Using the DeviceActivity framework we are able to display data based on a user's screentime and device usage. With the DeviceActivityFilter property, you can specify the date interval to collect data between.
In testing, it seems that data only becomes accessible once the extension has been installed (so the extension isn't reading the screentime data already collected on device). However, once installed, I'm curious how far back you can query data from in the data interval?
Opal which uses the Screentime API appears to have a lifetime Screentime metric, so hypothetically it should possible to query data as far back as collection starts. Unless they are getting around the sandbox environment and storing the data somehow.
Side note on Opal -- They seem to have a community average of Screentime among people in the same age group. Does anyone know how they are collecting the data for this average? Is it actually using live Screentime data or just aggregating data from other studies?
Prioritize user privacy and data security in your app. Discuss best practices for data handling, user consent, and security measures to protect user information.
Post
Replies
Boosts
Views
Activity
The video mentioned the following documentations but I can't find them anywhere ( developer.apple.com and Google):
App privacy details on the App Store
Required reason APIs
Privacy-impacting SDKs
Does anyone know where they are, or when they will be available? Thanks!
Hi, team. I tried including Privacy Manifest in my sample app and generating a privacy report.
But "The archive does not contain any PrivacyInfo.xcprivacy files." error occurred when I tapped "Generate Privacy Report" button on Xcode Organizer.
Is there something wrong? Could you tell me how to fix it?
Here are screenshots of my Xcode and Xcode Organizer.
Thank you.
Hi,
I am testing out an update for my app in macOS Sonoma. I first installed the App Store version of my app on the device running macOS Sonoma, and it ran fine. I then installed an updated version of my app through TestFlight (built with macOS Ventura SDK), but when I run this updated version, I get prompted ”MyApp differs from previously opened versions. Are you sure you want to open it?".
Why is this happening? Is this warning only because the app is updated through TestFlight, or do I need to do something to prevent this warning from happening when I update my app through the App Store?
I see this mentioned in an Apple security update::
App Sandbox now associates your macOS app with its sandbox container using its code signature. The operating system asks the person using your app to grant permission if it tries to access a sandbox container associated with a different app. For more information, see Accessing files from the macOS App Sandbox.
My app is already sandboxed, and I'm not trying to access a different app's sandbox container, just my own. For the TestFlight build, it probably also uses the same Release configuration that the App Store build uses. I might have changed my provisioning profiles recently because they expired. Would that affect this and cause a prompt to be showed?
Would love to know more about this prompt and how to avoid it.
Thanks.
As of Xcode 15, Apple supports adding Privacy Manifests to SDKs. We develop an SDK that consists of several components (frameworks) for which we would like to add a Privacy Manifest. That works fine for our local builds, but we distribute our SDK via CocoaPods, which generates a single framework with the sources of all our components. This single framework currently does not have a Privacy Manifest.
How would we be able to provide Privacy Manifests when using CocoaPods for distribution?
I've just been looking at this list of APIs for which we will be soon be required to declare a "required reason" in the app's privacy manifest:
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api
One of the listed functions is stat().
The rationale seems to be that a malicious app can use stat to get the timestamps of files outside the app container, thereby "fingerprinting" the device.
The allowed reasons that we can declare are :
To get timestamps that are displayed to the user.
To get timestamps of files that are within the app's container.
To get timestamps of files that the user has granted access to.
I am concerned that this does not include many of the legitimate non-timestamp uses of stat(). For example, it can be used simply to test if a file exists, or to test whether a path refers to a file or a directory, or to check if two paths refer to the same file (e.g. via different symlinks), or to get the size of a file.
Some of these things can be achieved in other ways; for example, I can check if a file exists by trying to open() it and checking for an error, and I can get the file size by opening it and calling lseek(SEEK_END). Maybe I can check if two paths are equivalent by using readlink() to form canonical paths for both and comparing them. But I bet there are other things that can't be done.
I could probably fix all of my code to not call stat() for non-timestamp reasons in a few hours. It would be more difficult to fix the various open-source libraries that I use.
What do you think we should all be doing?:
"File a bug" asking for an additional reason for using stat(), i.e. to get non-timestamp information about files in the app's container.
Deliberately mis-read allowed reason C617.1, "to access the timestamps of files inside the app container", as " to access the timestamps and other metadata of files inside the app container", and declare that in the privacy manifest.
Change code to not call stat().
Any other suggestions?
P.S. I guess that libc++ std::filesystem calls stat(). What is the status of using that? The std::filesystem functions that access file timestamps are not listed on the page linked above. If I call std::exists() to check if a file exists, and assuming that is implemented using stat(), will that trigger the new filter?
I've set up a privacy manifest file in my SDK, which I'm developing in Xcode 15 beta 4, and built an xcframework. I verified that PrivacyInfo.xcprivacy exists in the xcframework.
In state verifying the existence of PrivacyInfo.xcprivacy in xcframework, I incorporated the built xcframework into a test app for operation check, created an archive, and outputted a report from "Generate Privacy Report".
Despite having a privacy manifest file set up in the test app, when I checked the report, I was able to confirm the contents of the test app's privacy manifest file but not the contents of the privacy manifest file I configured in the SDK.
I understand that the SDK's privacy manifest file is merged with and outputted from the privacy manifest file of a project that incorporates the SDK. Am I mistaken?
Hey! Reading through the documentation about Privacy Manifest I got a bit confused about the requirement about having Privacy Manifest files for both the 'main' app and for SDKs from inside the 'main' app (that uses the SDKs).
Let's say I have the following scenario: MyApp includes SDKs via CocoaPods and SPM. The SDKs that I include in MyApp are using 'Required Reason APIs' and let's say that they do collect some data about the user or the device.
Let's also assume that 'MyApp' also uses the same 'Required Reason APIs' (or more of them) as in the SDKs and also that MyApp collects data about the user/device.
For this case: do I need to have a Privacy Manifest for both MyApp and each of the SDKs or is it enough to have just a 'main' Privacy Manifest file declared directly in MyApp's files?
At present, we have been receiving numerous reports from customers who integrate our SDK who have been encountering the failures (errSecItemNotFound) while trying to retrieve a key using SecItemCopyMatching. We are raising this query we are still in the midst of properly reproducing this issue though it has been reported to occur in several devices during the OS upgrade to the iOS 17 betas. This issue is still occurring in the latest iOS 17 beta 7. This issue was not present in previous iOS version. At present, we are of the conclusion that this issue is occurring randomly amongst devices that upgraded to the iOS 17 betas and it is not limited to older devices.
What we believe is occurring is that:
A key is created and stored into Keychain using SecItemAdd.
The same key is queried at a later timepoint but encounters the error errSecItemNotFound.
Our SDK then attempts to regenerate a new key for the same label and attribute to store it using SecItemAdd, but the system then reports errSecDuplicateItem at the key already exists.
The workaround here includes a manual deletion of the said key.
This issue seems to occur only during an OS upgrade to the iOS17 betas with the likelihood that the key was already present in Keychain prior to the upgrade. I share below the snippet relating to how this said key is generated, stored and retrieved. // Initial key is added
// A random data of 32 bytes length is generated
CFDataRef dataRef = <32bytes of data>;
*attr = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
BREAK_IF_NULL(*attr);
CFDictionarySetValue(*attr, kSecClass, kSecClassGenericPassword);
CFStringRef aKey = CFStringCreateWithCString(kCFAllocatorDefault, "KEY_ACCOUNT", kCFStringEncodingUTF8);
CFDictionaryAddValue(*attr, kSecAttrAccount, aKey);
CFDictionarySetValue(*attr, kSecReturnData, kCFBooleanFalse); CFDictionarySetValue(*attr, kSecAttrAccessible, kSecAttrAccessibleAfterFirstUnlock);
label = CFStringCreateWithFormat(NULL, NULL, CFSTR("A_LABEL"));
CFDictionarySetValue(attr, kSecAttrService, label);
CFDictionarySetValue(attr, kSecValueData, dataRef); SecItemAdd(attr);
// Query for retrieval of key
label = CFStringCreateWithFormat(NULL, NULL, CFSTR("A_LABEL")); CFDictionarySetValue(attributes, kSecAttrService, label);
CFDictionarySetValue(attributes, kSecReturnData, kCFBooleanTrue);
CFDictionarySetValue(attributes, kSecMatchLimit, limit);
CFDictionarySetValue(attributes, kSecReturnAttributes, returnAttributes);
osStatus = SecItemCopyMatching(attributes, result);
if (errSecItemNotFound == osStatus) { }
Please do let me know if more information could be useful. At present, we have ensured that the key generated are well-within the size limits and is stored simply as a kSecClassGenericPassword with limited access control to the key. Additionally, the query used was intended to be generalised to avoid encountering such occurrences.
We are trying to support Passkey Management in our app with the latest iOS 17 Passkey Autofill.
During this process, we have a few doubts and queries:
First, we have configured the AutoFill extension for external passkey management
Next we used the 'prepareInterface(forPasskeyRegistration:' delegate for passkey generation
We are facing an issue on creating the attestationObject for ‘ASPasskeyRegistrationCredential’. Here, we’re not sure if we need to create the attestationObject [if so any documentation or help regarding this] or is there any API to get the attestationObject which we are missing.
override func prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest) {
let request = registrationRequest as! ASPasskeyCredentialRequest
let passkeyRegistration = ASPasskeyRegistrationCredential(relyingParty:
request.credentialIdentity.serviceIdentifier.identifier, clientDataHash: request.clientDataHash, credentialID: Data(UUID().uuidString.utf8), attestationObject: "????")
extensionContext.completeRegistrationRequest(using: passkeyRegistration)
}
Even we have tried passing the hardcoded attestationObject[we used the existing attestationObject received using icloud keychain] , still we got empty ‘ClientDataJSON’ on ‘authorizationController(controller:’ delegate.
Hi guys,
has anyone seen this issue?
When installing an application, which requires Full Disk Access (kTCCServiceSystemPolicyAllFiles), user enables this feature, but after reboot, OS automatically turns it off.
Filed feedback in case it's a new issue.
Any idea how to fix it? Any workaround to keep Full Disk Access enabled?
Thanks.
Recently we've discovered an issue affecting our products in regards to using the Monterey+ provided new api calls to selectively mute events.
Specifically, whenever using es_mute_process_events or es_mute_path_events, the ES_EVENT_TYPE_NOTIFY_OPEN event is ignored for muting (meaning the call will return success, but the event will keep coming).
This is true only for this event as far as I can tell, its AUTH counterpart stays muted (along lots of other processes: clone, rename, close, unlink, fork etc). It fails if either the event is in a list of events or if the event is singled out in 1 sized vector of events.
When using a dedicated client for this event and using the previous api, es_mute_process or es_mute_path muting works as intended.
Tested on ventura 13.5 and 13.6. Is there something that can be done to prevent dedicated clients or is this a known issue?
Hello.
We provide our software in the form of static libraries (.a) wrapped in xcframework. Therefore, the final app will not include the embed framework.
In such a case, should the manifest content required for the library be written as part of the application's xcprivacy file? Or can I provide xcprivacy as part of the xcframework?
Hello community
we have been using an Endpoint Security client within a system extension for quite a while now. After some users updated macOS to Sonoma, we got complaints about slower performance when using MS Office on Mac. The product features work as expected, and our system extension is loaded and delivers events.
Upon inspection of the log files, we found the following (but not on all machines):
[com.apple.TCC:access] Failed to create LSApplicationRecord for file:///Library/SystemExtensions/0062566E-9869-4CC4-A666-F641F5C011CD/com.sophos.endpoint.scanextension.systemextension/: 'The operation couldn’t be completed. (OSStatus error -10811.)'
and
[com.apple.TCC:access] -[TCCDAccessIdentity staticCode]: static code for: identifier com.sophos.endpoint.scanextension, type: 0: 0x7fb63da318c0 at /Library/SystemExtensions/0062566E-9869-4CC4-A666-F641F5C011CD/com.sophos.endpoint.scanextension.systemextension
for almost each event delivered. We are using XPC from the system extension to a non-priviliged daemon process to process file content.
A feedback has already been filed: FB13174804
An additional code-level support was returnd woithout any explanation.
Signing checks of the system extension and the containing app (daemon) on Sonoma turn up without any errros.
Any idea, whats going on here?
Frank Fenn
Sophos Inc.
Hello
We have a react native iOS app and we are having issues with password autofill. We have read some documentation on "associated domains" but cant find anything specific to our issue. We don't currently have a website with login. Is that necessary to utilize password auto fill?
Thanks for any help
hello,
I want to use the latest addition in security i.e., passkeys across apple ecosystem.
I have 2 iPhones (D1 and D2)
I have created passkey from D1 for some RP (eg. walmart.com)
D1 has a screen-lock using index-finger.
The passkey is successfully stored in my iCloudKeyChain
Now I go to D2
The screen-lock in D2 is made up of middle-finger.
I configure my iCloudKeyChain on D2 using same apple-id
If I want to bring the same passkey on D2 that I stored from D1 in iCloudKeyChain , am I required to provide screen unlock finger-print of D1 i.e., index-finger ??
Thanks.
**We noticed that your app collects information from various public sources to build individual profiles, which is not appropriate for the App Store.
Next Steps
To resolve this issue, please remove any feature that attempts to build individual profiles based on collected public data.
**
I do not understand what information that I collect from various public sources to build individual profiles
My app takes the image from user and process it to extract facial features and compare other faces in the app database
also the user can create an account if he wants to post a missing report and I ask to input the name and gender and date of birth and other information of missing person
and all of this I explain in app review
But I still face this replay
what to do ?
I have a question about the privacy manifest file (PrivacyInfo.xcprivacy).
If the third party SDK used in our app is not updated (or the repository is read-only and not permanently updated), can we include the description for the third party SDK in the privacy manifest file of our app?
Hello,
I have integrated Sign In with Apple into my Swift App. Now I'd like to add Sign In with Apple into my website. I followed the instructions at https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple and resulted in an html page:
<html>
<head>
<meta name="appleid-signin-client-id" content="colourworker.SPAD">
<meta name="appleid-signin-scope" content="name email">
<meta name="appleid-signin-redirect-uri" content="https://colourworker.com/apps/photofolia/applesignedin.html">
<meta name="appleid-signin-state" content="init">
<meta name="appleid-signin-nonce" content="NONCE">
<meta name="appleid-signin-use-popup" content="true">
</head>
<body>
<h1>Sign in with Apple</h1>
<div id="appleid-signin" data-color="black" data-border="true" data-type="sign in"></div>
<script type="text/javascript" src="https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js"></script>
</head>
</html>
I have added https://colourworker.com/apps/photofolia/applesignedin.html to the list of Return URLs at https://developer.apple.com/account/resources/identifiers/serviceId/edit/ZSM7Q3SMVH.
But when clicking on the Sign In With Apple button I get the following error: "invalid_request Invalid client id or web redirect url."
Any ideas of what I'm doing wrong?
The Endpoint Security provides the ES_EVENT_TYPE_AUTH_OPEN event, I can specify that the process intercepts the open specified file es_respond_flags_result(client, msg, 0x0, true);.
However, WeChat (the chat app) intercepts the specified file the first time it is sent, and the second time it can be sent successfully, and the peer end can receive the file.
I can confirm that es_respond_flags_result(client, msg, 0x0, true); is called. So, which auth event should I use? Thx!