During development, before things eventually go live, if the associated server for a message filter extension has a self signed SSL then if/how can test iPhones be configured such that the OS will connect to the server when they are performing a message filter query request?

I have a developer certificate but not a distribution certificate (its not my Apple account). Its possible to create an .xcarchive with a developer certificate, but what about a .ipa? After creating an archive, non of the distribution options within XCode will work without a dist cert. Is there another way to make an .ipa with just a dev cert? And if so is that going to be a dev build rather than a prod build (i.e. the .ipa would only install onto provisioned devices and would be no good for uploading to testflight for example)

The documentation (https://developer.apple.com/documentation/BundleResources/Entitlements/com.apple.developer.associated-domains) for a message filter extension says: If you use a private web server, which is unreachable from the public internet, while developing your app, enable the alternate mode feature to bypass the CDN and connect directly to your server. <service>:<fully qualified domain>?mode=<alternate mode> Where alternate mode is one of the following: developer Specifies that only devices in developer mode can access the domain. In this mode, you can use any valid SSL certificate on your web server, including a certificate that the system doesn’t trust. What does it mean "you can use any valid SSL certificate on your web server"? Does the app have to do anything with regards to this?

When uploading to Testflight the following questions get posted. How to answer this question gets asked in many forums, however none of the answers are satisfactory and it seems every body misreads option two. What type of encryption algorithms does your app implement? Encryption algorithms that are proprietary or not accepted as standard by international standard bodies (IEEE, IETF, ITU, etc.) Standard encryption algorithms instead of, or in addition to, using or accessing the encryption within Apple's operating system Both algorithms mentioned above None of the algorithms mentioned above In the case where an application is using standard encryption provided by the OS itself and isn't doing anything proprietary, what should the answer be? Many people on the internet say the answer should be 2). 2) Does mention standard encryption algorithms, but everybody seems to gloss over this phrase "instead of, or in addition to, using or accessing the encryption within Apple's operating system" Two is not saying the app uses standard encryption algorithms from the OS, two is saying using standard encryption algorithms instead of or in addition to, those provided by the OS. In the above options, there is none to select for the situation where the app only uses standard algorithms from the OS. If that is what 2 is meant to be, then the grammar and English usage doesn't not actually mean that. The phrase "instead of or in addition to" changes that. So what option to choose? Is there a bug in 2 and its English grammar is incorrect and doesn't convey the actual intended meaning?

I asked this question of AI and it said that yes it was possible, and gave some sample code override class func filterConfiguration() -> ILMessageFilterExtensionConfiguration { let config = ILMessageFilterExtensionConfiguration() // You can specify multiple network URLs config.networkURLs = [ URL(string: "https://api1.example.com/filter")!, URL(string: "https://api2.example.com/filter")! ] return config } And said the OS will try the first, and if there's no response within the first few seconds it'll move onto the second. However, there is no such class as ILMessageFilterExtensionConfiguration AFAICT, if there is then how to access/use it, if there isn't, then I wonder how the AI counjured it up? If multiple urls can be specified, then can the extension also specify a particular API to use and switch between them at some point? When does the OS call filterConfiguration()?

In order to create a Message Filter Extension it is necessary to set up Shared Web Credentials. I'd like to form an understanding of what role SWC plays when the OS is making request to the associated network service (when the extension has called deferQueryRequestToNetwork()) and how this differs from when an app directly uses Shared Web Credentials itself. When an app is making direct use of SWC, it makes a request to obtain the user's credentials from the web site. However in the case of a Message Filter Extension, there aren't any individual user credentials, so what is happening behind the scenes when the OS makes a server request on behalf of a Message Filtering Extension? A more general question - the documentation for Shared Web Credentials says "Associated domains establish a secure association between domains and your app.". Thank you

If an app has a text filtering extension and associated server that the iPhone OS communicates with, then how can that communication be authenticated? In other words, how can the server verify that the request is valid and coming from the iPhone and not from some spoofer? If somebody reverse engineers the associated domain urls our of the app's info.plist or entitlement files and calls the server url directly, then how can the server detect this has occurred and the request is not coming from the iPhone OS of a handset on which the app is installed?

Hello, if an associated domain is specified for an app (for example, the url of a server services an app extension text spam filtering) then what is there in place to stop somebody with malicious intentions from obtaining that url from the .plist/.entitlements file of the app and doing something with that url, such as denial of service attack or whatever?

If I have an XCode project that generates a framework when built, then I've noticed that its possible to add new additional targets to the project of type app extension. However if I add some source code to an app extension and regenerate the framework, then that source code is not accessable from the resulting framework (i.e. if the framework is included into an app, then the app code doesn't have visibility of the code that was added to the extension in the framework). Is this something which is possible to achieve? Ideally I would like to package the main source code that constitutes the framework content, along with the source code for a few extensions into a single framework, so that the app(s) that use the framework can include the framework into their main app target and also include it in the app extension target. I noticed that if the scheme of the framework is changed to the extension before building, then the result is not a .framework file but a .appex file. For client apps of the framework, can they directly include/use that .appex file? If so how can that be achieved? Does

I made an update to my app's code to make use of the new Contact access limited permission (CNAuthorizationStatusLimited), like so: if (@available(iOS 18.0, *)) { switch ([CNContactStore authorizationStatusForEntityType:CNEntityTypeContacts]) { case CNAuthorizationStatusLimited: <snip> However, later I discovered there's another totally unrelated issue which only manifests when the app is built with XCode 16. It isn't a trivial change to workaround, so for now I would like to make a release to the app store which makes use of the new CNAuthorizationStatusLimited status but is built using XCode 15. However, building with XCode 15 results in a "Use of undeclared identifier 'CNAuthorizationStatusLimited' error. If the code were making use of a new API, I could workaround using a selector for example, however as this is an enum, is there Is there any workaround possible for this - or its just not possible to build using XCode 15 and the source code contain references to CNAuthorizationStatusLimited?

I just received a message upon app submission saying "Although submission for App Store review was successful, you may want to correct the following issues in your next submission for App Store review. Invalid privacy manifest - The PrivacyInfo.xcprivacy file from the following path is invalid" This is due to a 3rd party dependency being used by the app, but the thing is I was able to submit the app a few weeks ago, and a few months ago prior to that, and this warning wasn't present despite the exact same version of the 3rd party dependency being in those previous submissions as for the current submission. As the deadline for including privacy manifests was earlier this year, and as the message says " you may want to correct the following issues in your next submission", then whats the point, is there any point in this message? The wording doesn't even say must or should resubmit, it simply says "may like to". Is there therefore any need to address this or not bother if the message just says "may like to"?

If I run an app with a message filter extension on < iOS 18 everything is as expected, if I run the same app, without any changes on iOS 18 then it doesn't work. I've discovered that problems occur if the extension has the following code: extension MessageFilterExtension: ILMessageFilterQueryHandling, ILMessageFilterCapabilitiesQueryHandling { func handle(_ capabilitiesQueryRequest: ILMessageFilterCapabilitiesQueryRequest, context: ILMessageFilterExtensionContext, completion: @escaping (ILMessageFilterCapabilitiesQueryResponse) -> Void) { let response = ILMessageFilterCapabilitiesQueryResponse() response.transactionalSubActions = [.transactionalCarrier, .transactionalHealth, .transactionalPublicServices, .transactionalFinance, .transactionalWeather, .transactionalRewards, .transactionalOrders, .transactionalOthers, .transactionalReminders] response.transactionalSubActions = [.transactionalFinance, .transactionalOrders, .transactionalHealth] completion(response) } This code doesn't run on iOS 18, however the following code does run on iOS 18: let response = ILMessageFilterCapabilitiesQueryResponse() completion(response) I downloaded several apps from the app store which provide message filtering, within the Message app they all had one thing in common, on < iOS 18 they all show 12 filtering categories, but within iOS 18 they only show 2. So it seems the issue is endemic and effects other apps, not just mine.

I've got an existing app using storyboards and would like to incorporate the new iOS 18 ContactAccessButton() and contactAccessPicker() into the GUI. However, how can that be done? If I try to do something like add a UIView to a view controller in the storyboard, then ContactAccessButton can't be assigned to it (even though ContactAccessButton inherits from UIView). Nor can a ContactAccessButton be used as a type within the Storyboard/the View Controller. How do I go about integrating this new iOS feature into an existing app using Storyboards and view controllers?

When I run my app on iOS 18, the following gets logged to the XCode console. error: Error reading commands from file lldbinit - file not found. I've never heard of that file before. What is it, why is it needed, why does the app (unbeknown to me) try to read from it, and why is it missing?

In iOS 18 if a number is registered with CallKit to be blocked, then if that number is also in contacts, then the number isn't blocked. If a user has added a number to their contacts, then in all probability they might not want the number blocked, so this might seem reasonable behaviour. However the point is, this is new behaviour for CallKit in iOS 18, and its never been like this before going back several years to the very first release. Why suddenly change it now, after all these years, without notice nor documentation, and take away that option from the user, should for some reason, they want to block a number which is also in their contacts. This is quite a disruptive change for apps using CallKit.