Not getting Browser flow traffic in per app Content Filter (NEFilterControlProvider))

Hi,

We are trying the new per app Content filter feature released with iOS 16 on managed devices. We push a configuration file via the MDM onto the device which contains the ContentFilterUUID field as mentioned in the WWDC tutorial

After this, the NEFilterControlProvider network extension starts on the device and we expect to do the content filtering using that.

In the content filter profile, we have set "FilterBrowsers" key to true and "FilterSockets" key to false.

Also, we have assigned the profile to chrome application.

Our expectation is that when we load a URL in chrome, if it is present in our filter, it should be blocked. But we are observing that this is not happening.

On further investigation we found that no NEBrowserFlow traffic was received by our NEFilterControlProvider extension.

We changed the "FilterSockets" key to true, and were able to see NESocketFlow traffic coming, but not the NEBrowserFlow traffic.

We tried with the same profile on a supervised device without the contentFilterUUID field to make the profile device wide, and it was able to filter properly.

Please let us know if this is a known issue and any tentative ETA for the fix. We have created a FB assistant bug as well (11637934)

Other than this, we wanted to understand if we can assign the per app CF to Safari app as well. Safari being the default browser for majority of users, not able to put Content filtering on it, will hamper our content filtering use case