The rationale for the approach is that we are on pace to become a required third party tool for the organization. Agree to the point of letting the user choose if the app should run as a login item. I have seen other apps offer a notification to allow the user choice to add as a login item. Is there a hook to detect if a sanboxed app is opened as a login item instead of manually that we can detect? We are a 3rd party tool installed directly thru .pkg

@eskimo @stenya Revisiting this after Sonoma 14.4 released: Now our workaround to call a bash script from the launchd daemon/agent is no longer working in Sonoma as well /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | awk '/ SSID/ {print $2}' I have configured the Launch Agent with the Location Services prompt, and accepted it. Still calling the Apple CoreWLan APIs do not get me any Wifi ssid information that I need. Do we have any certified reccomendation from Apple on how to proceed?

Note: This app is for enterprise, is not released on the app store.

This seems like a really breaking change. To say that any application configured as a launch agent or daemon cannot simply get the connected SSID then what should we expect in the future? How can one single SSID value fingerprint a user or compromise their location? Seems like apple is going down the deep end with all these privacy controls. I'm truly baffled how they connected the dots from a user's connected SSID and their location.

I believe there is an issue with macOS Sonoma getting WIFI information @eskimo @SomaSuryaSanjay . When I run the daemon directly and the app shows up in the foreground, the launch agent successfully prompts and access to the resource is granted afterwards. But once launchd manages it as a launch agent, the behavior is inconsistent. Once, I saw it was able to fetch the data. Next, it wasn't able to. Very confusing and I am about to file a bug report to apple.

Perhaps, the location string in the info.plist is required in order to access the protected resource?

Hi @eskimo Because we needed compatibility with macOS 12, we were unable to onboard our launch agents with SMAppService Our login item is instantiated with SMLoginItemSetEnabled, but our launch agent plist files are populated in the post install script of our pkg: /bin/launchctl bootstrap gui/"$CURRENT_UID" "/Library/LaunchAgents/agentName.plist" which loads the agent with the appropriate configs. Essentially what's happening right now is that I codesign the .app with the location entitlement, but unless i explicitly click on the app and it runs in the foreground the locationmanager.requestAlwaysAuthorization() never prompts. Would love to setup a quick consultation with you if you are available. "ajdali" + "@" + "amazon.com"

Sorry, one more issue @eskimo : https://learn.microsoft.com/en-us/dotnet/api/corelocation.cllocationmanager?view=xamarin-ios-sdk-12 Corelocation API is only available for xamarin.ios is there an equivalent for macOS to use? I used @ehemmete approach to get my GUI to enable location information, but the launch agent is not able to fetch location information

How do I use NSLocationAlwaysAndWhenInUseUsageDescription on macOS so that users know why I am requesting location?

Hello @eskimo , my program is written in DotNet 6, and I use Xamarin.Mac SDK: https://learn.microsoft.com/en-us/dotnet/api/?view=xamarin-mac-sdk-14 Before as in my code, i was able to get the connected SSID without any issue. Now it returns null. Do I need to add an entitlement and prompt the user using Core Location? I'm not sure how to use it with Xamarin.Mac SDK in a dotnet application from the instructions here: https://developer.apple.com/documentation/corelocation/configuring_your_app_to_use_location_services

Im still so confused on how to simply get a network SSID for a background application running DotNet Core on macOS now. Before, I could just call CWifiClient.networkInterfaces, now the value returns null. What steps do I need to take to enable this application which is signed with its own embedded provisioning profile? Do I detect if authorization is required, then request the prompt? #if _UNIX using System; using CoreWlan; using CoreLocation; //??? using ThreadNetwork; namespace Amazon.PersistUserService.Controllers.NetworkController.NetworkChangeManager; public class MacNetworkChangeManager: INetworkChangeManager { private readonly CoreWlan.CWWiFiClient networkClient; private CLLocationManager locationManager; //??? public MacNetworkChangeManager() { networkClient = CWWiFiClient.SharedWiFiClient; } public string? GetConnectedSsid() { //What do I add here to request authorization? foreach (var @interface in networkClient.Interfaces) // you can have multiple wifi devices connected at once { return @interface.Ssid; } return null; } } #endif