with the same issue. https://developer.apple.com/forums/thread/100501 I am running xucitest framework, for e2e testing. And webdriver app is running background, so it could't get clipboard while my tested app in running in front. I could't switch app to get clipboard, because it will refresh my app. Is there any way to allow clipboard permission with webdriver ?

Referring to this explainer(https://github.com/w3c/webauthn/wiki/Explainer:-Conditional-Registration-Extension) for enabling passkey automatic upgrades. As per the explainer wiki, the credential manager's GET API needs a flag "conditionalCreate: true" before invoking the create API with "mediation: conditional". There is an assumption here that the password autofill needs to be completed as part of the GET API call and only then the passkey automatic upgrades are enabled via conditional mediation in the create API call. Are these assumptions correct? If the previously stated assumptions are correct would automatic passkey upgrades work in native iOS applications if I use the native credential manager APIs for GET and the web based credential manager API for CREATE? (The sign-in pages are opened in a web view for native application)

One of my apps, Default Folder X, is an unconventional user of screen recording (and now ScreenCaptureKit). Part of its functionality is to add navigation controls to the Open and Save dialogs of other applications. It does this via the Accessibility API, and because of the limitations of that API, it sometimes has to actually pop up a menu in the target app's file dialog. To hide this from the user, it takes a screenshot of the Open or Save dialog and displays it in front of the dialog as a façade while it does its menu manipulation. Here's an example without the use of a captured image: https://www.stclairsoft.com/blog/wp-content/uploads/2024/08/EmptyFolderBehindTheCurtain.mov And an example with the façade: https://www.stclairsoft.com/blog/wp-content/uploads/2024/08/EmptyFolderWithScreenshot.mov This use case prevents me from using SCContentSharingPicker, as it's not a user-driven screen capture. Moreover, Sequoia b5's weekly screen recording reminders are popping up while the user is interacting with an Open or Save dialog, severely impacting his / her workflow. It appears that the Persistent Content Capture entitlement may prevent Sequoia from putting up the weekly warnings, though there's no documentation of the entitlement other than it being listed here: https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_persistent-content-capture. So my questions: Is that what the Persistent Content Capture entitlement does? Where is the form to request this entitlement? Without the entitlement, I can't see continuing the use of screen captures. And eliminating that will compromise the UI in my app in the way I've described above. It will also make Default Folder X unable to tailor its UI to match the Open and Save dialogs of the app it's enhancing (there's no API for it to use to get the light / dark mode of the window of another app, so it currently captures an image of the target file dialog to determine its UI mode). Thanks - Jon

Hello, in macOS 14, SecPKCS12Import uses the P12 friendly name as keychain item label (i.e. the private key´s name). This seems to change with macOS 15, testing with beta 5. Now the private key label is always "Imported Private Key". Will this change stay, or is it just a beta issue? If it stays, will then SecPKCS12Import allow to hand over a custom label, via kSecImportItemLabel? This at least does not work under macOS 14. Thanks, Stephan

Development Environment: Xcode 15.4, macOS 14.5 Run-time Configuration: macOS 14.5 (not iOS) Description of Problem: I want to add a QuickType bar for password autofill to provide a password by tapping a suggestion from the QuickType bar. I need to get prepareInterfaceForExtensionConfiguration called in the Autofill extension when enabling the following path: Settings -> Privacy & Security -> Extensions -> Password Auto Fill -> Select App Extension. I have followed the documentation: prepareInterfaceForExtensionConfiguration() Set the Property List Key ShowsConfigurationUI to YES. Implemented override func prepareInterfaceForExtensionConfiguration() {} However, the method prepareInterfaceForExtensionConfiguration is not being called as expected.

I currently do FaceID validation in my apps but it looks like Apple is offering FaceID ad the App level. Does this mean we still need to or can code for it in iOS 18 apps? Right now I've been working on migrating to iOS 18 using beta but my swift code just returns an "unknown error". From a developer perspective I can't find any examples or guidance on how handle FaceID currently in iOS 18 or going forward. Anyone have any insights or resources. This is the code that used to work but now under iOS 18 returns the error. Maybe the simulator and swift have not caught up but I don't think so given that it's been two beta release that I know of where this has not worked. class biometric { class func authenticateUser() async -> (Bool, Error?) { let context = LAContext() var error: NSError? if context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) { let biometryType = context.biometryType var reason = "Authenticate with \(biometryType)" if biometryType == .faceID { reason = "Authenticate with Face ID" } else if biometryType == .touchID { reason = "Authenticate with Touch ID" } do { let success = try await context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: reason) LogEvent.print(module: "Authentication.biometric.authenticateUser", message: "Biometric authentication. success: \"\(success)\".") return (success, nil) } catch let evaluationError as LAError { LogEvent.print(module: "Authentication.biometric.authenticateUser", message: "Biometric authentication failed. evaluationError: \"\(evaluationError.localizedDescription)\"") handleEvaluationError(evaluationError) I do get past the .canEvaluatePolicy but fail on the .evaluatePolicy

I'm unable to request the full name in my SignInWithAppleButton. However, I can correctly gather the apple id and use the email in the requested scope. I have a testing and production project which have the same exact code block for reproducing the sign in button experience within an iOS app. In the testing project, I'm able to gather the full name and email (just as intended) with the same "Sign in with Apple" Capability and signing + signing certificate. Which leads me to think there's some conflict in entitlements or target properties which conflict with ability to gather the full name in the "SignInWithAppleButton" Any help with this would be greatly appreciated before I have to run through each entitlement/property and play with how it affects the SSO capability. Thank you in advance! Code block: import SwiftUI import AuthenticationServices struct ContentView: View { var body: some View { VStack { SignInWithAppleButton(.continue, onRequest: {request in request.requestedScopes = [.fullName, .email] }, onCompletion: {result in switch result { case .success(let auth): guard let cred = auth as? ASAuthorizationAppleIDCredential else {return} print(cred.authorizedScopes) case .failure(let err): print(err) } }) } .padding() } }

We are seeing in Sequoia, and confirmed in https://9to5mac.com/2024/08/06/macos-sequoia-screen-recording-privacy-prompt/, that screen capture permission dialog is triggered at specific time intervals. With B5 this seems to be only every week. Our app does not currently handle this dialog well, and we want to fix this. However, the documentation does not mention any way of triggering this dialog (or reset the counter since the last reminder). Does Apple provide any way for Apple Developers to test this?

On a personal level, I use 6 trusted apps that utilize screen and system audio recording and I expect that when I allow them to do so, that I am not prompted weekly or upon every startup. On a professional level, it's just bad for developers when there is simply no work around to this. Apple, please add an "always allow" option in the prompt. Thank you. https://9to5mac.com/2024/08/06/macos-sequoia-screen-recording-privacy-prompt/

Hey all, I am working on my self updater and I am hitting an error replacing my binaries. Basically, when there is a new release my self updater checks and prompts the user to update. When the user accepts to update my applicaiton will download the .zip for the specified version and for the operating system, which is darwin in this case. Then, once the .zip has been download I use ditto to replace the existing binaries, but I am hitting the error "Operation not permitted" on darwin. Here is my code for updating: // Download zip of latest version (Works) homeDir, _ := os.UserHomeDir() downloadPath := filepath.Join(homeDir, "Downloads", "tooler.zip") err := exec.Command("curl", "-L", "-H", "Accept: application/octet-stream", "-H", "Authorization: Bearer REMOVED_TOKEN", "-H", "X-GitHub-Api-Version: 2022-11-28", release.AssetURL, "-o", downloadPath).Run() if err != nil { return fmt.Errorf("binary update failed during curl: %v", err) } // get executable path for where we need to replace (Works) cmdPath, err := os.Executable() appPath := strings.TrimSuffix(cmdPath, "tooler.app/Contents/MacOS/tooler") if err != nil { appPath = "/Applications/" } // Cleanup zip after everything executes defer func() { err = exec.Command("rm", downloadPath).Run() if err != nil { // return fmt.Errorf("binary update failed during removal: %v", err) } }() // Replace .app contents, but hits "operation not permitted" (Does not work) cmd := exec.Command("ditto", "-xk", downloadPath, appPath) var out bytes.Buffer var stderr bytes.Buffer cmd.Stdout = &out cmd.Stderr = &stderr err = cmd.Run() if err != nil { return fmt.Errorf("binary update failed during ditto: %v \n Args: %v \n CmdPath: %v \n AppPath %v", stderr.String(), cmd.Args, cmdPath, appPath) } return nil The first message before the line break is my application logging where the failure was and the rest of "ditto:" messages are the errors output by ditto. Update failed: binary update failed during ditto: ditto: /Applications//tooler.app/Contents/_CodeSignature/CodeResources: Operation not permitted ditto: /Applications//tooler.app/Contents/MacOS/tooler: Operation not permitted ditto: /Applications//tooler.app/Contents/Resources/icons.icns: Operation not permitted ditto: /Applications//tooler.app/Contents/Info.plist: Operation not permitted Here are my entitlements <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.files.downloads.read-write</key> <true/> </dict> </plist> Could this ditto error that the operation is not permitted be related to my entitlements? My .app is signed and notarized before distribution. I am able to download the zip, unzip and run the application without problems other than when I try to run the self update and it fails due to "operation not permitted".

Hello all, I am building a macOS application that I codesign and notarize for distribution. I am able to download my zip, unzip and run my application successfully, but when I attempt to update to a new version I hit an error with ditto that "operation not permitted" when attempting to replace my .app with the new version. For example, here is a sample output of the failure: Update failed: binary update failed during ditto: ditto: /Applications//tooler.app/Contents/_CodeSignature/CodeResources: Operation not permitted ditto: /Applications//tooler.app/Contents/MacOS/tooler: Operation not permitted ditto: /Applications//tooler.app/Contents/Resources/icons.icns: Operation not permitted ditto: /Applications//tooler.app/Contents/Info.plist: Operation not permitted My application code updates the user to a new version by executing a curl command to download the versions zip and then uses ditto to unzip. I am able to successfully download the zip with the curl command and remove the file with the rm command, but when I try to use ditto to copy and replace my application contents it fails. Here is my application code that does that (The directories are correct for the application and the zip is downloaded): // Download the zip (Works) homeDir, _ := os.UserHomeDir() downloadPath := filepath.Join(homeDir, "Downloads", "tooler.zip") err := exec.Command("curl", "-L", "-H", "Accept: application/octet-stream", "-H", "Authorization: Bearer REMOVED_TOKEN", "-H", "X-GitHub-Api-Version: 2022-11-28", release.AssetURL, "-o", downloadPath).Run() if err != nil { return fmt.Errorf("binary update failed during curl: %v", err) } // Get the executeable path (Works) cmdPath, err := os.Executable() appPath := strings.TrimSuffix(cmdPath, "tooler.app/Contents/MacOS/tooler") if err != nil { appPath = "/Applications/" } // Cleanup function to remove the downloaded .zip (Works) defer func() { err = exec.Command("rm", downloadPath).Run() if err != nil { // return fmt.Errorf("binary update failed during removal: %v", err) } }() // Update application contents (This fails from the operation not permitted) cmd := exec.Command("ditto", "-xk", downloadPath, appPath) var out bytes.Buffer var stderr bytes.Buffer cmd.Stdout = &out cmd.Stderr = &stderr err = cmd.Run() if err != nil { return fmt.Errorf("binary update failed during ditto: %v \n Args: %v \n CmdPath: %v \n AppPath %v", stderr.String(), cmd.Args, cmdPath, appPath) } return nil Also, here are my entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.files.downloads.read-write</key> <true/> </dict> </plist> Anyone have any ideas on why the ditto command won't let me update the application contents and returns operation not permitted?

Hi, My app uses Sign in with Apple as the only login option and this has worked great for 99.99% of my user base. A small number of users though have Mobile Device Management (MDM) profiles installed on their devices that have disabled iCloud (using Apple Configurator). Even though my app makes no use of iCloud at all, when they try and use Sign in with Apple they get the prompt "You need to sign in with your Apple ID in Settings" even though they are signed in already as shown in Settings and the App Store. I have a subscription based app and they can see in the App Store that they are considered signed in and when they use my app it sees an active subscription tied to that Apple ID. Same Apple ID on a device without the MDM profile, everything works as expected. Anyone know if there is a way to solve this? Thanks!

Hi. I would like to check the device integrity. I have been searching and I have found it is possible to check the integrity of the app, BUT instead I would like the check the integrity of the device. Be able to determine if it is rooted or jailbroken or something like that.

Issue happens with system.login.screensaver. After my SFAuthorizationPluginView sets a result allowing login, my view remains on screen for about eight seconds. What makes my view disappear? I notice that my plugin mechanism just gets a destroy call.

There are two apps under our account that need to be transferred to other teams, namely A app and B app. Both apps have the function of Apple login. Now we need to transfer the original Apple login user to the new team, and we need to generate a new transfer identifier, i.e. TransferId. We created a new p8 file for each app in the developer background, and then followed the apple document to generate the transfer identifier. A app can be generated normally, but B app cannot be generated, and the error http: 400, { error: 'invalid_grant' }; The process is as follows: Generate clientSecret according to the key and p8 file corresponding to the sent teamID and p8 file and clientId, i.e. bundleid. ✅ Generate accessToken using clientId and clientSecret. ✅ Generate transfer identifier (auth/usermigrationinfo). This interface reports an error http: 400, { error: 'invalid_grant' }. ❌

what is the instruction on how to connect hackrf to the macbook pro m2 max?

Hello, I would like to know how I recreate the data that was signed by the private key during assertion flow. I read on various sources that my code should get the 37 bytes of authenticator data, append the SHA-256 hash of clientDataJSON string to the end and verify that data given the signature and the public key! But it doesn't seem to work. I have opened a StackOverflow issue to it where I've provided broader details: https://stackoverflow.com/q/78819955/26530591

I received this notice when I submitted my app to the App Store: Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage The app requires users to register or log in to access features that are not account-based.Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. For example, an e-commerce app should let users browse store offerings and other features that are not account-based before being asked to register, or a restaurant app should allow users to explore the menu before placing an order. Registration must then only be required for account-specific features, such as saving items for future reference or placing an order. My app is not e-commerce and does not sell anything. We have partnered with my local university to build an app for their students. It requires a login to use the app because the user must be a student or staff member. The app is a discount app for local businesses. The university wanted to give back to its students, so they partnered with many businesses in our area to provide special discounts. Inside the app, the user only needs to log in to view all of the discounts. There are no special codes or additional actions required; the discounts are just visible. We currently have an older version of this app (which was open to everyone) on the App Store. It was approved 2 months ago with no issues, and users still have to log in to that version. The university wanted to create two separate apps: one for students and one for everyone else. We plan to release the second app soon, but for now, we are trying to get the student version out before school starts in a couple of weeks. How can I address this issue or get around it? The entire functionality of the app requires users to log in, but the reviewer does not seem to understand this.

Topic description: when a user wants to create a new Account and ignores the "Use strong password" or "choose other option" and clicks on button to next screen, the app will hang. User Interaction / Experience A Screen with usernameInputField, a passwordInputField and a Button to create the account. The next screen will be pushed (not modally). The second screen allows some userinteraction (in the example counting upwards and displaying this, which allows checking if the app responds to input). How to reproduce The user types in a username and klicks on the passwordTextField. A strong password is suggested by Apple. The overlay shows at the bottom. We ignore the Buttons provided by the overlay and press on the button in the app to create the account. Transition to next page animates, but the next screen is unresponsive. Expected behavior (which works sometimes, when running with debugger) On the second screen the Do you want to store the password action sheet should be displayed (like in the screenshot). Findings This bug occures for our production App with UIKit and SwiftUI implementation. I could also find an App on the AppStore with the same Bug and similar patterns (usernameField + passwordField + nextButton + navigation by pushing the next viewController). I implemented the most basic to reproduce the bug and be sure it is nothing in my code. I cannot provide a standalone project, because https://<fully qualified domain>/.well-known/apple-app-site-association Information needs to be given for strong password to be suggested. Screenshots when not running into bug. // AppDelegate func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool { appWindow = UIWindow(frame: UIScreen.main.bounds) let viewController = UIHostingController(rootView: ContentView()) let navigationController = UINavigationController(rootViewController: viewController) appWindow.rootViewController = navigationController appWindow.makeKeyAndVisible() return true } // Create Account implementation struct CounterView: View { @State var counter = 0 var body: some View { VStack { Text(String(counter)) .font(.title) Button("+", action: { counter += 1 }) .buttonStyle(BorderedProminentButtonStyle()) } } } struct ContentView: View { @State var username = "" @State var password = "" var body: some View { VStack { Text("Choose your login credentials") .padding() TextField("username", text: $username) .textContentType(.username) SecureField("password", text: $password) .textContentType(.newPassword) NavigationLink(destination: CounterView()) { Text("create account") } } .padding(40) } } The bug does NOT occure when you have the debugger attached from the start. I was able to get the bug and then attach to the process. I could see that memory raised drastically and the app crashed after a long time. While testing, I could see once View <:0x0> does not conform to UITextInput protocol being printed to the console. The bug does not occure when you present the next screen modally. With Debugger attached the App response as expected and presents the action sheet for do you want to store the password. My guess I think when the transition to the next screen happens, the reference to some critical information for save password gets deallocated and then some Apple Api tries to show the action sheet but this does not work because some Information is missing. This seems to prevent the userinteraction and some code runs in an endless loop which would explain the memory raising quickly (our production build runs normally between 30 MB and 80 MB Memory). Does anyone have similar issues? I think all Ideas to fix this are some sort of hacks to make it work and I would think Apple needs to fix this, what do you think?

For browser extension to communicate with a native app there must be a helper app. It is launched by the browser and the communication happens via stdin and stdout. I wrote such a helper app in Swift, it works. I'd like to add security checks to the helper app. To make sure that the parent process is one of the approved browsers - I can do this with NSRunningApplication(processIdentifier: getppid())?.bundleIdentifier To make sure the parent process has valid signature To make sure that the other peer of the stdin/stdout pipes is the parent process Do you know ways to achieve 2 and 3? Does the way I am doing 1 look correct to you?