Hello, I'm currently working on a project that requires real-world object recognition and labeling. I understand that due to the security and privacy issues, we are unable to access the vision pro camera feed. Is there any other external way to solve this problem? Thank you!

PLATFORM AND VERSION iOS Development environment: Xcode Version 16.0 (16A242d), macOS 15.0 (24A335) Run-time configuration: macOS 15.0 (24A335) DESCRIPTION OF PROBLEM macOS Sequoia has new Privacy & Security requirements for local area network access. This causes a call to POSIX socket function 'sendto' to fail immediately with EHOSTUNREACH on the first execution of any app that calls it. That failure occurs even if the socket is set to block for well over the time that it would typically take for the user to click "Allow" when presented with a system dialogue box that requests new permissions for the app. A test XCode project has been provided that is capable of reproducing the issue (see macOSsocketfail.zip at https://drive.google.com/file/d/14VxkT03ddm48RCXikLHf-aWgdqxwnpAB/view?usp=sharing). It will generate a log file that contains time-stamped messages. They report each step in the creation of a blocking UDP socket – and which system call has failed as a result of which error. The message time stamps demonstrate that macOS has terminated the sendto function call after tens of microseconds, well before the 5 minute timeout on the socket, and that it terminates with errno EHOSTUNREACH. That error is misleading, because the destination is pingable on my setup at the time of execution. The second execution of the app functions without error if "Allow" has been selected during the first run. This specific macOS behaviour does not appear to be documented anywhere that I have yet encountered; e.g. the sendto man page, the Privacy & Security LAN FAQ, etc. It is, however, highly disruptive to the use of our product, which hinges on LAN access. We have a situation in which a relatively large collection of apps are using the same shared library to manage network access. All of them must now receive manual permission from an administrator to work; but all of them will fail on their first execution. The problem is amplified because our customers use our framework to build their own apps, and not every user is an administrator. In contrast, apps that use our framework would simply work without issue on their first execution when run on macOS versions that precede Sequoia. We must support our software across multiple platforms, hence the reason that we are using POSIX function calls to implement networking. Unfortunately, the use of an Apple-specific networking API is not a viable solution for us. How should we mitigate this problem? Is there some way to configure an Xcode project so that the build product will already have Sequoia LAN permissions? I have read about the com.apple.developer.networking.multicast entitlement, but it is unclear whether it will help us, from the material that is available. STEPS TO REPRODUCE POSIX function call sequence For the following, addr has type struct sockaddr_in, and it is set appropriately for binding or broadcasting using standard library macros and functions. &addr is cast to a const struct sockaddr pointer and assigned to saddr. sock = socket( PF_INET, SOCK_DGRAM , 0 ) ; bind( sock, saddr, sizeof( addr ) ) ; r = 1 ; setsockopt( sock, SOL_SOCKET, SO_BROADCAST, &r, sizeof( r ) ); struct timeval timeout = { 300 , 0 }; setsockopt( sock , SOL_SOCKET , SO_RCVTIMEO , &timeout , sizeof( timeout ) ); sendto( sock, msg, strlen( msg ) + 1, 0, saddr , sizeof( addr ) ) ; Test program, presuming that a device with IP 100.1.1.1 exists on the LAN that the mac is also connected to. Open Xcode project macOSsocketfail. Build project. Execute first run of macOSsocketfail.app. Click "Allow" when asked for LAN permissions. Search for macOSsocketfail_log.txt, and make a copy with a distinct name e.g. macOSsocketfail_log_firstrun.txt. Execute second run of macOSsocketfail.app. Search for macOSsocketfail_log.txt, and make a copy with a distinct name e.g. macOSsocketfail_log_secondrun.txt. Examine log files. The first run log file will contain the following messages (time stamping will naturally differ): 1727710614.064009: Running udptest 1727710614.064015: Creating socket 1727710614.064030: Bind socket to port: 4000 1727710614.064061: Enable socket broadcast 1727710614.064064: Set socket timeout to 300.000000sec 1727710614.064067: Attempt to send blocking UDP connection packet to 100.1.1.1:589 1727710614.064124: sendto: No route to host Error during call to sendto: errno is EHOSTUNREACH: No route to host The second run log file will record a different outcome: 1727713660.733431: Running udptest 1727713660.733436: Creating socket 1727713660.733451: Bind socket to port: 4000 1727713660.733476: Enable socket broadcast 1727713660.733479: Set socket timeout to 300.000000sec 1727713660.733482: Attempt to send blocking UDP connection packet to 100.1.1.1:589 1727713660.733540: Ran to completion with no error detected Note that each line of the log files begins with a timestamp. The unit is seconds, and the resolution is to the nearest microsecond. Time values are obtained using gettimeofday(). RELEVANT LINKS https://developer.apple.com/forums/thread/663858 https://forums.developer.apple.com/forums/thread/757824 https://developer.apple.com/forums/thread/760964 https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_networking_multicast/ https://developer.apple.com/forums/thread/657887 https://developer.apple.com/forums/thread/655920

So I’m (extremely) new to developing for iOS, and I’m looking to implement the “Sign in With Apple“ feature for an application that interacts with a server I’ve built. Following the guide I’m able to get a user’s email and name. When I send that information to my server to create a user account, do I need to do anything else (like validating that the email is actually associated with an Apple account or that the user actually owns it, etc)? I looked at the Sign in With Apple from the web article and it doesn’t seem like it’s relevant to my use case. Is it standard practice to just trust the client in the iOS world?

The peripheral is initiating a passkey entry mechanism, IOS device is getting a pop up to enter the passkey but the WatchOS device is not displaying any pop-up. Is there anything to be enabled from the watch side?

I have a macOS app in production, supporting all macOS versions since 10.15 (Catalina) thru Sequoia. One aspect of the app's functionality is to screen capture the entire screen, including all windows. Starting with Sequoia, my users are receiving a scary system alert saying: "SomeApp" is requesting to bypass the system private window picker and directly access your screen and audio. This will allow SomeApp to record your screen and system audio, including personal or sensitive information that may be visible or audible. I have several questions and concerns about this alert. First of all, as a developer, this is frustrating, as I am using documented, long-standing system APIs, and made no change to my code to cause this warning. Second, nothing in my app records audio in any fashion, and yet the user is made to think I am trying to furtively bypass security controls to record audio, which is absolutely false. The alert seems to be due to the screen capture feature, which is one of the main features of the app, which the user explicitly requests and grants permission for. But to get to the point of the question: is there any definitive documentation anywhere describing exactly which API's trigger this alert? I can't find first-party information from Apple, so I'm kind of guessing in the dark. Searching the internet for all the info I can find (mostly from blog posts of developers and beta-testers), it seemed like the culprit in my code was probably a call to CGWindowListCreateImage, so I spent some time forking the code paths in my app (since I still support back to 10.15) to use the more modern ScreenCaptureKit APIs on systems that support it. But the alert is still appearing, despite not calling into that API at all. Is there a way of calling the modern ScreenCaptureKit APIs that also triggers this alert? As an example, I'm using a snippet like this to get the shareable displays I need do { try await SCShareableContent.excludingDesktopWindows( false, onScreenWindowsOnly: false ) return true } catch { return false } is it possible that this code is triggering the alert because I'm not excluding desktop windows and asking for all windows? to sum up, I (and I'm guessing others) could really use some definitive guidelines on exactly which APIs trigger this alert, so that we can migrate and avoid them if possible. can anyone provide any guidance on this? Thanks in advance!

We have been using the LAContext's evaluation policy for the past couple of years without any major issues. However, since last week (September 26), we have seen a spike in error events, indicating: json Copy code { "NSDebugDescription": "Caller is not running foreground.", "NSLocalizedDescription": "User interaction required." } We haven't made any code changes in the last couple of months. Is there any update regarding local authentication from Apple's side?

I've developed a Endpoint Security system extension, which will be installed in a container APP. I use XPC to send message from container APP to the ES client, it works fine. I have developed an Endpoint Security system extension that will be installed in a container app. I utilize XPC to send messages from the container app to the ES client, and it functions properly. However, when I attempt to send messages from the ES client to the container app, it always displays an error: 'Couldn’t communicate with a helper application.'. I have removed the sandbox capability of the container app and also employed the same app group for both the ES client and the container app. When an XPC client is connected, I use the following code in the ES client to establish two-way communication. - (BOOL)listener:(NSXPCListener *)listener shouldAcceptNewConnection:(NSXPCConnection *)newConnection { newConnection.exportedInterface = [NSXPCInterface interfaceWithProtocol:@protocol(NXFileGuardXPCProtocol)]; NXFileGuardXPCService *xpcService = [NXFileGuardXPCService sharedInstance]; newConnection.exportedObject = xpcService; // To APP container client (As remote interface) newConnection.remoteObjectInterface = [NSXPCInterface interfaceWithProtocol:@protocol(NXFileGuardXPCClientProtocol)]; [newConnection activate]; self.containerAPPConnection = newConnection; return YES; } But it always fails. How can I deal with this error?

Is it possible for two Apple devices to have serial numbers that are consecutive or differ by only one character?

I see that all of my passwords moved from both login and iCloud keychains to Passwords app. The API that worked SecItemCopyMatching now returns -25300 aka not found. What's the API to access passwords in Sequoia ?

Hi all, I am in the process of preparing for an app transfer, and have sign-in with apple enabled. I have read the documentation thoroughly and multiple times, yet there are a few things I'd like to have a confirmation about, before taking the leap and risking that some users might experience any issues. If I understand correctly, after the migration if a user performs a sign-in with Apple, they will send an access_token that differs from the one they were sending when the app was assigned to the old team. In case I didn't take any action that means that my system would think this was a new user given the access_token has never been seen before, and therefore it will create a new user. Is that correct? Ok, so if that assumption is correct, I'd like to have a confirmation also of the way I intend to fix this, since we're doing an internal transfer and the database is going to be the same. I would get a TransferID for all users in my database that have used sign-in with Apple (I have already done that for one of my test users, successfully). After that, I will start the transfer, and accept it from the other team. Once that is done, I will call the migrationinfo endpoint from the other team, getting all the new access_tokens related to the transfer ids. With that information, I will update my databse, adding a relation from the new access token from team B that points to the same user as the access token that was given by team A, and I know which one it is because of the TransferID. Does that make sense? Would it work? I'm not a fan of messing with the login logic (having a look at transfer_ids, looking for matches, and so on), especially because there doesn't seem to be a way to test this. I believe the only risk is that a user might login after the app has been transferred but before I can upload the new access token to the database, but we can handle these (few, hopefully even zero cases) via ticketing. These are the resources I have read so far: https://developer.apple.com/documentation/technotes/tn3159-migrating-sign-in-with-apple-users-for-an-app-transfer#Preparing-to-migrate-users-for-an-app-transfer https://developer.apple.com/documentation/sign_in_with_apple/transferring_your_apps_and_users_to_another_team#3546291 https://developer.apple.com/documentation/sign_in_with_apple/bringing_new_apps_and_users_into_your_team My last question is: how can I test this before going live? Do I really have to just implement changes/update the DB and then go live, hoping that it will all work? Can't I do some sandbox transfer or anything like that? Even just creating like a "clone" of my app and transferring this one would be a huge boost for the confidence of this big leap. Thanks in advance.

When tapping on "password" in the accessory view above the keyboard, no password manger is opened. The keyboard just closes and re-opens. I have made sure a password exists and is available to be used. I have replicated this within my own app, but also from within the Settings app on the simulator (see attached gif) so I am confident it is not a coding issue on my side. I have replicated it on both iOS 17 and iOS 18 I am using Xcode Version 16.0 (16A242d) I am running macOS Sonoma Version 14.7 (23H124) I am fairly confident I have not experienced this when working on another clients app. I was using Xcode 15 for that so not sure if this is something introduced with Xcode 16.

when I performAutoFillAssistedRequests ,my keyboard cannot show passkeys that could choose,and nothing callback.i don't know the error reason.but I could request successfully by authController.performRequests.

Hi , I did The MFA(2FA) of Email OTP For MacOS Login Screen using, Authorization Plugin, Using This git hub project. It is working For Login Screen , Im trying to Add The Same plugin for LockScreen but it is not working at lock Screen , Below is the reffrense theard For The issue , https://developer.apple.com/forums/thread/127614, please Share The Code that should Present the NSwindow at Screen Saver (Lock Screen) MacOS .

Hello, I'll describe an issue I just reported as FB15286954, hoping to see your thoughts on it / what might've gone wrong. Earlier today, I created an account for a website on my iPhone running the release version of iOS 18.0 using Safari, then added 2FA via the Passwords app. I logged in, checked that it works, then closed Safari and did something else (not much on my phone). In the meantime the phone shut down due to low battery. When I charge it again, and open the Passwords app, I come to find out that the verification codes for this website are gone… What could've gone wrong? I was prompted by the website to save a code to check that 2FA was properly configured, so I think I saved it properly in the app (by the way, the password was still there, properly saved). I assume there was a syncing error between iCloud and my iPhone due to low battery? Is there any way to recover the verification codes? I'll try to reclaim the account through the website's support channels, but I'm wondering if I could still retrieve it somehow.

Installed Charles Certificate in my iPad having iOS 18 Previously after installing certificate in old iOS version user was getting trust option automatically in Certificate Trust Setting Now There is no option to trust any certificate

I'm currently exploring Apple's Auth-Plugin extension and have modified the authdb to log in to a Mac device without using the default login password. Specifically,I am replacing builtin:authenticate,privileged with a custom privileged mechanism that authenticates the user and grants desktop access based on our custom logic. However, this approach does not unlock the user's Keychain. Since I'm bypassing the login password, the Keychain remains locked. I'm considering whether a certificate-based persistent token could be used to unlock the Keychain. Is this approach recommended, or is there a more suitable solution, such as using CryptoTokenKit or another available API?

I would like to ask how to resolve the issue in iOS 18 where installed root certificates or self-created certificates do not appear in the Certificate Trust Settings (Enable Full Trust for Root Certificates) list. I tried downloading a certificate from Apple’s official site (https://www.apple.com/certificateauthority/), but it also did not show up in the list for me to enable. Has anyone else encountered a similar problem? Thank you!

Hello, I am using the prf extension for passkeys that is available since ios 18 and macos15. I am using a fixed, hardcoded prf input when creating or geting the credentials. After creating a passkey, i try to get the credentials and retrieve the prf output, which works great, but i am getting different prf outputs for the same credential and same prf input used in the following scenarios: Logging in directly (platform authenticator) on my macbook/iphone/ipad i get "prf output X" consistently for the 3 devices When i use my iphone/ipad to scan the qr code on my macbook (cross-platform authenticator) i get "prf output Y" consistently with both my ipad and iphone. Is this intended? Is there a way to get deterministic prf output for both platform and cross-platform auth attachements while using the same credential and prf input?

We are using performRequestsWithOptions to enable passkey on ios app. [authController performRequestsWithOptions:ASAuthorizationControllerRequestOptionPreferImmediatelyAvailableCredentials]; Based on apple doc, this will "Tells the authorization controller to prefer credentials that are immediately available on the local device.", and fail silently if there are no credentials available. However, in recent testing, we identified that on one device, we are seeing QR code popping up even though there's no credential on the device. Question is this a bug on the OS system? If this is a bug, what are the causes that will trigger this condition? Is there a recommendation to mitigate the issue? Should we move to the new api? Thank you.

Hi team, I'm trying to test facid enroll the faceid via simulator [i have injected the command in driver.executeScript option and i have notice in logs enrollment has changed. coreauthd: (DaemonUtils) [com.apple.LocalAuthentication:Server,Biometry] BK notification received: com.apple.BiometricKit.enrollmentChanged in further logs noticed Biometricsupport.framework is missing in xcode file locations logs for your reference " lstat of /Library/Developer/CoreSimulator/Volumes/iOS_21F79/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 17.5.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/BiometricSupport.framework/Info.plist failed: No such file or directory)" any thoughts on missing library? I have tried Faceid and Authorize apple pay in UI also i dont see any action triggered. later i have identified not sure is that because of the Biometric framework missing in the xcode folder.