Our team also received this email regarding the APNS. I don't know if I need to do something or not, since I haven't found any information in SAP Forums either. Our app uses the SAP Mobile Services push notifications. If any of you know any information about this, please let me know.

Hello Apple Developer Community, We’re building an MDM product (SaaS, multi-tenant). I’d like clarification on the APNs MDM push certificate usage model for service providers (MSPs). Question: Is it acceptable for an MDM vendor to use a single APNs MDM push certificate owned by the vendor to manage devices for multiple, independent customer organizations? Or is it required/recommended that each customer (company) must obtain and use its own APNs MDM push certificate (issued under the customer’s Apple ID) for their tenant? Why we’re asking: We understand that many guides show the process where each customer logs into the Apple Push Certificates Portal with their own Apple ID, uploads a CSR provided by the MDM, and then renews yearly. Practically, for a small team and early-stage deployments, using one vendor-owned certificate across multiple tenants would be simpler. We want to ensure we’re not violating any policy, terms, or technical requirements (e.g., certificate ownership, topic binding, device token isolation, audit/compliance expectations). What we need from Apple (or authoritative sources): An official Apple document or policy that clearly states whether per-customer certificates are mandatory vs strongly recommended for MSP/multi-tenant MDMs. If per-customer is mandatory, please point to the relevant clause or section. If a vendor uses a single certificate for multiple organizations, what risks or consequences should we expect (e.g., compliance issues, supportability, potential program violations, off-boarding problems, etc.)? Context: We’re sending only MDM wake notifications (standard MDM flow). We understand certificates expire yearly and must be renewed with the same Apple ID to avoid device re-enrollment. We want to follow Apple’s best practices while keeping early operations manageable. Any guidance, links to official documentation, or clarification from Apple engineers/moderators would be greatly appreciated. Thank you!

Hello Everyone, We have some doubts regarding the apple notification alert update received in Oct 2024 for APNS server certificate update. Does this change is already live for sandbox environment? As we have checked on sandbox environment without changing any certificate its working and we are able to get push notification. Does that means our system does not need any change for production as well? If required where we should add https://www.sectigo.com/knowledge-base/detail/Sectigo-Intermediate-Certificates/kA01N000000rfBO. This certificate. For FYI we are using python library called django-push-notifications which internally call to the APNS server for push notifications.

When performing the P12 certificate sending test, there was an error stating that authentication failed due to the remote party closing the transport stream. May I ask how to solve this?

I have been fighting this problem for two months and would love any help, advice or tips. Should I file a DTS ticket? Summary We attach a JPEG image to a local notification using UNNotificationAttachment. iOS reports the delivered notification as having attachments=1, but intermittently no image preview appears in Notification Center. In correlated cases, the attachment’s UNNotificationAttachment.url (which points into iOS’s attachment store) becomes unreadable (Data(contentsOf:) fails) even though the delivered notification still reports attachments=1. This document describes the investigation, evidence, and mitigations attempted. Product / Component UserNotifications framework UNNotificationAttachment rendering in Notification UI (Notification Center / banner / expanded preview) Environment App: OnThisDay (SwiftUI, Swift 6) Notifications: local notifications scheduled with UNCalendarNotificationTrigger(repeats: false) Attachment: JPEG generated from PhotoKit (PHImageManager.requestImage) and written to app temp directory, then passed into UNNotificationAttachment. Test contexts: Debug builds (direct Xcode install) TestFlight builds (production signing) iOS devices: multiple, reproducible with long runs and user clearing delivered notifications Expected Result Delivered notifications with UNNotificationAttachment should consistently show the image preview in Notification Center (thumbnail and expanded preview), as long as the notification reports attachments=1. If the OS reports attachments=1, the attachment’s store URL should remain valid/readable for the lifetime of the delivered notification still present in Notification Center. Actual Result Intermittently: Notification Center shows no image preview even though the app scheduled the notification with an attachment and iOS reports the delivered notification as having attachments=1. When we inspect delivered notifications via UNUserNotificationCenter.getDeliveredNotifications, the delivered notification’s request.content.attachments.first?.url exists but is unreadable (attempting Data(contentsOf:) returns nil / throws), i.e. the backing attachment-store file appears missing or inaccessible. In some scenarios the attachment-store file is readable for hours while the notification is pending, and then becomes unreadable after the notification is delivered. Reproduction Scenarios (Observed) Next-day reminders show attachment-store unreadable after delivery 1. Schedule a one-shot daily reminder for next day (07:00 local time) with UNCalendarNotificationTrigger(repeats: false) and a JPEG attachment. 2. During the prior day, periodic background refresh tasks verify the pending notification’s attachment-store URL is readable (pendingReadable=true). 3. After the reminder is delivered the next morning, the delivered snapshot shows the delivered notification’s attachment-store URL is unreadable (readable=false) and Notification Center shows no preview. Interpretation: the attachment-store blob appears to become inaccessible around/after delivery, despite being readable while pending. Evidence and Instrumentation We added non-crashing diagnostic logging (Debug builds) around: Scheduling time Logged that we successfully created a UNNotificationAttachment from a unique temp file. Logged that UNUserNotificationCenter.add(request) succeeded. Queried pendingNotificationRequests() and logged the scheduled request’s attachment url.lastPathComponent (iOS attachment-store filename). Delivered time (when app becomes active) Called UNUserNotificationCenter.getDeliveredNotifications and logged: delivered count, attachment count attachment url.lastPathComponent whether Data(contentsOf: attachment.url) succeeds (readable=true/false) Content fingerprinting Fingerprinted the exact JPEG bytes we wrote (SHA-256 prefix + byte count). Logged the iOS attachment-store filename (url.lastPathComponent) returned post-scheduling. Decode validation probe (later addition) When Data(contentsOf:) succeeds, we validate it decodes as an image using CGImageSourceCreateWithData and log: UTI (e.g. public.jpeg) pixel width/height magic header bytes What we tried / Mitigations Proactive “self-heal” for pending notifications Change: during background refresh/foreground refresh, verify the pending daily reminder’s attachment-store URL readability. If it’s unreadable, reschedule with a new attachment (same trigger). Rationale: if iOS drops the store file before delivery, recreating could repair it. Result: We observed cases where pending remained readable but delivered became unreadable after delivery, so this doesn’t address all observed failures. It is still valuable hardening. Increase scheduling frequency / reschedule closer to fire time (proposed/considered) We discussed adding a debug mode to always recreate the daily reminder during background refresh tasks (or only within N hours of fire time) to reduce the time window between attachment creation and delivery. Status: experimental; not yet confirmed to resolve the “pendingReadable=true → delivered unreadable after delivery” failure. Impact The primary UX value of the daily reminder is the preview photo; missing previews degrade core functionality. Failures are intermittent and appear dependent on OS attachment-store behavior and Notification Center actions (clearing notifications), making them difficult to mitigate fully app-side. Notes / Questions for Apple 1. Is iOS allowed to coalesce/deduplicate UNNotificationAttachment storage across notifications? If so, what is the retention model when delivered notifications are removed? 2. If a delivered notification still reports attachments=1, should its attachment-store URL remain valid/readable while the notification is still present in Notification Center? 3. In “next-day” one-shot scheduling scenarios, can the attachment-store blob be purged between scheduling and delivery (or immediately after delivery) even if the notification remains visible? 4. Is there a recommended pattern to ensure attachment previews remain stable for long-lived scheduled notifications (hours to a day), especially when using UNCalendarNotificationTrigger(repeats: false)? Minimal Code Pattern (simplified) 1. Generate JPEG (PhotoKit → UIImage → JPEG Data). 2. Write to a unique temp URL. 3. Create attachment: UNNotificationAttachment(identifier: <uuid>, url: <tempURL>, options: [UNNotificationAttachmentOptionsTypeHintKey: "public.jpeg"]) 4. Schedule notification with a calendar trigger for the next morning.

My push notifications on Ios devices come through but only silently while all settings are on order. On Android sounds are on. Anyway knows how to fix this on Apple's side?

Im creating a basic app, needs push notification capability. I have created two profiles (development & distribution), selected my app in Identifiers and checked the PN box to enable it (no need for broadcast). I add the profile to Xcode and it says "Provisioning profile "New VP App Jan 2026" doesn't include the Push Notifications capability." What am I missing?

If there is a Notification Service Extension which has the com.apple.developer.usernotifications.filtering entitlement, then does/how having that entitlement affect the preconditions for the NSE to be delivered a push? Specifically, if the app has not prompted for requestAuthorization() is it expected that the push will be delivered to the NSE or not? Thank you

I'm working on implementing Apple Wallet passes using background push notifications. My server successfully sends the push notification using APNs. The response from the server is HTTP/2 200, and the device receives the push — I can confirm this from device logs. However, the device logs show the following error: "Failed to parse JSON message payload for topic " "Unable to deserialize JSON message payload" My payload is below 2 payload. //string payload = "{"aps":{"content-available":1}}"; string payload = JsonConvert.SerializeObject(new { aps = new Dictionary<string, object> { { "content-available", 1 } } }); string curlArgs = $"-s -o nul -w \"%{{http_code}}\" " + $"--data-binary \"{payload}\" " + $"-H \"apns-topic: {bundleId}\" " + $"-H \"apns-push-type: background\" " + $"-H \"apns-priority: 5\" " + $"-H \"content-type: application/json\" " + $"-H \"authorization: bearer {jwt}\" " + $"--http2 https://api.push.apple.com/3/device/{token}"; I’ve confirmed that: The device has the Wallet pass installed. The apns-topic header is set to my passTypeIdentifier. The apns-push-type is background and apns-priority is 5. Steps to Reproduce: Install Wallet pass on iOS device. Send background push to device using the above payload. Observe the device logs using Console.app or log stream. See error: unable to deserialize JSON message payload. Is there a specific payload format expected for Wallet passes? Or any additional fields required in the push payload to avoid this deserialization error?

There is one xpc server and two xpc clients (clientA and clientB). When clientB sends a message to the xpc server, xpc server fills a value for dummyString in it's memory and I want clientA to know that dummyString got updated and also the new value for this dummyString. The updation of dummyString is not something that happens often. Two options we tried: Have a timer for 5 seconds in clientA and keep polling and request for the value of this dummyString. Setup a darwin notification in server that gets posted whenever dummyString is being updated. clientA receives requests for dummyString value only when it observes a notification being posted. Which of these two approaches causes the least delay for clientA to know the updated value of dummyString?

Hi, We have a use case where our app needs to send repeated push notifications (both normal and critical alerts) to inform the user about a critical device state and grab their attention. Since iOS doesn’t allow us to schedule local notifications beyond 30 seconds, I need to send multiple pushes from the server side. My questions are: Is there any documented limit on how many push notifications can be sent back-to-back before Apple starts throttling or restricting them? Are critical alerts treated differently from normal notifications in terms of delivery restrictions or frequency limits? Is there a recommended approach for handling scenarios where repeated urgent notifications are necessary to keep the user informed? I want to make sure I’m following Apple’s guidelines and not risking rejection during review.

I'm observing that when a silent push notification is sent to our app, is is started up in the background for 30 seconds before being suspended until the app is launched by the user. This causes data to persist from the silent push notification to the user app launch. I couldn't find documentation on this behavior for silent push notifications, and was wondering if it's possible to have the app terminate after handling the silent push notification. Is there documentation on the general flow of silent push notifications as well? I'm able to handle the edge cases if the app has to be suspended until user launch, but just want to confirm that this is the expected behavior before I go about handling it this way.

I am currently testing the Declared Age Range / Parental Consent flow in the Sandbox environment, and I am experiencing an issue where the RESCIND_CONSENT App Store Server Notification is not being delivered to my server. 🔍 Test Environment iOS version: iOS 26.2 (Sandbox environment) App Store Server Notifications: Sandbox environment 🔄 Test Scenario App Settings > Developer > Sign in with a Sandbox account Launch the app In App Settings > Developer > Sandbox Account > Management > Revoke App Consent, enter the app’s Bundle ID, tap the Revoke Consent button, and confirm that the revocation completion popup message is displayed Check whether App Store Server Notifications are received by the server Confirm that the RESCIND_CONSENT notification is not received by the server ✅ Expected Result The App Store Server sends a RESCIND_CONSENT notification to the Sandbox endpoint The notification payload includes appTransactionId The server can block app access based on the corresponding appTransactionId ❌ Actual Result No RESCIND_CONSENT notification is received in the Sandbox environment ❓ Questions Is this behavior an intended limitation of the Sandbox environment, or is it a known issue or bug? Is it possible that RESCIND_CONSENT notifications will only be delivered starting January 1, 2026? Additionally, when a RESCIND_CONSENT server notification is received, I currently update my database with the appTransactionId and the registration date. When a minor attempts to access the app, I check the latest appTransactionId status, and if the most recent state indicates consent has been revoked, I block app access and prompt the user to request parental consent again using PermissionKit.

Hi team, We've observed that for all background notifications (where content-available set to true, https://developer.apple.com/documentation/usernotifications/pushing-background-updates-to-your-app#Create-a-background-notification), we never received any response with error string "Unregistered". This differs from non-background pushes, where expired tokens are regularly cleared. Is this the expected behavior (i.e., background notifications will not return an "Unregistered" error), or could this indicate an issue on our side? Thanks in advance for any clarification.

We would like to better understand the discrepancy between a Push To Start and the subsequent Updates where I see a number of recipients drop greatly. Our assumption is that this is a result of the end user not clicking the "Allow" prompt when a push to start widget is shown on the screen for the first time, but we currently do not have a way to listen to the user's choice when prompted. Is there any way of tapping into this, to determine if this is in fact where the variance is coming from, or if there is actually just a problem with the request to retrieve the update token from our end?

We are trying to figure out a strange issue. Our app has not changed for at least 10 months but my devices and the QA tester device have all stopped receiving push/call notifications for twilio voip The twilio credential and apple voip services certificate are in date and valid It is pointing to the correct bundle id and topic (not changed configuration for years) token passed in to TwilioVoiceSDK.register() is retrieved from PKPushRegistry as per guide Running locally the Twilio Voice SDK successfully registers and retrieves APNs token What is interesting is if I log in with exactly the same client account on an iOS 18.5 device (and an older iPad) call notifications work perfectly (I have made sure all focus modes/dnd are off and notification settings are identical) The only changes myself and QA have made recently is minor iOS 18 version updates - 18.6.2 and 18.7.1 These now receive Invalid device token from APNs when Twilio attempts to create a call/voip notification for the user identity Our devices sometimes switch environments test/prod so I installed the app cleanly on a borrowed 18.6.2 device and got the exact same issue We have tested on these devices most of the year with no issues. I have been in touch with twilio support and added code to explicitly unregister and re register on an affected device to clear any bindings but it didn't help. Have apple made any changes in PushKit or token behaviour for later versions of iOS 18? Thanks

Hi all, May I please ask for an official clarification or documentation reference from Apple regarding this scenario: Is it possible for an iOS app to automatically launch or open a specific screen when a push notification is received — while the app is in the background or terminated (killed) state? I understand that for most cases, user interaction (such as tapping the notification) is required before the app can show UI. However, I’d like to confirm whether this is also true for time-sensitive or critical alert notifications, including emergency use cases (e.g. public safety alerts). Specifically: Can a critical alert notification directly launch the app or present a view controller? Or is user interaction always required before the app can present any UI, even with the critical alert entitlement? I would appreciate if anyone — especially Apple staff or engineers — could share an official Apple document or statement that confirms this behavior. Thank you very much! (Use case context: I’m developing an emergency broadcast feature for a property management / tenant app.)

According to the Apple notification alert received in October 2024, the APNS server certificate update for production is scheduled for February 24, 2025. Has this change been implemented, or is there a platform or method to verify whether this update has been applied in production? If so, where can we check this?"

Is there anyway that I could use AVAudioSession, AVAudioPlayer or anything similar in Notification Service Extension? I am trying to implement Audio Playback in the Notification Service Extension to play specific audio file when receiving Notification regardless the app state(foreground, background or killed), but I am not able to activate audio session in Notification Service Extension. NSError *sessionError = nil; BOOL success = [[AVAudioSession sharedInstance] setCategory:AVAudioSessionCategoryPlayback error:&sessionError]; success = [[AVAudioSession sharedInstance] setActive:YES error:&sessionError]; if (!success) { NSLog(@"Error activating audio session: %@", sessionError); } Below is the error that I got when I am trying to run the code above in Notification Service Extension. Error Domain=NSOSStatusErrorDomain Code=561015905 "Session activation failed" UserInfo={NSLocalizedDescription=Session activation failed}

Can I using AudioServicesPlaySystemSound for play sound os system on NotificationService?