browserenginekit
BrowserEngineKit is a framework for building non-WebKit browser engines on iOS and iPadOS through process isolation and XPC communication. Use it when developing alternative rendering engines for supported regions, managing web content and networking extension processes, configuring GPU capabilities, verifying device eligibility via BrowserKit's BEAvailability API, and setting up required entitlements and Info.plist configurations for Apple-approved browser applications.
git clone --depth 1 https://github.com/dpearson2699/swift-ios-skills /tmp/browserenginekit && cp -r /tmp/browserenginekit/skills/browserenginekit ~/.claude/skills/browserenginekitSKILL.md
# BrowserEngineKit
Framework for building web browsers with alternative (non-WebKit) rendering
engines on iOS and iPadOS. Provides process isolation, XPC communication,
capability management, and system integration for browser apps that implement
their own HTML/CSS/JavaScript engine. Examples target Swift 6.3 and current
Apple SDKs.
BrowserEngineKit is a specialized framework. Alternative browser engines are
available only through Apple-approved entitlement profiles and supported-region
device eligibility. EU support applies to eligible users on iOS 17.4+ and
iPadOS 18+; Japan support starts with iOS 26.2 and adds explicit PAC/MIE
security requirements for browser apps. Development and testing can occur
anywhere. The companion frameworks BrowserEngineCore (low-level primitives) and
BrowserKit (eligibility checks, data transfer) support the overall workflow.
## Contents
- [Overview and Eligibility](#overview-and-eligibility)
- [Entitlements](#entitlements)
- [Architecture](#architecture)
- [Process Management](#process-management)
- [Extension Types](#extension-types)
- [Capabilities](#capabilities)
- [Layer Hosting and View Coordination](#layer-hosting-and-view-coordination)
- [Text Interaction](#text-interaction)
- [Sandbox and Security](#sandbox-and-security)
- [Downloads](#downloads)
- [Common Mistakes](#common-mistakes)
- [Review Checklist](#review-checklist)
- [References](#references)
## Overview and Eligibility
### Eligibility Checking
Use `BEAvailability` from the BrowserKit framework to check whether the device
is eligible for alternative browser engines. `BEAvailability` is available on
iOS/iPadOS 18.4+:
```swift
import BrowserKit
do {
let eligible = try await BEAvailability.isEligible(for: .webBrowser)
guard eligible else { return /* fall back or explain */ }
// Device supports alternative browser engines
} catch {
// Handle eligibility lookup failure
}
```
Eligibility depends on the device region and OS version. Do not hard-code
region checks; rely on the system API.
Availability anchors: process APIs are iOS/iPadOS 17.4+, `BEDownloadMonitor`
is iOS 18.2+, `.revision2` restricted sandbox is iOS 26+, and
`RenderingExtensionFeature.coreML` is iOS 26.2+.
## Entitlements
### Browser App (Host)
The host app requires two entitlements:
| Entitlement | Purpose |
|---|---|
| `com.apple.developer.web-browser` | Enables default-browser candidacy |
| `com.apple.developer.web-browser-engine.host` | Enables alternative engine extensions |
Both must be requested from Apple. The request process varies by region.
### Extension Entitlements
Each extension target requires its type-specific entitlement set to `true`:
| Extension Type | Entitlement |
|---|---|
| Web content | `com.apple.developer.web-browser-engine.webcontent` |
| Networking | `com.apple.developer.web-browser-engine.networking` |
| Rendering | `com.apple.developer.web-browser-engine.rendering` |
### Optional Entitlements
| Entitlement | Extension | Purpose |
|---|---|---|
| `com.apple.security.cs.allow-jit` | Web content | JIT compilation of scripts |
| `com.apple.developer.kernel.extended-virtual-addressing` | Web content | Required alongside JIT |
| `com.apple.developer.memory.transfer_send` | Rendering | Send memory attribution; value is host app bundle ID |
| `com.apple.developer.memory.transfer_accept` | Web content | Accept memory attribution; value is host app bundle ID |
| `com.apple.developer.web-browser-engine.restrict.notifyd` | Web content | Restrict notification daemon access |
### Embedded Browser Engine (Non-Browser Apps)
Apps that are not browsers but embed an alternative engine for in-app browsing
use different entitlements:
| Entitlement | Purpose |
|---|---|
| `com.apple.developer.embedded-web-browser-engine` | Enable embedded engine |
| `com.apple.developer.embedded-web-browser-engine.engine-association` | Declare engine ownership |
`engine-association` is available starting iOS/iPadOS/Mac Catalyst 26.2 and is
set to `first-party` when you own the engine or `third-party` when another
developer owns it. Embedded engines use `arm64` only (not `arm64e`), cannot
include browser extensions, and cannot use JIT compilation.
### Japan-Specific Requirements
Browser apps distributed in Japan are supported on iOS 26.2+ and must adopt the
current security mitigations Apple lists for Japan, including Pointer
Authentication Codes and Memory Integrity Enforcement for relevant allocators
and extension processes. Enable hardware memory tagging with
`com.apple.security.hardened-process.checked-allocations`; Apple strongly
recommends enabling it in the EU as well.
## Architecture
A browser built with BrowserEngineKit consists of four components running in
separate processes:
```
Host App (UI, coordination)
|
|-- XPC --> Web Content Extension (HTML parsing, JS, DOM)
|-- XPC --> Networking Extension (URLSession, sockets)
|-- XPC --> Rendering Extension (Metal, GPU, media)
```
The host app launches and manages all extensions. Extensions cannot launch
other extensions. Extensions communicate with each other through anonymous XPC
endpoints brokered by the host app.
### Bootstrap Sequence
1. Host launches web content, networking, and rendering extensions
2. Host creates XPC connections to each extension
3. Host requests anonymous XPC endpoints from networking and rendering
4. Host sends both endpoints to the web content extension via a bootstrap
message
5. Web content extension connects directly to networking and rendering
This architecture follows the principle of least privilege: the web content
extension works with untrusted data but has no direct OS resource access.
## Process Management
### Launching Extensions
Each extension type has a corresponding process class in the host app:
```swift
import BrowserEngineKit
// Web content (one per tab or iframe)
let contentProcess = try await WebContentProcess(
bundleIdentifier: nil,
onInterruption: {
// HandlDiscover and configure Bluetooth and Wi-Fi accessories using AccessorySetupKit. Use when presenting a privacy-preserving accessory picker, defining discovery descriptors for BLE or Wi-Fi devices, handling accessory session events, migrating from CoreBluetooth permission-based scanning, or setting up accessories without requiring broad Bluetooth permissions.
Implement, review, or improve Live Activities and Dynamic Island experiences in iOS apps using ActivityKit. Use when building real-time updating widgets for the Lock Screen and Dynamic Island — delivery tracking, sports scores, ride-sharing status, workout timers, media playback, or any time-sensitive information that updates in real time. Also use when working with ActivityKit, ActivityAttributes, Activity lifecycle (request/update/end), Dynamic Island layouts (compact/minimal/expanded), push-to-update Live Activities, or Lock Screen live widgets.
Measure ad effectiveness with privacy-preserving attribution using AdAttributionKit. Use when registering ad impressions, handling attribution postbacks, updating conversion values, implementing re-engagement attribution, configuring publisher or advertiser apps, or replacing SKAdNetwork with AdAttributionKit for ad measurement.
Implement AlarmKit alarms and countdown timers for iOS and iPadOS with Lock Screen, Dynamic Island, StandBy, and paired Apple Watch system UI. Covers AlarmManager scheduling, AlarmAttributes and AlarmPresentation, AlarmButton stop and snooze actions, authorization, state observation, countdown widget-extension handoff, and Live Activity integration. Use when building wake-up alarms, countdown timers, or alarm-style alerts that need Apple's system alarm experience.
Build iOS App Clips with invocation URLs, App Clip Codes, NFC, QR codes, Safari banners, Maps, Messages, target setup, App Store Connect experiences, size/capability constraints, NSUserActivity routing, SKOverlay promotion, App Group/keychain handoff, ephemeral notifications, location confirmation, and full-app migration. Use when creating App Clips or wiring App Clip invocation, experience configuration, or full-app handoff.
Implement App Intents for Siri, Shortcuts, Spotlight, widgets, Control Center, and Apple Intelligence on iOS. Covers AppIntent actions, AppEntity and EntityQuery models, AppShortcutsProvider phrases, IndexedEntity Spotlight indexing, WidgetConfigurationIntent, SnippetIntent, and assistant schemas. Use when exposing app actions or entities to system surfaces.
Optimize App Store product pages for search visibility and conversion. Use for App Store Optimization (ASO), keyword research, app name/subtitle/keyword-field strategy, conversion-focused descriptions and promotional text, screenshot captions and ordering, Custom Product Pages with assigned search keywords, In-App Events, Product Page Optimization tests, localized metadata, ratings/review strategy, and in-app review prompt timing with RequestReviewAction or AppStore.requestReview. Also use when routing ASO vs App Store review, privacy/ATT, or StoreKit implementation boundaries.
Prepare for App Store review and prevent rejections. Covers App Store review guidelines, app rejection reasons, PrivacyInfo.xcprivacy privacy manifest requirements, required API reason codes, in-app purchase IAP and StoreKit rules, App Store Guidelines compliance, ATT App Tracking Transparency, EU DMA Digital Markets Act, HIG compliance checklist, app submission preparation, review preparation, metadata requirements, entitlements, widgets, and Live Activities review rules. Use when preparing for App Store submission, fixing rejection reasons, auditing privacy manifests, implementing ATT consent flow, configuring StoreKit IAP, or checking HIG compliance.