I'm working on a system management tool that should be able to Allow/Deny mass storage and portable devices. In case if it is a USB flash drive I can detect Mount events using Endpoint Security framework. Then using IOServiceGetMatchingServices I can find the actual device that is trying to mount new volume, check if it is an allowed device and Allow or Deny mount. But in case if it is an iPhone/iPad or Android device I can't rely on that solution as they don't mount new volumes but user can copy files to the phone. To cover this case I could respond with Deny for the ES_EVENT_TYPE_AUTH_IOKIT_OPEN event. But at that moment I know nothing about the device, only its class which is the same for a mouse and for iPhone. I can add a notification for adding new USB devices, but then I would need somehow to understand that it is a phone/tablet and disconnect or suspend needed USB Device. How could I disconnect or suspend a USB Device having only io_object_t?

I want to embed a 3rd party SDK with a network extension into my project. The network extension is signed by the company which is providing this SDK. I distribute my app outside of MAS and so I send it for notarisation every time. As I understand everything which is embedded in my app should be signed with my developer profile. So how do I sign that network extension? I usually sign 3rd party libraries executing the command: codesign --force --deep --timestamp --sign "My profile name" pathToLibrary But if I do this with the network extension it still has wrong embedded profile in it. And as I understand the network extension's bundle ID should match with bundle id in my profile. Please help me understand how to use 3rd party network extension to be able to distribute my app.

Is there a way to change Lock Screen settings programmatically or from terminal? Especially askForPasswordDelay "Require password after screen saver begins or display is turned off". I know that it is possible to do using profile.