Prioritize user privacy and data security in your app. Discuss best practices for data handling, user consent, and security measures to protect user information.

All subtopics

Post

Replies

Boosts

Views

Activity

Sign-In with Apple App Transfer and User Migration
Hi all, I am in the process of preparing for an app transfer, and have sign-in with apple enabled. I have read the documentation thoroughly and multiple times, yet there are a few things I'd like to have a confirmation about, before taking the leap and risking that some users might experience any issues. If I understand correctly, after the migration if a user performs a sign-in with Apple, they will send an access_token that differs from the one they were sending when the app was assigned to the old team. In case I didn't take any action that means that my system would think this was a new user given the access_token has never been seen before, and therefore it will create a new user. Is that correct? Ok, so if that assumption is correct, I'd like to have a confirmation also of the way I intend to fix this, since we're doing an internal transfer and the database is going to be the same. I would get a TransferID for all users in my database that have used sign-in with Apple (I have already done that for one of my test users, successfully). After that, I will start the transfer, and accept it from the other team. Once that is done, I will call the migrationinfo endpoint from the other team, getting all the new access_tokens related to the transfer ids. With that information, I will update my databse, adding a relation from the new access token from team B that points to the same user as the access token that was given by team A, and I know which one it is because of the TransferID. Does that make sense? Would it work? I'm not a fan of messing with the login logic (having a look at transfer_ids, looking for matches, and so on), especially because there doesn't seem to be a way to test this. I believe the only risk is that a user might login after the app has been transferred but before I can upload the new access token to the database, but we can handle these (few, hopefully even zero cases) via ticketing. These are the resources I have read so far: https://developer.apple.com/documentation/technotes/tn3159-migrating-sign-in-with-apple-users-for-an-app-transfer#Preparing-to-migrate-users-for-an-app-transfer https://developer.apple.com/documentation/sign_in_with_apple/transferring_your_apps_and_users_to_another_team#3546291 https://developer.apple.com/documentation/sign_in_with_apple/bringing_new_apps_and_users_into_your_team My last question is: how can I test this before going live? Do I really have to just implement changes/update the DB and then go live, hoping that it will all work? Can't I do some sandbox transfer or anything like that? Even just creating like a "clone" of my app and transferring this one would be a huge boost for the confidence of this big leap. Thanks in advance.
4
0
484
Sep ’24
Password autofill not working on iPhone simulator
When tapping on "password" in the accessory view above the keyboard, no password manger is opened. The keyboard just closes and re-opens. I have made sure a password exists and is available to be used. I have replicated this within my own app, but also from within the Settings app on the simulator (see attached gif) so I am confident it is not a coding issue on my side. I have replicated it on both iOS 17 and iOS 18 I am using Xcode Version 16.0 (16A242d) I am running macOS Sonoma Version 14.7 (23H124) I am fairly confident I have not experienced this when working on another clients app. I was using Xcode 15 for that so not sure if this is something introduced with Xcode 16.
0
0
244
Sep ’24
MFA MacOS At ScreenSaver (Lock Screen).
Hi , I did The MFA(2FA) of Email OTP For MacOS Login Screen using, Authorization Plugin, Using This git hub project. It is working For Login Screen , Im trying to Add The Same plugin for LockScreen but it is not working at lock Screen , Below is the reffrense theard For The issue , https://developer.apple.com/forums/thread/127614, please Share The Code that should Present the NSwindow at Screen Saver (Lock Screen) MacOS .
2
0
356
Sep ’24
FB15286954: Loss of 2FA verification codes
Hello, I'll describe an issue I just reported as FB15286954, hoping to see your thoughts on it / what might've gone wrong. Earlier today, I created an account for a website on my iPhone running the release version of iOS 18.0 using Safari, then added 2FA via the Passwords app. I logged in, checked that it works, then closed Safari and did something else (not much on my phone). In the meantime the phone shut down due to low battery. When I charge it again, and open the Passwords app, I come to find out that the verification codes for this website are gone… What could've gone wrong? I was prompted by the website to save a code to check that 2FA was properly configured, so I think I saved it properly in the app (by the way, the password was still there, properly saved). I assume there was a syncing error between iCloud and my iPhone due to low battery? Is there any way to recover the verification codes? I'll try to reclaim the account through the website's support channels, but I'm wondering if I could still retrieve it somehow.
1
0
266
Sep ’24
Use of Auth-plugin and certificate-based persistent token for User login
I'm currently exploring Apple's Auth-Plugin extension and have modified the authdb to log in to a Mac device without using the default login password. Specifically,I am replacing builtin:authenticate,privileged with a custom privileged mechanism that authenticates the user and grants desktop access based on our custom logic. However, this approach does not unlock the user's Keychain. Since I'm bypassing the login password, the Keychain remains locked. I'm considering whether a certificate-based persistent token could be used to unlock the Keychain. Is this approach recommended, or is there a more suitable solution, such as using CryptoTokenKit or another available API?
1
0
346
Sep ’24
The installed certificate does not appear in the list to enable full trust for root certificates
I would like to ask how to resolve the issue in iOS 18 where installed root certificates or self-created certificates do not appear in the Certificate Trust Settings (Enable Full Trust for Root Certificates) list. I tried downloading a certificate from Apple’s official site (https://www.apple.com/certificateauthority/), but it also did not show up in the list for me to enable. Has anyone else encountered a similar problem? Thank you!
1
0
221
Sep ’24
Different PRF output when using platform or cross-platform authentication attachement
Hello, I am using the prf extension for passkeys that is available since ios 18 and macos15. I am using a fixed, hardcoded prf input when creating or geting the credentials. After creating a passkey, i try to get the credentials and retrieve the prf output, which works great, but i am getting different prf outputs for the same credential and same prf input used in the following scenarios: Logging in directly (platform authenticator) on my macbook/iphone/ipad i get "prf output X" consistently for the 3 devices When i use my iphone/ipad to scan the qr code on my macbook (cross-platform authenticator) i get "prf output Y" consistently with both my ipad and iphone. Is this intended? Is there a way to get deterministic prf output for both platform and cross-platform auth attachements while using the same credential and prf input?
1
0
183
Sep ’24
Passkey QR code pop up Question
We are using performRequestsWithOptions to enable passkey on ios app. [authController performRequestsWithOptions:ASAuthorizationControllerRequestOptionPreferImmediatelyAvailableCredentials]; Based on apple doc, this will "Tells the authorization controller to prefer credentials that are immediately available on the local device.", and fail silently if there are no credentials available. However, in recent testing, we identified that on one device, we are seeing QR code popping up even though there's no credential on the device. Question is this a bug on the OS system? If this is a bug, what are the causes that will trigger this condition? Is there a recommendation to mitigate the issue? Should we move to the new api? Thank you.
1
0
234
Sep ’24
To Test FaceId/Biometric/Authorize apple pay options in simulator not working
Hi team, I'm trying to test facid enroll the faceid via simulator [i have injected the command in driver.executeScript option and i have notice in logs enrollment has changed. coreauthd: (DaemonUtils) [com.apple.LocalAuthentication:Server,Biometry] BK notification received: com.apple.BiometricKit.enrollmentChanged in further logs noticed Biometricsupport.framework is missing in xcode file locations logs for your reference " lstat of /Library/Developer/CoreSimulator/Volumes/iOS_21F79/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 17.5.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/BiometricSupport.framework/Info.plist failed: No such file or directory)" any thoughts on missing library? I have tried Faceid and Authorize apple pay in UI also i dont see any action triggered. later i have identified not sure is that because of the Biometric framework missing in the xcode folder.
0
0
200
Sep ’24
Sign in with Apple - User migration process
Hi, First of all I want to state that I've read and re-read these 3 links and I think they don't explain or solve my question below: Transferring your apps and users to another team Bringing new apps and users into your team TN3159 So I have to transfer one of my apps that uses "Sign in with " from one AppStore account to another one. I also want to migrate any user with an open session so that no sessions are lost. I also have a clear idea on how to generate transfer ids and also how to retrieve new credentials (sub and email) for the migrated users. So what's my question then? Well let's imagine I have a transfer id for each and every user, and also want to initiate the app transfer process: What happens with a user who was authenticated using Sign in with Apple, during that period of time in which the app has finished transferring but the users haven't been migrated yet? Are the old account credentials still valid? (Maybe during that 60-day period time?) Once I have migrated the app but haven't yet migrated users, can I safely migrate one user to test and validate the process; or is there any way to test it in a sandbox-like environment? Now I execute a script that generates new credentials (sub and email) for every user with a transfer id; and update these values in my backend database: Do I have to do anything else? Do I need to perform this request from the app client even when I have updated my servers information already? Is there any other remaining detail or tip to perform a smooth user migration? Thanks,
1
0
133
Sep ’24
AttestationObject Generated from Device-side Passkey using Swift
Hi, I am able to fetch the challenge form server and then successfully generate the AttestationObject. When I am sending the AttestationObject to AttestationResult API along with ClientJsonData and CredentialsID as well as few more params. The server side implementation is somehow unable to proceed for registration (Server side unable to validate the AttestationObject). We are getting response from server side "errorMessage":"FID024E The system couldn't find the attestation request." Can you please help us to proceed AttestationObject and how we can successfully register a user?
0
0
146
Sep ’24
Keychain data for SDK
Hello everyone, We have a SDK in which we use keychain to store some data. The customers who integrate our SDK in their app are able to delete our data by using SecItemDelete on kSecClass. Is their any way we can protect the SDK's data from getting delete by the host app or use something only accessible to SDK only ? Thanks
0
0
96
Sep ’24
link to open endpoint security extensions via swiftUI
Hi Team, In previous macOS version, We were using this link to open system extension permission page programmatically for our swift app. x-apple.systempreferences:com.apple.preference.security?General In macos 15 (Sequoia), this pane is moved to system settings-> general->login Items and extensions->end point security extensions which is a modal/popup. Can you please share what should be link to open exact this popup for asking permissions.It appears when you click on i button against end point security extensions Based on apple script I could find following link but it opens login item & extensions pane, I want the next popup as above screenshot. "x-apple.systempreferences:com.apple.LoginItems-Settings.extension?extensionItems™
1
0
266
Sep ’24