I have a VPN configuration that starts a PacketTunnelProvider extension. In there I set the DoH server url and start / stop everything pretty straight forward. I want to exclude certain domains, such as e.g. "google.com" or "apple-dns.net" to lower my traffic on the DoH server. I tried a couple of variations of onDemand rules yet they all don't work for me. Is there a way how I can only route DNS requests towards my DoH server for all domains except custom defined domains? Examples I've tried thus far I spare the boilerplate code for creating the NETunnelProviderManager before and setting the rules + isOnDemandEnabled flag for the following examples except the first one: 1 // create the NETunnelProviderManager let evaluationRule = NEOnDemandRuleEvaluateConnection() let ignoreDomainRule = NEEvaluateConnectionRule(matchDomains: ["apple.com"], andAction: neverConnect) evaluationRule.connectionRules = [ignoreDomainRule] manager.onDemandRules = evaluationRule manager.isOnDemandEnabled = true 2 let ignoreDomainRule = NEEvaluateConnectionRule(matchDomains: ["apple.com"], andAction: neverConnect) [ignoreDomainRule, NEOnDemandRuleConnect()] 3 let ignoreDomainRule = NEEvaluateConnectionRule(matchDomains: ["apple.com"], andAction: connectIfNeeded) ignoreDomainRule.useDNSServers = ["8.8.8.8"] [ignoreDomainRule, NEOnDemandRuleConnect()] // or [ignoreDomainRule] 4 let disconnectRule = NEOnDemandRuleDisconnect() disconnectRule.dnsSearchDomainMatch = ["apple.com"] [disconnectRule, NEOnDemandRuleConnect()] 5 let evaluationRule = NEOnDemandRuleEvaluateConnection() let ignoreDomainRule = NEEvaluateConnectionRule(matchDomains: ["apple.com"], andAction: neverConnect) let connectRule = NEEvaluateConnectionRule(matchDomains: [""], andAction: connectIfNeeded) evaluationRule.connectionRules = [connectRule]

Brief & History Since iOS 17.4 and up we experience a lot of flakyness when it comes to DeviceActivity event thresholds. After a lot of testing and investigations inside system logs and filing countless bug reports we found a reproducible way why the event thresholds are not getting properly called. Findings Apparently when the device reaches near to max memory something called jetsamkills processes left and right. This means that the UsageTrackingAgent that (we think) is responsible for tracking the usage time of the device gets killed and doesn't recover until significant memory is freeing up on the device. How to test it yourself Use a slightly older device with ~ 3 or 4 GB of RAM Open a game or two that is meomry intensive (like Fishing Clash, yes..) and observe In the console logs you see something that only happens then: Process UsageTrackingAgent [39307] killed by jetsam reason highwater This happens often but recovers itself when the UsageTrackingAgent exceeds their 6MB memory limit. Yet the log looks like this: Process UsageTrackingAgent [39307] killed by jetsam reason per-process limit Once you kick the game, the memory is free and sometimes the event thresholds are calling in again. Defeating the purpose However this defeats the purpose of tracking usage time and shielding perhaps the playing app from being played after a certain amount of time! Feedback Assistant Ticket Here is the ticket with sysdiagnose, step by step and more information: FB13884981 Please fix this ASAP, this is such a pain for production users and their kids EVERY DAY.

Here is a post to gather findings in case anyone found out what this new API does. Apple did not include any comments or documentation and due to the generic naming we don't know what this API might does. https://developer.apple.com/documentation/deviceactivity/deviceactivityauthorization?changes=latest_major

Is there a programmatic way to check if a user has iOS Screen Time enabled on their device?

Disclaimer The setup of the FamilyControls capability, authorization etc. is all correct and properly working. The Issue Users complain that apps are not shown up on their parent device. Investigations For months we thought it's a syncing issue and eventually apps do show up. But another time (after already shown) they hide again. Insights We now found out, that the FamilyControlsAgent which is an internal process of iOS crashes due to exceeding their memory limit right before the picker should show up and then logs errors that it can't connect to "helper process". Feedback Tickets: Including multiple sys-diagnose files, step by steps and more: FB11983206 FB11863463 FB11983304 Attention As more and more users get frustrated with it, we hope some Apple engineer sees this and helps bring attention to a fast bug fix. Maybe just increase internal memory limit threshold for such process via entitlement. FYI We also think this is the reason why the DeviceActivityReport can't show apps and crashes due this limitation. But I would much rather prefer Apple to focus on the memory crash. FB11787794

Hi, I have a NEPacketTunnelProvider running. When uninstalling the app, I've noticed that the class calls stopTunnel with reason: providerDisabled. However when I want to cleanly finish up the stop the method gets cancelled before it finishes an asynchronous task. (takes maybe half a second) Any technique how I can ensure that the work still gets done before this happens?