Hello Apps and their extensions are able to communicate with each other by reading/writing data stored in a shared group location. However this isn't the case with the the Live Caller ID Extension - if data is written to group defaults for example (as opposed to standard defaults) by the app, then that data isn't readable by the Caller ID extension. This has the consequence that its not possible for a user to dynamically switch which data set the extension connects to. Consider the use case where the Live Caller ID Server has one data set where callers are not blocked, and another where they are blocked, then the caller id extension can route different requests to different datasets based on the "user tier". However as the extension can't read data from the shared group then the app can't communicate user preferences to the extension, therefore the switching isn't possible. Is this by design or due to the immaturity of the feature? If its by design, then it means the use case outlined above isn't possible, and thus greatly reduces the possible functionality of the Live Caller Id feature. (It would be possible for the app to install multiple extensions, each of which connects to a different data set by specifying a different user tier, but the user having to flip these one and off within the Settings app is a dreadful user experience).

A little bit of background: If you make an app with no compiled Arm64 binaries in the Content/MacOS folder, MacOS erroneously identifies it as an Intel based app. After launching the app, MacOS will prompt the user to install rosetta, despite the app running fine natively. I found a simple solution to this issue, either include a do-nothing compiled binary to Contents/MacOS, or add <key>LSArchitecturePriority</key> <array> <string>arm64</string> </array> to the plist. The problem is this change only fixes the issue if you also change the BundleID. If you run the app even once with the bad configuration, MacOS seems to cache the intel flag somewhere based on the BundleID. It does not seem to be cached in the usual places. How to reproduce: (On apple silicon) You probably already have rosetta, and it is a pain to remove, so a VM is likely needed. Make an empty app with Script Editor, export with file format: Application. Replace Example.app/Content/MacOS/applet with a script of the same name. Make sure the old applet is gone, don't rename it and leave it in the directory. I used: #!/usr/bin/osascript display dialog "Hello, world" Make it executable sudo chmod +x ./Example.app/Content/MacOS/applet Run the app and observe that it asks you to install rosetta Add the previously mentioned fix to you plist, including the BundleID change Run it again and observe that it now works Change your BundleID back. Running this now raises the rosetta prompt despite the fact that it runs fine on a clean install of MacOS. Things I have tried: Rebooting, no effect Reforming the app, no effect Reboot in recovery mode, no effect lsregister -delete, no effect ~/Library/Preferences, ~/Library/Caches, /Library/Preferences, and /Library/Caches, none contain an entry for the BundleId defaults delete, domain not found

As a system & security administrator I started to install a lot of Unixes, 20 years ago with a dual volume for security purpose, inside critical infrastructures: volume mount options ------------------------------------------------ / ro /var rw, nosuid, nodev Everything which could be end user or admin modifiable and to be referenced from / was defined through simple symbolic links: /tmp --> /var/tmp /home --> /var/home /local --> /var/local /opt --> /var/opt /private --> /var/private And through many tests, and real attacks pressure of every day, with such a configuration, even as root, it was impossible to damage the system. Many attacks struck us ( ~ 20 / day )… none succeeded ( at least as I was aware of, and as I wasn't fired ). Why did Apple chose a rather more complex way similar architectures with the 2 volumes: volume mount options ------------------------------------------------ / ro /System/Volumes/Data rw, nosuid, nodev with a new concept of firmlinks which is not compatible with any other Unix FS, which brought Apple to put fundamental components of their new APFS outside of the FS internals ( in plain old files ) and which is rather very tricky to understand and to manage for system and security administrator? To give just one example of an highly deceiving point: it isn't now possible to make a quick carbon copy of a volume with tools as simple as cp or rsync because of new extended attributes. Real life teach us everyday that complexity is one of the biggest enemy of performance and security. What are the advantages of this sibling volumes architecture? ( I am not talking here of the real internal advantages of APFS versus HFS and traditionnal Unix UFS or ZFS, which I much easily grasped and verified in real life. ).

After the XPC Updates from last year I am trying to understand what is possible with XPC on iOS. The documentation for XPCSession states it is available, but none of its initializers is. So how is one supposed to use it?

A have the application with iOS and Mac Catalyst versions and I need to make a cloud client for the app's documents. FileProvider would be the great choice for this feature, but I can't believe it doesn't support Mac Catalyst. At this moment I'm almost certain that NSFileProviderReplicatedExtension does not support Mac catalyst officially. And if it so, It would be great to hear the exact status and future plans if any. Unofficially, I managed to run it. I switched the extension's target Supported Destination from Mac Catalyst to Mac and it started to compile. This move seems legit to me. But domain also had to be created, and this part was a way trickier. I've added new bundle to host app(iOS and catalyst), but with supported platform - macOS in build settings. There I created an NSObject subclass DomainManager which calls NSFileProviderManager's addDomain method in its createDomainIfNeeded(), which is also exposed in public extension to NSObject - a kind of "informal protocol" The catalyst app creates bundle by name and loads principal class (DomainManager), but as NSObject reference, and then calls createDomainIfNeeded() method on it. The location defined by domain appears in Finder sidebar, and the dataless item "a file" appears in this location, as defined by stub implementation in the extension enumerator method. This means file system instantiated the extension instance under Mac catalyst and called the protocol method on it. I.e. it seem to work. But the question is whether this solution is stable and legit for the App Store distribution. Or is it pandora box with unforeseeable consequences for user data? Thanks in advance.

I referred this(https://developer.apple.com/forums/thread/721737?answerId=739716022#739716022) example, this works for agent, but I am not able to Launch a daemon As documentation says "If your app uses launch daemons, it needs to register those first. Launch daemons require authentication by the user", how do I get user authorizes the LaunchDaemon. In Smjobbless we used AuthorizationRef, but how do i use it with SMAppservice?

I referred this(https://developer.apple.com/forums/thread/721737?answerId=739716022#739716022) example, this works for agent, but I am not able to Launch a daemon As documentation says "If your app uses launch daemons, it needs to register those first. Launch daemons require authentication by the user", how do I get user authorizes the LaunchDaemon. In Smjobbless we used AuthorizationRef, but how do i use it with SMAppservice?

Hello, I have many problems to manage the new structure of the volumes introduced with High Sierra and Big Sur around the use and configuration of the APFS. Where could I find a technical documentation about this APFS organisation? By technical documentation I don't mean a theoretical nice PowerPoint for the boss. I mean a real technical documentation which will permit me for example: • to understand how is built and organized the complete set of different APFS volumes to install a new macOS, • to build an installer on an USB key which will be usabel for a highly secured environment where an Internet connection is not allowed and not possible, • to build a script to check that an actual APFS set of volumes doesn't present any major discrepency, a kind of meta-fsck, not the Disk Utility way, but the engineer way, essentially running through command line, and fully compatible with the traditionnal system, network and security administration. Sorry, I am a very special case of developper. I only develop tools from shell scripts to make system, network and security administration. And to build more scripts withm them. My answer to Select a Subtopic could have been: system administration, technical documentation

I got a crash like this: Exception Type: EXC_BAD_ACCESS Exception Codes: KERN_INVALID_ADDRESS at 0x41af37daf2000000 Triggered by Thread: 0 Thread 0 Crashed: 0 libobjc.A.dylib 0x0000000194cc0144 objc_release_x0 + 8 1 AppKit 0x00000001984b77a8 -[NSEvent dealloc] + 84 2 AppKit 0x000000019835ee5c -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1552 my code like this while (1) { @autoreleasepool { NSEvent* event = [NSApp nextEventMatchingMask:NSEventMaskAny untilDate:NSDate.distantFuture inMode:NSDefaultRunLoopMode dequeue:YES]; if (event) { [NSApp sendEvent:event]; } } } can anyone tell me how to debug this:

Is there any reasonable way to track file edits and closures in Swift on a Mac? What I need: (Completed) Open a file from the server (With default application - for example: MS Word for docx) Track changes to the file, mainly OnChange, OnClose, and based on those, send commands and the file back to the server What i tried: I read forums.swift article and coresponding with this article also developer.apple.com and stackoverflow.com post. Everybody talks about the fact that it basically can't be done. At least not properly. I tried to get some scripts from the AI, but that was also completely useless. I currently want to try catching OnChange by displaying the resized file, and OnClose by using a file that creates a word and deletes it when closed. It's not an ideal solution, it's not even tested yet, but if we're primarily concerned with Word, Excel and PowerPoint, I don't currently have a better solution.

I'm working on a screen sharing app and need to capture Pre-login screen and also foward remote input to login window/screen so remote user can login. Researching online, it looks like I need to use Pre-Login Agent to do that. However, I found these two threads: https://forums.developer.apple.com/forums/thread/45536 https://developer.apple.com/forums/thread/726470 Apparently, there is an unpublished workaround related to (r. 5636091). Can anyone provide details about that?

Hello I have a few questions regarding the Live Caller ID lookup feature First question: The documentation for Live Caller ID Lookup says that "the system does not use private relay when the application is installed directly from XCode.This allows the application & the service deployment to be tested before filling out the onboarding form and setting up private relay." What is the situation regarding development distribution signed .ipas? Would they be able to bypass the private relay too? Second question: Is there anyway an application could dynamically switch which blocking dataset gets used? The use case for this is providing the option to the user whether a set of numbers gets blocked or not. If the OS makes a blocking lookup and an identity lookup, then if these always map to the same blocking dataset then it means the blocking behaviour is the same for every user there is. That means whatever decisions the server makes as to what numbers to block applies to every user. Whether to block a number of not is a fuzzy decision, it would be good if users had the ability to decide for themselves if fuzzy numbers should be blocked or not rather than have that imposed upon them. Third question: It looks from the way things are set up that 2) is not actually possible. If that is the case then will it be permitted for two endpoints to be registered with Apple? (then the app could implement more than one Live Caller ID extension which provide different blocking behaviour)? Thank you very much.

Hi all, It's nice that macOS 15 allows users to control System Extensions in "Login Items & Extensions", but I am encountering some issues in determining if a user has disabled or removed a System Extension. I will share my findings (as of macOS 15.1 24B5009l) for two scenarios and would appreciate any suggestions for better approaches. Scenario 1: During first-time activation, there is no clear API to determine if the user uninstalls the extension before activation. The code creates activationRequestForExtension:queue: and receives notifications via a delegate implementing OSSystemExtensionRequestDelegate. However, if the user does not authorize the activation of the System Extension and uninstalls it, the code receives request:didFailWithError: with error code OSSystemExtensionErrorRequestSuperseded. This error code is ambiguous, so I plan to submit a propertiesRequestForExtension:queue: and check the properties for each instance to determine if the user uninstalled the extension. Scenario 2: After activation, it is unclear when the user enables or disables the extension. It is somewhat easier in the enabled -> disabled scenario. The XPC connection will be invalidated, allowing me to submit another propertiesRequestForExtension:queue: in the XPC invalidation handler and check the result. However, I am having trouble with the disabled -> enabled scenario. There is no event or trigger indicating that the user has enabled the extension, so I have to submit propertiesRequestForExtension:queue: repeatedly at short intervals, which is not ideal. I wonder if there are better approaches. Any suggestions would be greatly appreciated. Thanks & regards, Shay

I am using Flutter for developing an Android and iOS application which communicates with a BLE device. I am using the FlutterBluePlus package ( https://pub.dev/packages/flutter_blue_plus ) to handle the BLE communication. While this package works perfectly on an Android phone I am experiencing some slowdowns in BLE communication with the iOS application. Can someone here help to solve this issue?

I have an app with CBPeripheralManager that advertising input service (00001812-0000-1000-8000-00805f9b34fb). Works great, but my Apple Watch (which is paired with my iPhone) on which the app runs, connects to my service. Is there a way to control what devices are allowed to connect?

While playing with this app I found something odd: let dylib1 = dlopen("/System/Library/Frameworks/CreateMLComponents.framework/CreateMLComponents", O_RDONLY)! let s1 = dlsym(dylib1, "CreateMLComponentsVersionString")! var info1 = Dl_info() let success1 = dladdr(s1, &info1) precondition(success1 != 0) print(String(cString: info1.dli_sname!)) // CreateMLComponentsVersionString let path1 = String(cString: info1.dli_fname!) print(path1) // /System/Library/Frameworks/CreateMLComponents.framework/Versions/A/CreateMLComponents let exists1 = FileManager.default.fileExists(atPath: path1) print(exists1) // true let dylib2 = dlopen("/System/Library/Frameworks/Foundation.framework/Foundation", O_RDONLY)! let s2 = dlsym(dylib2, "NSAllocateMemoryPages")! // var info2 = Dl_info() let success2 = dladdr(s2, &info2) precondition(success2 != 0) print(String(cString: info2.dli_sname!)) // NSAllocateMemoryPages let path2 = String(cString: info2.dli_fname!) print(path2) // /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation let exists2 = FileManager.default.fileExists(atPath: path2) print(exists2) // false The app runs fine and prints true for exists1 and false for exists2. That means that while both dlsym calls succeed and both dladdr calls return paths (within CreateMLComponents.framework and Foundation.framework correspondingly) the first file exists while the second file doesn't exist. This raises quite a few questions: Why some of the dylib files (in fact – most dylibs inside /System/Library/Frameworks hirerarchy) don't exist at the expected locations? Why do we have symbolic link files (like Foundation.framework/Foundation) that point to those non-existent locations? What is the purpose of those symbols links? Where are those missing dylib files in fact? They must be somewhere, no?! I guess to figure out the answer I could search the whole disk raw bytes for a particular byte pattern to know the answer but hope there's an easier way to know the truth! Why do we have some exceptional cases like "CreateMLComponents.framework" and a couple of others that don't follow the rules established by the rest? Thanks!

Using NSFileManager's getFileProviderServicesForItemAtURL method, I can list services made available by a file provider for a given item from an app unrelated to the file provider, obtain a handle to the proxy object and cast that object to the target protocol. However, attempts to invoke the protocol yield: "The connection to service named com.apple.mobile.usermanagerd.xpc was invalidated: failed at lookup with error 159 - Sandbox restriction." The documentation for the supportedServiceSourcesForItemIdentifier method implemented by the extension suggests only the app containing the extension can exercise the service but the documentation for getFileProviderServicesForItemAtURL does not. Should I be able to access a service from a file provider extension from an unrelated app? If so, how can the sandbox restriction be addressed?

We have an iPad app which can write to user-specified locations on USB-connected storage devices. On unmanaged devices, this works just fine. However, when the device is under MDM, although the Files app can see the external USB storage device, it does not show up in the file browser in our own app. There's a restriction called "allowFilesUSBDriveAccess" which is set to true (the default), but there's no restriction called "allowOtherAppsUSBDriveAccess". Are MDM-managed iPads simply not allowed to access USB drives (except through the Files app)?

Hi Everyone, I've created a Virtual Machine with configuration of 4 GB RAM and 7 vCPU using native framework on Sonoma hardware. But on Sonoma Hardware I'm getting 2500MB/sec write iOPS and, on virtual machine it's around 700MB/sec. And, this is affecting the performance. is there anyway that I can increase the write iOPS on virtual machine?

Recently Apple's remotepairingd crashed and the report had the following "Path": /Library/Apple/*/RemotePairing.framework/Versions/A/XPCServices/remotepairingd.xpc/Contents/MacOS/remotepairingd Why *? The actual path on disk is /Library/Apple/System/Library/PrivateFrameworks/RemotePairing.framework/Versions/A/XPCServices/remotepairingd.xpc/Contents/MacOS/remotepairingd.