Post

Replies

Boosts

Views

Activity

Using WKScriptMessageHandler to receive sensitive data
My MacOS application has a webview and I've been subclassing WKScriptMessageHandler to handle several messages received from the javascript code. For a new feature I would like to save user's password in the Keychain, to do so I need to send the password from the Javascript to the Swift codebase. The javascript code would be something like this: window.webkit.messageHandlers.loginData.postMessage({username: 'john', password: 'p@ss!123'}) Before implementing this approach I would like to know if there are any security vulnerabilities that I should know about. The sensitive data is being sent from the Javascript to the Swift code, so I wonder if it would be possible for someone to intercept it or getting the sensitive data somehow.
0
0
823
Oct ’22
MacOS releases and app compatibility
My mac application offers support for versions 10.15 or higher, therefore I'm adding some logs to the app to get the OS version when the app launches. But, besides getting the major and minor version numbers, I wonder if it would be relevant for troubleshooting to log the release name as well, such as Catalina, Big Sur, Monterey, etc. So my question is: In order to investigate bug causes, is it important to know the OS release name? Or having just the OS version number is informative enough?
0
0
414
Aug ’22
"Could not find the main bundle or the Info.plist is missing a CFBundleIdentifier"
I'm trying to upload my MacOS app to Appstore via command line, and after solving some signing and certificates issues, I'm a bit stuck on package validation. After exporting the archive to a .pkg file, I run the following command: xcrun altool --validate-app -f ${filename}.pkg -t macOS -u $username -p $password --output-format json And then I get a message with this feedback: Could not find the main bundle or the Info.plist is missing a CFBundleIdentifier in ‘MyApp.pkg’. The problem is my Info.plist looks valid, and it does have a CFBundleIdentifier key. Besides that, uploading to Appstore through Xcode organizer works fine, so I don't really know what I'm missing here. So, I have the following doubts: Am I in the right direction to upload the app to the store via command line? Do I really needs this --validate-app step? Is it correct to try to validate a pkg file? Please let me know if there is more information I could give. Any help would be appreciated.
2
0
2.8k
May ’22
Selecting Provisioning Profile for MacOS app via command line
Since my first deploy I've been uploading my app to Appstore using XCode user interface, and everything works as expected. However, I would like to start uploading the app via command line, and when I upload the app via altool (xcrun altool --upload-app ${appname}.pkg) I get a feedback from Apple saying a provisioning profile was not selected. Is there a way to explicitly pick a Provisioning Profile via command line? Maybe as an argument or something like that.
2
0
3.3k
May ’22