any Error)?) { print("Failed to connect: \(error?.localizedDescription)") } func centralManager(_ central: CBCentralManager, didDisconnectPeripheral peripheral: CBPeripheral, error: Error?) { let atomDevice = getAtomBLEDevice(peripheral: peripheral) atomDevice?.isConnected = false print("Peripheral disconnected:\(peripheral.name)") } func clearData() { filterName = "" for device in devices.values{ disconnect(atomBLEDevice: device) device.perpipheral?.delegate = nil } devices = [:] scanningDevice = nil // delegate = nil centralManager = nil } } extension WatchBLEManager: CBPeripheralDelegate { }```

We have a Java application built for macOS. On the first launch, the application prompts the user to allow local network access. We've correctly added the NSLocalNetworkUsageDescription key to the Info.plist, and the provided description appears in the system prompt. After the user grants permission, the application can successfully connect to a local server using its hostname. However, the issue arises after the system is rebooted. When the application is launched again, macOS does not prompt for local network access a second time—which is expected, as the permission was already granted. Despite this, the application is unable to connect to the local server. It appears the previously granted permission is being ignored after a reboot. A temporary workaround is to manually toggle the Local Network permission off and back on via System Settings > Privacy & Security, which restores connectivity—until the next reboot. This behavior is highly disruptive, both for us and for a significant number of our users. We can reproduce this on multiple systems... The issues started from macOS Sequoia 15.0 By opening the application bundle using "Show Package Contents," we can launch the application via "JavaAppLauncher" without any issues. Once started, the application is able to connect to our server over the local network. This seems to bypass the granted permissions? "JavaAppLauncher" is also been used in our Info.plist file Removing the following plist in Recovery Mode seems to resolve the issue rm "/Volumes/Macintosh HD/Library/Preferences/com.apple.networkextension.plist" Is this safe to do?

My code makes an iPhone use the CBCentralManager to talk to devices peripherals over core bluetooth. After attempting a connect to a peripheral device, I get a didConnect callback on CBCentralManagerDelegate. After this I initiate discovery of services using: peripheral.discoverServices([CBUUID(nsuuid: serviceUUID)]) Since I am only interested in discovering my service of interest and not the others to speed up time to the actual sending of data. This also gives me the didDiscoverServices callback without error prints in which I do the following: guard let services = peripheral.services, !services.isEmpty else { print("Empty services") centralManager.cancelPeripheralConnection(peripheral) return } And for next steps if let serviceOfInterest = services.first(where: {$0.uuid == CBUUID(nsuuid: serviceUUID)}) { //double check for service we want initiateDiscoverCharacteristics(peripheral: peripheral, service: serviceOfInterest) } Below is what initiateDiscoverCharacteristics() does. I basically only tries to discover certain characteristics of the selected service: peripheral.discoverCharacteristics( [CBUUID(nsuuid: readUUID), CBUUID(nsuuid: writeUUID)], for: serviceOfInterest) For this also we get the didDiscoverCharacteristicsFor callback without error prints. Here in this callback however we were not doing the serviceOfInterest check to see that we are getting the callback for the service we expect, since our understanding was that we will get didDiscoverCharacteristicsFor callback for the characteristics on the serviceOfInterest because that is what peripheral.discoverCharacteristics() was initiated for. When we go ahead to write some data/subscribe for notify/read data we have 2 guard statements for services and characteristics of a particular service. The first guard below passes: if(peripheral.services == nil) { print("services yet to be discovered \(peripheral.identifier.uuidString)") return } However the second guard below fails: let serviceOfInterest = peripheral.services?.first(where: {$0.uuid == CBUUID(nsuuid: serviceUUID}) if((serviceOfInterest?.characteristics == nil) || (serviceOfInterest?.characteristics == [])) { print("characteristics yet to be discovered \(peripheral.identifier.uuidString)") return } First of all, does the iPhone go ahead and discover other characteristics and services separately even when we explicitly mention the service and the characteristics it should discover? Now if you say yes and that it maybe the reason of our bug because we didn't do a check for serviceOfInterest in didDiscoverCharacteristicsFor callback, then I have another question. Why don't we get a second/third print in didDiscoverCharacteristicsFor callback signifying that more characteristics were discovered? The peripheral device just disconnects after a set timeout (peripheral device used in our testing does this if we are not communicating with it for a certain amount of time). This issue is extremely rare. We have seen it only twice in our customer base. Both the instances were on the same iPhone 15 Pro. Once a few months back and once recently. Currently, this iPhone is having iOS version 18.1.1 running on it.

Hello. I would like to develop an application that sends SSH commands via my phone to the server. I know that applications of this type exist, but they are not suitable for my use as a blind person who uses a screen reader. I hope you can help me find libraries that will assist me in development, or ready-made, open-source projects that I can develop and modify if necessary. Thank you in advance.

On iOS 18.3, I noted that partition "HTTPCookiePropertyKey: StoragePartition" is not observed to be set for cookies returned from the wkwebview cookie store. Now on 18.4 beta 4 we are now seeing those same cookies are populated with a partition property. Is there documentation for this change? Is it intended to be suddenly populated in 18.4? Now that partition property is set, HTTPCookieStorage.shared.cookies(for: serverUri) doesn't seem to return the expected cookies correctly. For context, we are using the cookies extracted from wkwebview, setting them in HTTPCookieStorage.shared and using URLSession to make network calls outside the webivew. Works fine once I forcefully set partition on the cookie to nil. More details on what the cookie looks like here: https://feedbackassistant.apple.com/feedback/16906526 Hopefully this is on your radar?

We have a Java application built for macOS. On the first launch, the application prompts the user to allow local network access. We've correctly added the NSLocalNetworkUsageDescription key to the Info.plist, and the provided description appears in the system prompt. After the user grants permission, the application can successfully connect to a local server using its hostname. However, the issue arises after the system is rebooted. When the application is launched again, macOS does not prompt for local network access a second time—which is expected, as the permission was already granted. Despite this, the application is unable to connect to the local server. It appears the previously granted permission is being ignored after a reboot. A temporary workaround is to manually toggle the Local Network permission off and back on via System Settings > Privacy & Security, which restores connectivity—until the next reboot. This behavior is highly disruptive, both for us and for a significant number of our users. We can reproduce this on multiple systems... The issues started from macOS Sequoia 15.0 By opening the application bundle using "Show Package Contents," we can launch the application via "JavaAppLauncher" without any issues. Once started, the application is able to connect to our server over the local network. This seems to bypass the granted permissions? "JavaAppLauncher" is also been used in our Info.plist file

I am currently developing a custom-protocol VPN application for iOS using PacketTunnelProvider. I have also integrated an HTTP proxy service, which is launched via a dylib. The overall flow is as follows: App -> VPN TUN -> Local HTTP Proxy -> External Network I have a question: I am capturing all traffic, and normally, requests sent out by the HTTP proxy are also captured again by the VPN. However, when I send requests using createUdpSession in my code, they are not being captured by the virtual interface (TUN). What could be the reason for this? override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) { let tunnelNetworkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "192.168.18.0") tunnelNetworkSettings.mtu=1400 let ipv4Settings = NEIPv4Settings(addresses: ["192.169.10.10"], subnetMasks: ["255.255.255.0"]) ipv4Settings.includedRoutes=[NEIPv4Route.default()] ipv4Settings.excludedRoutes = [NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"), NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"), NEIPv4Route(destinationAddress:"127.0.0.0", subnetMask: "255.0.0.0"), ] tunnelNetworkSettings.ipv4Settings = ipv4Settings // Configure proxy settings let proxySettings = NEProxySettings() proxySettings.httpEnabled = true proxySettings.httpServer = NEProxyServer(address: "127.0.0.1", port: 7890) proxySettings.httpsEnabled = true proxySettings.httpsServer = NEProxyServer(address: "127.0.0.1", port: 7890) proxySettings.excludeSimpleHostnames = true proxySettings.exceptionList=["localhost","127.0.0.1"] tunnelNetworkSettings.proxySettings = proxySettings setTunnelNetworkSettings(tunnelNetworkSettings) { [weak self] error in if error != nil { completionHandler(error) return } completionHandler(nil) let stack = TUNInterface(packetFlow: self!.packetFlow) RawScoketFactory.TunnelProvider=self stack.register(stack: UDPDirectStack()) stack.register(stack: TCPDirectStack()) stack.start() } } NWUdpSession.swift // // NWUDPSocket.swift // supervpn // // Created by TobbyQuinn on 2025/2/3. // import Foundation import NetworkExtension import CocoaLumberjack public protocol NWUDPSocketDelegate: AnyObject{ func didReceive(data:Data,from:NWUDPSocket) func didCancel(socket:NWUDPSocket) } public class NWUDPSocket:NSObject{ private let session:NWUDPSession private let timeout:Int private var pendingWriteData: [Data] = [] private var writing = false private let queue:DispatchQueue=QueueFactory.getQueue() public weak var delegate:NWUDPSocketDelegate? public init?(host:String,port:UInt16,timeout:Int=Opt.UDPSocketActiveTimeout){ guard let udpSession = RawScoketFactory.TunnelProvider?.createUDPSession(to: NWHostEndpoint(hostname: host, port: "\(port)"), from: nil) else{ return nil } session = udpSession self.timeout=timeout super.init() session.addObserver(self, forKeyPath: #keyPath(NWUDPSession.state),options: [.new], context: nil) session.setReadHandler({ dataArray, error in self.queueCall{ guard error == nil, let dataArray = dataArray else { print("Error when reading from remote server or connection reset") return } for data in dataArray{ self.delegate?.didReceive(data: data, from: self) } } }, maxDatagrams: 32) } /** Send data to remote. - parameter data: The data to send. */ public func write(data: Data) { pendingWriteData.append(data) checkWrite() } public func disconnect() { session.cancel() } public override func observeValue(forKeyPath keyPath: String?, of object: Any?, change: [NSKeyValueChangeKey : Any]?, context: UnsafeMutableRawPointer?) { guard keyPath == "state" else { return } switch session.state { case .cancelled: queueCall { self.delegate?.didCancel(socket: self) } case .ready: checkWrite() default: break } } private func checkWrite() { guard session.state == .ready else { return } guard !writing else { return } guard pendingWriteData.count > 0 else { return } writing = true session.writeMultipleDatagrams(self.pendingWriteData) {_ in self.queueCall { self.writing = false self.checkWrite() } } self.pendingWriteData.removeAll(keepingCapacity: true) } private func queueCall(block:@escaping ()->Void){ queue.async { block() } } deinit{ session.removeObserver(self, forKeyPath: #keyPath(NWUDPSession.state)) } }

I am trying to commission an ESP32-H2 Matter device using the chip-tool. It's running the Light Switch sample. I can commissioning it using the iOS Home App, so I know the code on it's working okay. I would like to understand more about the Fabric process, so I'd like to use the Home Pod powered Thread network rather than setting up an instance of Open Thread Border Router. I have created a simple iOS app and can fetch the activeOperationalDataSet from the Preferred network using func obtainPreferredNetworkCredentials() async -> (Void) { let client = THClient() let bIsPreferredAvailable = await client.isPreferredAvailable() if bIsPreferredAvailable == true { var credential: THCredentials? do { credential = try await client.preferredCredentials() if let dataset = credential?.activeOperationalDataSet { print(dataset.hexDescription) } } catch { print("Failed to get the credentials") } } } The hexDescription comes from this extension extension Data { var hexDescription: String { return reduce("") {$0 + String(format: "%02x", $1)} } } I am decoding the Data and displaying it as a hex string. It looks something like this: 0e080000000000000000000300001935060004001fffc002089f651677026f48070708fd9f65167702000ee90914b5d1097de9bb0818dc94690c0402a0f7f8 However, when I attempt to commission the device, it fails during ThreadSetup. Googling the issue says most likely the Operational Dataset is wrong in some way. Before I spend too much time on this, I want to make sure I'm doing the right thing in terms of getting the Operational Dataset to use with the chip-tool. Any help is appreciated!

"NSPOSIXErrorDomain Code=65 & iOS18 & Xcode 16". I used 'CocoaAsyncSocket', '~> 7.6.5'. It works fine on 13pro iOS16.4.1 &iphone x 16.7.7， But it's bad on iOS 18.3.

Hi, I have a problem with my Mac crashing sims 4. can you let me know if this is a Mac problem or a sims 4 problem ? Link to Mac Info : https://prnt.sc/NYG0jn8_u0dB Link to crash report : https://prnt.sc/UImzDIsqdVYn

Apple's Wi-Fi Aware demo shows that pairing is required before establishing a connection. Is this pairing mandatory? Can Android devices pair with Apple devices? My Android device strictly supports Wi-Fi Aware 4.0 and I want to achieve interoperability with Apple devices.

Hello, I am in a very similar situation as described in the thread: https://developer.apple.com/forums/thread/655183 Context: I am working on an app that receives data from a hardware device through its Wifi network, and the hardware is not connected to the internet. Now, I would need to call some API while still connected to hardware so I would need to use the cellular data. As mentioned on the thread, I can achieve this via Network framework, using the requiredInterfaceType property. But Is there any other way I can achieve this? I can also do some suggestion on the hardware if that's helpful. Thank you!