Discuss how to secure user data, respect user data preferences, support iCloud Private Relay and Mail Privacy Protection, replace CAPTCHAs with Private Access Tokens, and more. Ask about Privacy nutrition labels, Privacy manifests, and more.

Posts under Privacy tag

200 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

Apple Review rejecting my app
Hello everyone! I am having troubles launching my application as Apple keep rejecting it based on Objectifiable Content 1.1.1. My app allows users post events and add car plates to the event and even a photo, to announce that one car has been hit in the parking lot or it's been towed or any other useful usecase that one might one to be aware of about his vehicles. Apple reviewd my app and gave me multiple indications, not to show car plates in the UI, and not even in the pictures. In order to be complient with the GDPR, and any other safety & privacy concerns, I have censored all plates in UI, I have added a functionality that car plates (and faces) are blured in the photos, so basically everything is anonnymised and secured. After this, I was hoping that Apple will approve my app, but here's the unexpected: I still get rejected for 1.1.1 as "posting and collecting plate number information can be defamatory and mean-spirited". Even if I tried to explain them multiple times, I get "robot" responses such as "As I understand your position, we still find your app not complient with 1.1.1" etc. and to review my "app concept" so basically what they are saying is that the only problem remaining with my app si basically....my app. I am really frustrated because on Android the app is already launched and I cannot believe that I am being stuck with it on iOS :( Please help me understand better what can I do. I asked them a last question, If I would implement something like : Admin approval required on each user post, so moderators will need to manually approve posts, so then I will have full annonymisation + full control on what posts are going to reach the news feed, but I got a response like " We cannot review features or concepts" .....
2
0
63
5h
macOS Sequoia doesn't respect Full Disk Access for UITests-Runner
We develop and test App for macOS. We start to see system alert - "UlTests-Runner" would like to access data from other apps on each UITest run. Our test suite does cleanup of files generated by App so we need access outside of UITests-Runner sandbox. We enabled Full Disk Access for UITests-Runner at Settings -> Privacy & Security -> Full Disk Access but unfortunately still see this alert. Is there any way to permanently remove/hide this alert or remove sandbox for 'UITests-Runner' since we want to run tests on CI and having this alert is not an option? Note: everything works fine on previous versions of macOS. Environment: macOS - 15.1 (24B83) Xcode - Version 16.1 (16B40)
0
1
60
2d
How can a window be visible but not in the onscreen list?
I'm looking at a case where a handler for NSWindowDidBecomeMain gets the NSWindow* from the notification object and verifies that window.isVisible == YES, window.windowNumber > 0 and window.screen != nil. However, window.windowNumber is missing from the array [NSWindow windowNumbersWithOptions: NSWindowNumberListAllSpaces] and from CGWindowListCopyWindowInfo( kCGWindowListOptionOnScreenOnly, kCGNullWindowID ), how can that be? The window number is in the array returned by CGWindowListCopyWindowInfo( kCGWindowListOptionAll, kCGNullWindowID ). I'm seeing this issue in macOS 15, maybe 14, but not 13.
2
0
129
3d
Question about the November 12 deadline
We noticed a change in the page Adding a privacy manifest to your app or third-party SDK that adds a deadline of November 12 past which invalid manifests will not be allowed in store submissions. Does this mean we can no longer use old versions of third-party SDKs which lack a manifest? (The ones that were allowed because we had already shipped with them.)
1
0
176
2d
iOS app on macOS storing persistent user ID across installs on same device
Hi, I have recently encountered an app with some odd behaviour and wanted to clarify some details about the way sandboxing works with iOS apps installed on a Mac. I am unsure whether this is due to a misunderstanding of system behaviour or whether this is a bug. The app was installed from the Mac App Store, designed for iPad. The developer of the app informed me that in lieu of a sign-in process, the app tries to persistently store a UUID of the user on the device so that when the app is deleted and reinstalled, the user is automatically logged in again. The developer says that two mechanisms are being used: 1) NSUserDefaults (via Flutter shared prefs) and 2) identifierForVendor. In the case of 1), my understanding is that these are managed by cfprefsd. Using the 'defaults domain' command, the domain of the app appears. However, there are no keys or values stored. Using the 'defaults write' and 'defaults read' and 'defaults delete' commands on that bundle identifier works as expected, but since it starts out empty, it cannot be read or deleted. Furthermore, the app's data is supposed to be sandboxed in /Library/Containers. When the app is uninstalled from Launchpad, I have confirmed that the folder is missing. When reinstalled, the app's settings and data are missing, but crucially, the cloud identifier is still persistent and is evident after 'setup'. In the case of 2), the developer documentation states that identifierForVendor changes when all apps from a developer have been removed from a device. The app in question is the only app that was installed from this developer, so logically this identifier should have changed when the app was deleted and reinstalled. I have confirmed that iCloud drive is not being used to store this data as there is no data in iCloud for this app. In any case, when the app is uninstalled and reinstalled, the app automatically logs the user into the "account" it was previously logged into, along with all of that user's data in the cloud. I have a sense that this type of persistent identifier tracking is what sandboxing was meant to address, but I am unsure why I have been unable to remove the UUID tag from my system. Any insight would be greatly appreciated!
1
0
136
1w
Guideline 5.1.1 - Legal - Privacy
My application allows to upload photo logs and assign it to a person only by uploading images from camera. In the process it asks for camera and geolocation permissions. At this moment it doesn't do much. Why could this be happening? Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage The app collects information from various public sources to build individual profiles. Next Steps To resolve this issue, please remove any feature that attempts to build individual profiles based on collected public data.
1
0
106
1w
Local Network Privacy pop-up on macos Sequoia for CLI Tools Invoked by Launchd Daemon
Starting from macOS 15 (macOS Sequoia), a new pop-up is triggered: “Local Network Privacy.” We have some questions regarding this new pop-up on MacOS: Question 1: If a launchd daemon invokes a command-line tool, will this tool trigger the local network prompt if it attempts to access the network? We use a launchd daemon which runs in root context and is started from /Library/LanuchDaemons/ Question 2: How will this prompt work across various macOS executables? I have read other developer forum articles and the https://developer.apple.com/forums/thread/663858 - Local Network Privacy FAQ. The responses are a little unclear and any insight into these questions would be very helpful with this new requirements.
1
0
99
1w
Give microphone permission programmatically
Hello, I am setting up macMinis as CI machines (using gitlab-runner) for my team. We are developing mostly audio stuff, and some of our unit tests imply using audio inputs with AVAudioSession/AVAudioEngine. These CI jobs trigger a microphone authorization pop-up on the macMinis, asking for permission to give gitlab-runner access to the microphone. Once the authorization is given, subsequent jobs run fine. My issue is that the macMinis are updated on a regular basis with scripts, and since the path of the gitlab-runner binary, installed with homebrew, changes on every version, the pop-up is triggered again every time gitlab-runner gets updated. Since we are having more and more CI runners, maintaining this manually is becoming impossible. Is there a way to either deactivate this security or scripting the authorization for a binary to access the microphone? Thank you for your help! Tom
1
0
117
1w
Inquiry Regarding NSNearbyInteractionUsageDescription Permission Behavior on iOS 18
After declaring NSNearbyInteractionUsageDescription in accordance with the official documentation, a permission prompt used to appear asking if the user wants to allow Nearby Interaction permissions. Additionally, I could see two related permissions in the app’s settings. This behavior was working correctly on iOS 17. However, after upgrading to iOS 18, the permission prompt no longer appears upon reinstalling the app, and the related settings are no longer visible in the app settings. I would like to confirm if there are any additional configurations required for iOS 18 to make Nearby Interaction permissions function as expected. Thank you very much for your assistance. https://developer.apple.com/documentation/nearbyinteraction/initiating-and-maintaining-a-session ios 17: visable, ios 18 : gone
0
0
165
1w
Linking to iTunesLibrary requires access every launch?
Hello, I have a command line application that uses iTunesLibrary to "save" the state of what I have listened to. I have it run every night via a LaunchAgent. You can see the source here: https://github.com/bolsinga/itunes_json Prior to Sequoia it would run nightly. I'd just have to grant it access to the Music library once, and it would be fine thereafter. However with Sequoia it requires UI interaction to grant it access every time. This makes it no longer run unattended overnight, defeating its purpose. I have the console logs of when this happens. You can see it in my issue tracking it here: https://github.com/bolsinga/itunes_json/issues/410 One thing that makes me wonder is that it is a command line application, not a bundle. How do I make a command line application get access to MusicKit / iTunesLibrary, and keep it thereafter? I'd like to get my pre-Sequoia behavior back. I've filed FB15592660 too. I've granted it access to run in the background, as well as access to my Music library (please see attached screenshots). AMPLibraryAgent 10:48:29.489944-0700 xpc Connection from framework client invalidated pid:57606 clientname:iTunesLibrary(itunes_json) AMPLibraryAgent 10:48:29.492763-0700 service Unloading domains(14) for ClientID:iTunesLibrary(itunes_json)-1229 previous open:15 new open:1 itunes_json 10:48:59.980864-0700 connection [0x157f05800] activating connection: mach=true listener=false peer=false name=com.apple.amp.library.framework tccd 10:48:59.982568-0700 access AUTHREQ_ATTRIBUTION: msgID=1795.214, attribution={accessing={TCCDProcess: identifier=itunes_json, pid=57652, auid=501, euid=501, binary_path=/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json}, requesting={TCCDProcess: identifier=com.apple.AMPLibraryAgent, pid=1795, auid=501, euid=501, binary_path=/System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent}, }, tccd 10:48:59.982651-0700 access requestor: TCCDProcess: identifier=com.apple.AMPLibraryAgent, pid=1795, auid=501, euid=501, binary_path=/System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent is checking access for accessor TCCDProcess: identifier=itunes_json, pid=57652, auid=501, euid=501, binary_path=/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json tccd 10:48:59.995636-0700 access AUTHREQ_SUBJECT: msgID=1795.214, subject=/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json, tccd 10:48:59.996283-0700 access -[TCCDAccessIdentity staticCode]: static code for: identifier /Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json, type: 1: 0xc00341b00 at /Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json tccd 10:49:00.018205-0700 access Failed to match existing code requirement for subject /Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json and service kTCCServiceMediaLibrary cdhash H"6bc380972f4df49b337a2a05308fb7b98fbe6473" or cdhash H"0708bcaabbfbab8770522050f7e2642d4d864f31" cdhash H"6bc380972f4df49b337a2a05308fb7b98fbe6473" or cdhash H"0708bcaabbfbab8770522050f7e2642d4d864f31" tccd 10:49:00.018997-0700 access AUTHREQ_PROMPTING: msgID=1795.214, service=kTCCServiceMediaLibrary, subject=Sub:{/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json}Resp:{TCCDProcess: identifier=itunes_json, pid=57652, auid=501, euid=501, binary_path=/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json}, AMPLibraryAgent 10:49:02.489170-0700 xpc ampld> register framework ClientName:iTunesLibrary(itunes_json) tccd 10:49:02.488189-0700 events Publishing <TCCDEvent: type=Create, service=kTCCServiceMediaLibrary, identifier_type=Path, identifier=/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json> to 4 subscribers: { 633 = "<TCCDEventSubscriber: token=633, state=Initial, csid=(null)>"; 628 = "<TCCDEventSubscriber: token=628, state=Passed, csid=com.apple.chronod>"; 464 = "<TCCDEventSubscriber: token=464, state=Passed, csid=com.apple.cloudd>"; 513 = "<TCCDEventSubscriber: token=513, state=Passed, csid=com.apple.photolibraryd>"; } AMPLibraryAgent 10:49:02.490391-0700 xpc ampld> registered framework ClientName:iTunesLibrary(itunes_json) with clientID:1230 itunes_json 10:49:02.792084-0700 connection [0x147e04340] activating connection: mach=true listener=false peer=false name=com.apple.amp.artworkd itunes_json 10:49:02.801482-0700 <Missing Description> openDatabase 0xe4af30f4493e5ef5 artwork folder Y '<private>' itunes_json 10:49:02.805087-0700 <Missing Description> openDatabase 0xf2db6e8d7672edc9 artwork folder Y '<private>' itunes_json 10:49:02.806736-0700 <Missing Description> openDatabase 0xfb2acd898c951851 artwork folder Y '<private>' itunes_json 10:49:02.813286-0700 <Missing Description> openDatabase 0xf0f4919c5ff0e88 artwork folder Y '<private>' itunes_json 10:49:09.634928-0700 connection [0x600002b6a0d0] activating connection: mach=true listener=false peer=false name=com.apple.cfprefsd.daemon itunes_json 10:49:09.635019-0700 connection [0x600002b78000] activating connection: mach=true listener=false peer=false name=com.apple.cfprefsd.agent AMPLibraryAgent 10:49:12.382878-0700 xpc Connection from framework client invalidated pid:57652 clientname:iTunesLibrary(itunes_json) AMPLibraryAgent 10:49:12.383474-0700 service Unloading domains(14) for ClientID:iTunesLibrary(itunes_json)-1230 previous open:15 new open:1 itunes_json.log
6
0
257
1w
the app in ipad(ios 18) can not connect to tcp server in the same local network
the app in ipad can not connect to tcp server in the same local network. libinfo check path: unsatisfied (Local network prohibited) reproduce steps: I update my ipad to iapd iOS/18.0 install the app make the app connect to tcp server in the windows which is in the same local network. the ipad trigger Local Network privacy alert I tap the allow button, I check the toggle of Local Network privacy is on as well I try to make the app connect to tcp server in the windows again, but can not connect to tcp server, the ipad system log: nw_path_libinfo_path_check [8F864AB4-C5E1-488D-B396-ECEC2F3FB77E IPv4#0423cc45:9520 tcp, legacy-socket, attribution: developer] libinfo check path: unsatisfied (Local network prohibited), interface: en0[802.11], ipv4, uses wifi 7. I try to make the app connect to tcp server in other windows. It connects successful. the ipad system log: nw_path_libinfo_path_check [C84DC25A-5A14-4080-ABAA-10ED24AE2D6D IPv4#7df62769:9520 tcp, legacy-socket, attribution: developer] libinfo check path: satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, uses wifi So please apple developer help investigate why the app can not connect to the tcp sever in the same local network, even though the toggle of local network permission is on in ipad os 18
2
0
153
2w
App Groups and macOS 15
Hi, I just updated my machine to macOS 15, and while developing and running my app (with Xcode), I keep getting messages about my app "would like to access data from other apps". This happens even from Xcode Previews, so it's pretty annoying. My production app doesn't seem to be affected by this problem; the system prompt just pops when running the debug version. I came across something about App Groups in macOS and how something has changed in macOS15 regarding system permissions. I use the "group.***" prefix in my macOS app, without the team prefix. Is that the problem here? But why is my production app working fine, but the development app is triggering the prompt repeatedly? Would love any feedback or workarounds. Thanks.
7
1
259
1w
What to do to get an IOS App accepted with OpenSSL
Hi, our IOS App will use the OpenSSL library for a secure websocket communication with network devices. As far as i have understood we need to provide "Export compliance documentation" because we are using "standard encryption algorithm instead of, or in addition to, using or accessing the encryption within Apple's OS". But the documentation here does not indicate that we need to provide anything. Independently of that, the App needs to include a Privacy Manifest, right ? How does that look like ? Thanks in advance
1
0
169
2w
Command line app doesn't prompt for a permission when it runs from from a terminal
I've made a simple command line app that requires Screen recording permission. When I ran it from Xcode, it prompts for a permission and once I allowed it from the settings, it runs well. #include &lt;stdio.h&gt; #include &lt;stdlib.h&gt; #include &lt;unistd.h&gt; #include &lt;CoreGraphics/CGDisplayStream.h&gt; int main() { printf("# Start #\n"); if (CGPreflightScreenCaptureAccess()) { printf("# Permitted.\n"); } else { printf("# Not permitted.\n"); if (CGRequestScreenCaptureAccess() == false) { printf("# CGRequestScreenCaptureAccess() returning false\n"); } } size_t output_width = 1280; size_t output_height = 720; dispatch_queue_t dq = dispatch_queue_create("com.domain.screengrabber", DISPATCH_QUEUE_SERIAL); CGError err; CGDisplayStreamRef sref = CGDisplayStreamCreateWithDispatchQueue( 1, output_width, output_height, 'BGRA', NULL, dq, ^( CGDisplayStreamFrameStatus status, uint64_t time, IOSurfaceRef frame, CGDisplayStreamUpdateRef ref ) { printf("Got frame: %llu, FrameStatus:%d \n", time, status); } ); err = CGDisplayStreamStart(sref); if (kCGErrorSuccess != err) { printf("Error: failed to start streaming the display. %d\n", err); exit(EXIT_FAILURE); } while (true) { usleep(1e5); } CGDisplayStreamStop(sref); printf("\n\n"); return 0; } Now I want to execute this from terminal, so I went to the build folder and typed the app name. cd /Users/klee/Library/Developer/Xcode/DerivedData/ScreenStreamTest-ezddqbkzhndhakadslymnvpowtig/Build/Products/Debug ./ScreenStreamTest But I am getting following output without any prompt for permission. # Start # # Not permitted. # CGRequestScreenCaptureAccess() returning false Error: failed to start streaming the display. 1001 Is there a something I need to consider for this type of command line app?
1
0
139
2w
How to reset (remove) apps from "Local Network" privacy settings?
macOS 15 has added a new "Local Network" permission under Security & Privacy. I had a bug in my app that led to a crash when the user denied this permission. Now I've fixed it and would like to verify that it all works fine. The problem is: I need to remove my app from the settings so that macOS will show the prompt again (e.g. to verify that my custom message appears correctly). Usually, sudo tccutil reset All would do the trick. But not for this permission! The apps do not get cleared with this command. So, there's two issues: tccutil should remove it but doesn't. How can I remove this settings? Update I had a look at the "TCC.db" (see https://www.rainforestqa.com/blog/macos-tcc-db-deep-dive), and it seems to me that the Local Network permission isn't even managed by the TCC system, as it doesn't appear in it. This is odd.
16
0
795
2w
Email sent to hidden email address ends in spam
Hi I am currently developping the "Sign in with apple" feature. We set up everything according to the documentation : https://developer.apple.com/help/account/configure-app-capabilities/configure-private-email-relay-service When trying to send an email from one of the registered communication emails (that is SPF and DKIM Authentication compliant) the emails are still ending up in the spam box. If it can help the received email address (that is hidden) is a gmail. I can not catch what is missing/wrong on our side.
0
0
136
3w