Unexpected Removal of Apple Watch Apps When Using allowListedAppBundleIDs in iOS Configuration Profile
Summary:
When applying a configuration profile that uses allowListedAppBundleIDs to permit a defined set of apps, essential Apple Watch apps are unexpectedly removed from the paired Watch — even though their associated iPhone bundle IDs are explicitly included.
This issue occurs with a minimal profile, and has been consistently reproducible on the latest versions of iOS and watchOS.
Impact:
This behavior severely limits the use of Apple Watch in managed environments (e.g., education, family management, accessibility contexts), where allowlisting is a key control mechanism. It also suggests either:
- Undocumented internal dependencies between iOS and watchOS apps, or
- A possible regression in how allowlists interact with Watch integration.
Steps to Reproduce:
- Create a configuration profile with a Restrictions payload containing only the allowListedAppBundleIDs key.
- Allow a broad list of essential system apps, including all known Apple Watch-related bundle IDs:
<string>com.apple.NanoAlarm</string>
<string>com.apple.NanoNowPlaying</string>
<string>com.apple.NanoOxygenSaturation</string>
<string>com.apple.NanoRegistry</string>
<string>com.apple.NanoRemote</string>
<string>com.apple.NanoSleep</string>
<string>com.apple.NanoStopwatch</string>
<string>com.apple.NanoWorldClock</string>
(All the bundles can be seen in the Attached profile)
- Install the profile on a supervised or non-supervised iPhone paired with an Apple Watch.
- Restart both devices.
- Observe that several core Watch apps (e.g. Heart Rate, Activity, Workout) are missing from the Watch.
Expected Behavior:
All apps explicitly included in the allowlist should function normally. System apps — especially those tied to hardware like Apple Watch — should remain accessible unless explicitly excluded.
Actual Behavior:
Multiple Apple Watch system apps are removed or hidden, despite their iPhone bundle IDs being listed in the allowlist.
Test Environment:
- iPhone running iOS 18
- Apple Watch running watchOS 11
- Profile includes only the allowListedAppBundleIDs key
- Issue confirmed on fresh devices with no third-party apps
Request for Apple Engineering:
- Please confirm whether additional internal or undocumented bundle IDs are required to preserve Apple Watch functionality when allowlisting apps.
- If this behavior is unintended, please treat this as a regression or bug affecting key system components.
- If intentional, please provide formal documentation listing all required bundle IDs for preserving Watch support with allowlisting enabled.
Attachment:
- .mobileconfig profile demonstrating the issue (clean, minimal, reproducible)
