Post

Replies

Boosts

Views

Activity

NEFilterDataProvider not invoked for some network activity.
In the context of a research project at my university, we want to anonymously collect and statistically analyse usage behavior of an iOS device in a managed device context (MDM, not FamilySharing). Since we cannot access the ScreenTime API in our non-FamilySharing context, we've built a prototype that uses the tandem of NEFilterDataProvider and NEFilterControlProvider to log the anonymous network traffic (timestamps and originating app's bundle id). We plan to use machine learning and pattern matching algorithms to deduce app usage from network traffic. The prototype is working very well with one exception: The network traffic of some applications (in particular WhatsApp) does not trigger NEFilterDataProvider's methods (which in turn does not trigger NEFilterControlProvider). I recall WhatsApp using web sockets and the VoIP extension in order to be able to send incoming messages to user devices even when the app was terminated via the app switcher. Is this (questionable) pattern preventing NEFilterDataProvider from receiving flows for decision? Is web socket traffic not supported by NEFilterDataProvider? I understand our 'network logging' use case might be not quite in line with the Firewall use case NEFilterDataProvider and friends are usually promoted for. However, I would expect the API to work regardless. Imagine trying to build a Firewall application that wants to block all chat applications from accessing the network, for example. That should certainly work.
3
0
940
Oct ’22
Files in AppGroup secure container not accessible in FamilySharing context
I have published an application that makes use of AppGroup containers to share an sqlite database between the main application and a notification service extension. I have taken into account special file access coordination requirements for an sqlite database shared between processes (WAL, https://github.com/andpor/react-native-sqlite-storage/issues/308#issuecomment-522250831). The application is part of an educational study involving several hundred students of young age. As such, many devices are enrolled in FamilySharing where parents control access of their children. In production, records are added to the database by the main application. The notification service extension reads the database and syncs metadata with a server. Unfortunately, I'm seeing issues with database access from the extension on devices where FamilySharing is enabled. I cannot see detailed information about the issue, because Crash reporting is disabled as per guidelines of the participating institutions. Moreover, I have implemented logging in the extension such that any conventional error (do, catch) thrown by database access code would be visible to me in server logs. I cannot see errors in my log, which leads me to believe something is crashing the extension process when it tries to access the database in the AppGroup container. I cannot find any information in Apple documentation or the pertinent online forums about a special case for AppGroups in FamilySharing context. However, since I've only ever seen the issue on devices where FamilySharing is enabled, I have to assume the error lies there. Is there any undocumented special consideration for AppGroup access in FamilySharing contexts? Is an AppGroup that was created while the app was running under the child's account no longer accessible by the same application when it's running under the parent's account?
1
0
310
Jun ’24