Prioritize user privacy and data security in your app. Discuss best practices for data handling, user consent, and security measures to protect user information.

All subtopics

Post

Replies

Boosts

Views

Activity

Gatekeeper refuses to start application from downloaded DMG
Hello, I have an application which uses a helper[1] to download[2] files. When files download is a DMG and user mounts the image to run the application from this DMG it doesn't pass Gatekeeper. It presents the "Application XYZ.app can't be opened.". Same file downloaded via Safari shows a different dialog, the "XYZ.app is an app downloaded from the internet. Are you sure you want to open it?" In the system log I see this line: exec of /Volumes/SampleApp/SampleApp.app/Contents/MacOS/SampleApp denied since it was quarantined by Download\x20Helper and created without user consent, qtn-flags was 0x00000187 The application is running sandboxed and hardened, the main application has com.apple.security.files.downloads.read-write entitlement. Everything is signed by DeveloperID and passes all checks[3]. I tried to check the responsible process[4] of the helper. Then trivial stuff like download folder access in System Settings/Privacy & Security/Files & Folders. Everything seems to be fine. For what it worths the value of quarantine attribute is following: com.apple.quarantine: 0087;6723b80e;My App; The Safari downloaded one posses: com.apple.quarantine: 0083;6723b9fa;Safari;02162070-2561-42BE-B30B-19A0E94FE7CA Also tried a few more ways and got to 0081 with Edge and 0082 with a sample app with similar setup. Not sure if that has any meaning. What could I be doing wrong that Gatekeeper right away refuses to run the application from DMG instead of showing the dialog like in other cases? [1] The executable is in application bundle located in Contents/Helpers/DownloadHelper.app in the main application bundle. [2] Nothing fancy, curl + regular POSIX file operations [3] codesign, syspolicy_check, spctl [4] launchctl procinfo pid
12
0
363
3w
container-migration.plist doesn't work in some cases
I have existing macOS application(pkg distribution) and now I need to release App Store version I need to move all files from "Documents/My App" to app container however container migration doesn't work in some cases I've tested TestFlight build: migration works fine if Mac uses Local Documents folder migration doesn't work if Mac uses iCloud Documents and Desktop folders Is there some way to fix this? container-migration.plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Move</key> <array> <string>${Documents}/My App</string> </array> </dict> </plist>
1
0
149
3w
15.1 requestAlwaysAuthorization is no effect in WifiAccess.app
After upgrading to 15.1, SSIDs can no longer be scanned. In my main application, there is a wifiAccess.app in the LaunchService folder that is killed by embbed. This app is the root process that is placed under launchDaemon and loaded by launchd CLLocationManager *locationManager = [[CLLocationManager alloc] init]; if (@available(macOS 10.15, *)) { [locationManager requestAlwaysAuthorization]; } else { // erlier version do not need localtion permission } NSError *error; NSData *ssidStrData = [ssid dataUsingEncoding:NSUTF8StringEncoding]; CWInterface *interface = [[CWWiFiClient sharedWiFiClient] interface]; NSSet<CWNetwork *> *networks = [interface scanForNetworksWithSSID:ssidStrData error:nil]; However, the obtained networks do not have ssid. {(<CWNetwork: 0x600000368680> [ssid=(null), bssid=(null), security=WPA2 Enterprise, rssi=-49, channel=<CWChannel: 0x600000370bd0> [channelNumber=44(5GHz), channelWidth={20MHz}], ibss=0], <CWNetwork: 0x600000370b30> [ssid=(null), bssid=(null), security=WPA2 Enterprise, rssi=-73, channel=<CWChannel: 0x600000370b00> [channelNumber=6(2GHz), channelWidth={20MHz}], ibss=0], <CWNetwork: 0x600000370be0> [ssid=(null), bssid=(null), security=WPA2 Enterprise, rssi=-44, channel=<CWChannel: 0x600000370c60> [channelNumber=165(5GHz), channelWidth={20MHz}], ibss=0] }, the main program has granted the location permission, but the location authorization has not responded in this wifiaccess process. And (lldb) po [locationManager authorizationStatus] kCLAuthorizationStatusNotDetermined. The output authorization is always unauthorized, but only the authorization option of the main application can be seen in the system Settings location permissions setting, wifiaccess.app is not present on the list
2
0
261
3w
Implementing Two Apple Sign In Buttons on a Hybrid Web Login Page
Hi everyone, I'm working on a hybrid web application that will serve as a unified login page for two of my existing apps. Both apps currently utilize Apple Sign In with separate app IDs. To provide a seamless user experience, I plan to create a unified login page that displays two distinct Apple Sign In buttons: "Log in with A Service" and "Log in with B Service". Each button will link to the respective Apple Sign In flow for that specific service and app ID. I'm seeking guidance on the following: Apple's Guidelines: Are there any specific Apple guidelines or restrictions that prohibit or discourage the display of multiple Apple Sign In buttons on a single page within a hybrid web app context? I appreciate any insights or suggestions you can provide. Thank you
1
0
155
3w
Problems with macOS apps launching since Sequoia 15.1 (spawn constraints failure)
What Starting from macOS Sequoia 15.1, a terminal app (KiTTY) installed via Nix fails to launch apparently due to new hardening mechanism in CoreServices introduced in 24B83 Seems this is triggered not every time. If I create new volume and copy the same path with KiTTY on it, it worked on the first occasion but I failed to make it work reproducibly. @Eskimo I would kindly appreciate if you could highlight more about Secure Launch and related spawn constraints. Anyway, this is blocker issue for me so I'm rolling back to 15.0.1 ❯ open /nix/var/nix/profiles/default/Applications/kitty.app _LSOpenURLsWithCompletionHandler() failed with error -54. Logs ❯ log stream | grep kitty ... 2024-10-30 09:38:56.005739+0100 0x9383 Error 0x45fac 584 0 CoreServicesUIAgent: (LaunchServices) [com.apple.launchservices:open] LAUNCH: Launch requires secure launch with spawn constraints, but none are present or valid, so returning permErr for <FSNode 0x600001e656c0> { isDir = ?, path = '/nix/store/wiindrplkcj1mn22x6nbl8clpnz7adpm-kitty-0.36.4/Applications/kitty.app' } 2024-10-30 09:38:56.005837+0100 0x9383 Error 0x45fac 584 0 CoreServicesUIAgent: (LaunchServices) [com.apple.launchservices:open] LAUNCH: Launch failure with -54/permErr <FSNode 0x600001e778e0> { isDir = y, path = '/nix/store/wiindrplkcj1mn22x6nbl8clpnz7adpm-kitty-0.36.4/Applications/kitty.app' } 2024-10-30 09:38:56.006106+0100 0x9383 Default 0x45fac 584 0 CoreServicesUIAgent: (libxpc.dylib) [com.apple.xpc:connection] [0x600002148d20] activating connection: mach=true listener=false peer=false name=com.apple.coreservices.quarantine-resolver 2024-10-30 09:38:56.006440+0100 0x9383 Error 0x45fac 584 0 CoreServicesUIAgent: (LaunchServices) [com.apple.launchservices:default] LAUNCH: Launch failed in CSUI with error Error Domain=NSOSStatusErrorDomain Code=-54 "permErr: permissions error (on file open)" UserInfo={_LSLine=4224, _LSFunction=_LSOpenStuffCallLocal} 2024-10-30 09:38:56.007039+0100 0x9381 Default 0x45fac 584 0 CoreServicesUIAgent: (libxpc.dylib) [com.apple.xpc:connection] [0x14f00fca0] activating connection: mach=false listener=false peer=true name=com.apple.coreservices.quarantine-resolver.peer[584].0x14f00fca0 2024-10-30 09:38:56.007602+0100 0x9381 Error 0x45fac 584 0 CoreServicesUIAgent: [com.apple.launchservices:uiagent] handle LS launch error: status=-54 {\n Action = odoc;\n AppPath = "/nix/store/wiindrplkcj1mn22x6nbl8clpnz7adpm-kitty-0.36.4/Applications/kitty.app";\n Documents = (\n "kitty.app"\n );\n ErrorCode = "-54";\n FullPaths = (\n "/nix/store/h33cy9y53p6dnyzx41a1dfxsr0df8i4c-system/Applications/kitty.app"\n );\n} Environment ❯ uname -a Darwin airstation.local 24.1.0 Darwin Kernel Version 24.1.0: Thu Oct 10 21:05:14 PDT 2024; root:xnu-11215.41.3~2/RELEASE_ARM64_T8103 arm64 ~ ❯ sw_vers ProductName: macOS ProductVersion: 15.1 BuildVersion: 24B83 ❯ arch arm64
2
5
431
3w
Endpoint Security System Extension Limitations
Trying to flesh out an idea for an application which would rely on Endpoint Security Framework and Network Extension Framework, where intend the application to: Forward certain ESF events to a backend (on a separate server) Forward certain Unified logs to a backend (on a separate server) Forwarding various DNS queries and responses (on a separate server) Retrieve configuration from the backend to set Network Extension Filters Are there any limitations and/or reasons not to bundle all this functionality into a single system extension? I know of other applications where system extension is very thin and main application (daemon) communicates over xpc with the system extension, would this be considered best practice?
1
0
188
3w
iOS app on macOS storing persistent user ID across installs on same device
Hi, I have recently encountered an app with some odd behaviour and wanted to clarify some details about the way sandboxing works with iOS apps installed on a Mac. I am unsure whether this is due to a misunderstanding of system behaviour or whether this is a bug. The app was installed from the Mac App Store, designed for iPad. The developer of the app informed me that in lieu of a sign-in process, the app tries to persistently store a UUID of the user on the device so that when the app is deleted and reinstalled, the user is automatically logged in again. The developer says that two mechanisms are being used: 1) NSUserDefaults (via Flutter shared prefs) and 2) identifierForVendor. In the case of 1), my understanding is that these are managed by cfprefsd. Using the 'defaults domain' command, the domain of the app appears. However, there are no keys or values stored. Using the 'defaults write' and 'defaults read' and 'defaults delete' commands on that bundle identifier works as expected, but since it starts out empty, it cannot be read or deleted. Furthermore, the app's data is supposed to be sandboxed in /Library/Containers. When the app is uninstalled from Launchpad, I have confirmed that the folder is missing. When reinstalled, the app's settings and data are missing, but crucially, the cloud identifier is still persistent and is evident after 'setup'. In the case of 2), the developer documentation states that identifierForVendor changes when all apps from a developer have been removed from a device. The app in question is the only app that was installed from this developer, so logically this identifier should have changed when the app was deleted and reinstalled. I have confirmed that iCloud drive is not being used to store this data as there is no data in iCloud for this app. In any case, when the app is uninstalled and reinstalled, the app automatically logs the user into the "account" it was previously logged into, along with all of that user's data in the cloud. I have a sense that this type of persistent identifier tracking is what sandboxing was meant to address, but I am unsure why I have been unable to remove the UUID tag from my system. Any insight would be greatly appreciated!
1
0
201
3w
Multiple SDK's writing to the Keychain but not able to read from the Keychain
I have a Mobile App developed in Objective C which has two SDK's writing to the keychain. The first SDK which is completely written in Swift, uses Swift to write and read the key chain and the second SDK uses Objective C to read and write to the SDK. When the first SDK reads from the keychain, the second SDK is not able to read from the keychain and it is getting the Keychain error of item not found. Both the SDK's are using different keys and so not sure why the second SDK is getting item not found. The weird thing with this error is it happens only on a Simulator and it is working fine on actual iPhone. I have also checked the Objective C to Swift bridging header and everything looks correct. Any help you can provide is highly appreciated.
2
0
142
3w
Token Portability on Apple devices
I have a use case where I want to retrieve a third-party access token and pass it between servers to allow different services to make API calls. But when looking through the third-party docs, I found this note: "One important aspect to understand about access tokens is that most tokens are portable. However, Apple does not allow moving tokens to servers." It's found here: https://developers.facebook.com/docs/facebook-login/guides/access-tokens#portabletokens Does anyone have more information on what this means? Has anyone had issues with passing tokens between clients/servers or servers/servers on Apple devices? Thanks!
0
0
99
3w
When performing device certificate authentication on iOS18, it takes time to respond.
We are using device certificates for authentication when logging into our web page. After updating an iPhone 12 to iOS 18, the authentication process takes up to two minutes to respond. Upon investigating IIS, it was found that the certificate is not being presented from the iPhone, resulting in a timeout. This issue is affecting our operations, and we need a solution urgently. Could you please advise on how to resolve this?
2
0
174
3w
Can't generate keypair through SecKeyCreateRandomKey() on macOS Sequoia - internal error
I generate a keys using : let attributes: NSDictionary = [ kSecAttrLabel: label, kSecUseKeychain: getSystemKeychain()!, kSecAttrKeyType: kSecAttrKeyTypeEC, kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom, kSecAttrKeySizeInBits: 256, kSecPrivateKeyAttrs: [ kSecAttrIsPermanent: true, kSecAttrApplicationTag: tag, ] as [CFString : Any] ] var error: Unmanaged&lt;CFError&gt;? // Generate a new private key guard let privateKey = SecKeyCreateRandomKey(attributes, &amp;error) else { logger.error("failed to create a keypair \(String(describing: error))") return (nil, nil) } I keep getting this error : failed to create a keypair Optional(Swift.Unmanaged&lt;__C.CFErrorRef&gt;(_value: Error Domain=NSOSStatusErrorDomain Code=-2070 "internal error" (internalComponentErr) UserInfo={numberOfErrorsDeep=0, NSDescription=internal error})) The above code works absolutely fine on macOS Sonoma and older OS. This looks like a regression in the Apple API SecKeyCreateRandomKey(). What is a good workaround for this ?
7
0
223
3w
Apple Sign In not working
Hi, I've been working to build Apple sign in into my application using a low code tool called GeneXus. The instructions seem pretty straight forward however it's not working when I try signing in from the app. See GeneXus instructions here: https://wiki.genexus.com/commwiki/wiki?44478,GAM+-+Apple+Authentication+type The only section that I didn't do was to verify the domain which according to the instructions is required for apple sign in to work. This was backed up by the GeneXus support team. I can't find how to verify the domain though? The support team seem to think Apple will send me the domain association file detailed in the link below and I simply add that to the server: https://developer.apple.com/documentation/xcode/supporting-associated-domains#Add-the-associated-domains-entitlement-to-your-app However I can't find where this file would be generated? I also can't see the button to register the domain in the first place!
1
0
139
3w
Migrate RN to Swift. Oauth2 PKCE
I working on a app, both a wep-app, the prototype of the webapp is ready and i started don my IOS MVP for a couple of weeks ago. Since the SPA is written in ViteJs it was «easy» to think that RN was a good way of making the MVP. Since I just started its not so «hard» to change, and now I am wondering about doing that. After I upgraded from 0.75 to 0.76 problems is knocking on my door all the time, and my time is used for making Metro eg. run, rather then develop the app. I have a Oauth2 PKCE server running and over time other known Oauth2 providers will be implemented: google, apple eg. So since I am looking for other ways to develop it Swift came up. How is Oauth PKCE with Swift? Is it some libraries that is recommended to use is it any well known problems with Swift and PKCE? KR
0
0
75
3w
Inquiry Regarding NSNearbyInteractionUsageDescription Permission Behavior on iOS 18
After declaring NSNearbyInteractionUsageDescription in accordance with the official documentation, a permission prompt used to appear asking if the user wants to allow Nearby Interaction permissions. Additionally, I could see two related permissions in the app’s settings. This behavior was working correctly on iOS 17. However, after upgrading to iOS 18, the permission prompt no longer appears upon reinstalling the app, and the related settings are no longer visible in the app settings. I would like to confirm if there are any additional configurations required for iOS 18 to make Nearby Interaction permissions function as expected. Thank you very much for your assistance. https://developer.apple.com/documentation/nearbyinteraction/initiating-and-maintaining-a-session ios 17: visable, ios 18 : gone
0
0
202
3w
Discrepancy between documentation and the actual behavior
I think there's a slight discrepancy between what is being communicated in EndpointSecurity docs, and what is really happening. For example, consider the description of this event: https://developer.apple.com/documentation/endpointsecurity/es_event_type_t/es_event_type_notify_truncate?language=objc "ES_EVENT_TYPE_NOTIFY_TRUNCATE: An identifier for a process that notifies endpoint security that it is truncating a file." But, it seems that this event is fired up only when truncate(2) is called, not when process truncates a file (which can be done in lots of different ways). But the documentation doesn't even mention that it's only about the truncate(2) call, it's impossible to know. Another example: https://developer.apple.com/documentation/endpointsecurity/es_event_type_t/es_event_type_notify_copyfile?language=objc "ES_EVENT_TYPE_NOTIFY_COPYFILE: An identifier for a process that notifies endpoint security that it is copying a file." It seems that this event is only called when copyfile(3) syscall is called. But the docs doesn't mention that syscall at all. The wording suggests that the event should be emitted on every file copy operation, which is probably impossible to detect. I mean, I get that you'd like the docs to be "easy to digest", but I think that such working confuses people. They expect one thing, then they get confusing behavior from ES, because it doesn't match their expectations, and after reaching out to Apple they get concise and clear answer -- but it would be easier for everyone (including Apple devs) when this answer would be included directly in the official docs for the framework.
2
0
240
4w
iOS18 webView Client not authorized
Error launching process, description '未能完成操作。(com.apple.extensionKit.errorDomain错误2。)', reason '' GPU process (0x129000ab0) took 3.3203 seconds to launch WebContent process (0x1280180c0) took 5.3785 seconds to launch Failed to create extensionProcess for extension 'com.apple.WebKit.Networking' error: Error Domain=com.apple.extensionKit.errorDomain Code=2 "(null)" UserInfo={NSUnderlyingError=0x302e21b60 {Error Domain=RBSServiceErrorDomain Code=1 "Client not authorized" UserInfo={NSLocalizedFailureReason=Client not authorized, RBSPermanent=false}}}
1
0
122
4w
Whether non-Apple Store mac apps can use passkey?
Our desktop app for macos will be released in 2 channels appstore dmg package on our official website for users to download and install Now when we debug with passkey, we find that the package name of the appstore can normally arouse passkey, but the package name of the non-App Store can not arouse the passkey interface I need your help. Thank you
1
0
278
4w