I'm seeking help troubleshooting a persistent com.apple.IdentityLookup.error.messagefilter Code=3 error when my Message Filter Extension tries to defer to network. I’ve exhausted Apple documentation and forum posts, and Apple Support has asked me to escalate this via the forums to reach engineering.
✅ My Setup: Xcode: 16.2
macOS: Sequoia 15.3.1 (Apple Silicon Mac mini)
Device: iPhone 14 Pro
iOS: 18.3.2 (Developer Mode enabled)
Tested via: TestFlight install on real device
📦 App Structure: Main App Target (minimal "hello world" logic)
Message Filter Extension Target
Messages Extension Target
Message Reporting Extension Target
Notifications Extension Target
✅ Capabilities & Configurations Main App Capabilities: App Groups: group.com.example.shared
Network Extensions: Content Filter
Associated Domains:
messagefilter:my-api.example.com
applinks:my-api.example.com
Message Filter Capabilities:
App Groups: same as main app
Network Extensions: Content Filter
Associated Domains: same as above
📄 Info.plist Config
Main App Info.plist:
NSAppTransportSecurity with:
NSAllowsArbitraryLoads = YES
Exception domain my-api.example.com with:
NSIncludesSubdomains = YES
NSTemporaryExceptionAllowsInsecureHTTPLoads = YES
NSTemporaryExceptionMinimumTLSVersion = TLSv1.2
MessageFilter Info.plist:
Same ATS settings as above
NSExtension block:
<key>NSExtension</key>
<dict>
<key>NSExtensionAttributes</key>
<dict>
<key>ILMessageFilterExtensionNetworkURL</key>
<string>https://my-api.example.com/api/sms-filter</string>
<key>ILClassificationExtensionSMSReportDestination</key>
<string>+10000000000</string>
</dict>
<key>NSExtensionPointIdentifier</key>
<string>com.apple.identitylookup.message-filter</string>
<key>NSExtensionPrincipalClass</key>
<string>$(PRODUCT_MODULE_NAME).MessageFilterExtension</string>
</dict>
📜 Entitlements
Main App Entitlements
<key>com.apple.developer.associated-domains</key>
<array>
<string>messagefilter:my-api.example.com</string>
<string>applinks:my-api.example.com</string>
</array>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>content-filter-provider</string>
</array>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.example.shared</string>
</array>
Message Filter Extension Entitlements
Identical to main app’s, scoped to the extension.
📄 AASA File (Hosted on https://my-api.example.com/.well-known/apple-app-site-association)
Serves as application/json, returns 200 OK, and is reachable on device via Safari. Logs confirm AASA is downloaded and installed successfully during TestFlight install.
{
"applinks": {
"apps": [],
"details": [
{
"appID": "TEAMID.com.example.app",
"paths": ["*"]
},
{
"appID": "TEAMID.com.example.app.MessageFilter",
"paths": ["*"]
}
]
},
"messagefilter": {
"apps": [],
"details": [
{
"appID": "TEAMID.com.example.app",
"filterType": "URL",
"domains": ["my-api.example.com"]
},
{
"appID": "TEAMID.com.example.app.MessageFilter",
"filterType": "URL",
"domains": ["my-api.example.com"]
}
]
},
"classificationreport": {
"apps": [],
"details": [
{
"appID": "TEAMID.com.example.app",
"domains": ["my-api.example.com"]
},
{
"appID": "TEAMID.com.example.MessageReporting",
"domains": ["my-api.example.com"]
}
]
}
}
❌ The Problem
When the extension launches and receives an SMS to classify, logs show:
deferQueryRequestToNetwork failed: The operation couldn’t be completed. (com.apple.IdentityLookup.error.messagefilter error 3.)
The extension loads, network URL is available, the AASA is installed, and yet the extension is not allowed to defer to network. This occurs every time.
🧪 Other Notes
Tried rebuilding everything from scratch
Archiving to TestFlight, not running via Xcode
Clean entitlements verified using codesign -d --entitlements :-
Console logs show no issues with AASA download or validation
Any help or insights from Apple engineering or others in the community who have successfully deployed a working Message Filter Extension would be hugely appreciated.
Thanks in advance 🙏
