Hello, in Appstore Connect, it is expected to declare the collected data types. However, there is something that is pretty confusing, namely the definition of "Data Collection". According to the form: Data Collection Thanks for helping users understand your app's privacy practices. Remember that you're responsible for any third-party code that is added to your app, so if your third-party partners collect data from your app, you must represent that in your responses. “Collect” refers to transmitting data off the device in a way that allows you and/or your third-party partners to access it for a period longer than necessary to service the transmitted request in real time. ..... What does the point "longer than necessary" refer to? Obviously, my app is storing data of user to "function". My understanding is, storing data for functionality doesn't mean collecting data. Is this correct? Thank you.

I am in need of assistance with sandboxing the riot games client and game league of legends. I originally played on a vm from linux but after the change to the incredibly intrusive rootkit malware vanguard. I cannot play from a vm or at least it would be difficult, if this route of containerizing it on mac proves to be more difficult (which wouldn't make sense) then I will go back to spoofing the a vm to not look like a vm. This is even more infuriating because I almost exclusively play Team Fight Tactics in which there is zero cheating and cheating would give a player zero advantage. I decided I would try the Mac version of the game but apple does not sandbox applications at all like flatpak and flatseal from linux. The game has access to my entire system and can read and write to my home directory. This is a massive security risk. I originally tried checking the system settings privacy and security section but the application was not listed anywhere nor was it given access on any of the sections listed. I checked both user local and global tcc.dbs and neither had records that gave the game or client any privileges. This was concerning because tcc.db appears to be the only user facing way of managing permissions that you would think would be a bare minimum baseline and yet the game and client have full access to my system and those permissions are listed nowhere and are given no where. Ie. the default is just to let it do as it pleases even though its a game that only thing it needs to render to the screen. MacOS should properly fix this and implement proper sandboxing of applications like flatpak. I then began building a configuration scheme for sandbox-exec seeing as it was the last opportunity to correctly contain the application to only have the permissions it needs. I carefully crafted the config but it fails just as simply allowing all with allow default... (version 1) (allow default) I run the application with the following command: sandbox-exec -f ~/config.sb "/Users/Shared/Riot Games/Riot Client.app/Contents/MacOS/RiotClientServices" Below are some of the errors produced from running the client sandboxed. 00:44:09.819 (SplashScreenManager) Displaying splash screen from default-splash.html for 2000ms 00:44:09.825 app.isPackaged true 00:44:09.842 Loading page from http://127.0.0.1:51563/index.html sandbox initialization failed: Operation not permitted Failed to initialize sandbox.[0102/004409.953876:ERROR:exception_snapshot_mac.cc(139)] exception_thread not found in task [0102/004409.954838:ERROR:process_reader_mac.cc(309)] thread_get_state(4): (os/kern) invalid argument (4) [0102/004409.954852:ERROR:process_reader_mac.cc(309)] thread_get_state(4): (os/kern) invalid argument (4) [0102/004409.955178:WARNING:process_reader_mac.cc(532)] multiple MH_EXECUTE modules (/usr/libexec/rosetta/runtime, /Library/Apple/usr/libexec/oah/libRosettaRuntime) [0102/004409.955364:WARNING:process_reader_mac.cc(532)] multiple MH_EXECUTE modules (/usr/libexec/rosetta/runtime, /Users/Shared/Riot Games/Riot Client.app/Contents/Frameworks/Riot Client.app/Contents/Frameworks/Riot Client Helper (Renderer).app/Contents/MacOS/Riot Client Helper (Renderer)) [0102/004410.111422:ERROR:exception_snapshot_mac.cc(139)] exception_thread not found in task [4607:0102/004415.168524:ERROR:gpu_process_host.cc(991)] GPU process exited unexpectedly: exit_code=6 [4607:0102/004415.187770:ERROR:network_service_instance_impl.cc(521)] Network service crashed, restarting service. 00:44:15.215 Renderer process has unexpectedly crashed or was killed: crashed (6) { reason: 'crashed', exitCode: 6 }

I am currently developing a macOS application that listens for system-wide mouse clicks to simulate typing with user-provided text. The app requires Accessibility permissions to function properly, and I want to ensure compliance with Apple’s latest privacy and security guidelines. The app listens to global mouse clicks. It simulates keyboard input with user-provided text I would like detailed guidance on the following aspects: What specific entitlements are required to allow system-wide mouse click monitoring and simulating user input ? App Sandbox enable or disable? what keys required to explain global mouse click monitoring and keyboard input simulation in the info.plist What will be the configuration of Privacy Manifest

I am developing apps using NWJS framework, which access devices on the local network. I am doing this on Sequoia on Macos (Desktop). I have developed other apps using NWJS before, but on earlier versions of Macos. My issue is, I am unable to give my app permission to app to access devices on local network on one of the apps. Some background: Other apps which I have used which access devices on the local network, on first-time launching, have given a prompt asking me if I want to allow or deny access to local device for the app. However, on first-time launching (and many others after that), It simply says the device cannot be reached, and I never get a prompt asking me if I want to allow or deny access to local device for my app. In its barebones proof-of-concept stage of my app, I have an iframe who's src attribute is the IP address of a device known on the network with that address. I have tried the protocol https://192.168.1.99 and http://192.168.1.99 in the src attribute. This protocol works in another app I have built where upon first-time launch, I was able to get a prompt and give it the needed permission. If I check in System Settings > Privacy and Security > Network, the app doesn't appear where I can toggle a setting. I also am unable to explicitly add my app to the list. ** This worked for one app, but not another: In researching this issue, it was recommended that I add the following keys in info.plist: com.apple.developer.networking.multicast - boolean true NSLocalNetworkUsageDescription - string description NSNearbyInteractionUsageDescription - string description This worked for one of my apps, but not another, which has a nearly identical structure. In fact, other than CFBundleIdentifier, CFBundleDisplayName and CFBundleName, info.plist is identical. Why did this work one time, and how can I get my app to prompt for permission for local network access?

Hello, we have received a crash report from AppStore connect / Xcode, TCC_CRASHING_DUE_TO_PRIVACY_VIOLATION on an iPhone 12 Pro running iOS 18.1 (unfortunately, we don't know the user and how did they get the crash) The log mentions NSPhotoLibraryAddUsageDescription, but we are not using photo library in any shape or form, do we still need to include this key in Into.plist? And what do we put there? Thanks! Full log will not fit here, but here is a about half of it, with parts that mention crash (Thread 7), PhotoLibraryServicesCore, PHPerformChangesRequest determineAuthorizationStatusForChanges (Thread 4) and Binary Images, including /System/Library/Frameworks/Photos.framework/Photos /System/Library/PrivateFrameworks/PhotoLibraryServicesCore.framework/PhotoLibraryServicesCore (not sure why are they there) Incident Identifier: 5AFB7CCF-ECEC-40E1-AF71-02799924BC8C Distributor ID: com.apple.AppStore Hardware Model: iPhone13,3 Process: Polynomials [8291] Path: /private/var/containers/Bundle/Application/168A2A15-821B-414A-84B6-43C5184E5B59/Polynomials.app/Polynomials Identifier: com.graphmath.PolynomialsSbS Version: 5.1 (16) AppStoreTools: 16C5031b AppVariant: 1:iPhone13,3:18 Code Type: ARM-64 (Native) Role: Foreground Parent Process: launchd [1] Coalition: com.graphmath.PolynomialsSbS [2383] Date/Time: 2024-12-10 05:23:26.6944 +0200 Launch Time: 2024-12-10 05:16:45.7989 +0200 OS Version: iPhone OS 18.1 (22B5069a) Release Type: Beta Baseband Version: 5.10.01 Report Version: 104 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: TCC 0 This app has crashed because it attempted to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSPhotoLibraryAddUsageDescription key with a string value explaining to the user how the app uses this data. Triggered by Thread: 7 ... Thread 3: ... 9 UIKitCore 0x000000018dac114c closure #2 in InProcessAnimationManager.startAdvancing(_:) + 156 (InProcessAnimationManager.swift:900) 10 UIKitCore 0x000000018d5cd118 thunk for @escaping @callee_guaranteed @Sendable () -> () + 36 (:0) 11 Foundation 0x00000001898296c8 NSThread__start + 724 (NSThread.m:991) 12 libsystem_pthread.dylib 0x000000021304937c _pthread_start + 136 (pthread.c:931) 13 libsystem_pthread.dylib 0x0000000213044494 thread_start + 8 Thread 4 name: Thread 4: 0 libsystem_kernel.dylib 0x00000001daf24604 semaphore_wait_trap + 8 1 libdispatch.dylib 0x000000019288466c _dispatch_sema4_wait + 28 (lock.c:139) 2 libdispatch.dylib 0x0000000192884d20 _dispatch_semaphore_wait_slow + 132 (semaphore.c:132) 3 PhotoLibraryServicesCore 0x00000001a37cde70 -[PLPrivacy _checkAuthStatusForPhotosAccessScope:preflightStatus:promptIfUnknown:resultHandler:] + 532 (PLPrivacy.m:554) 4 PhotoLibraryServicesCore 0x00000001a37cd9e0 __87-[PLPrivacy _isPhotosAccessAllowedWithScope:promptIfUnknown:synchronous:resultHandler:]_block_invoke + 240 (PLPrivacy.m:587) 5 libdispatch.dylib 0x00000001928840d0 _dispatch_client_callout + 20 (object.m:576) 6 libdispatch.dylib 0x0000000192893750 _dispatch_lane_barrier_sync_invoke_and_complete + 56 (queue.c:1104) 7 PhotoLibraryServicesCore 0x00000001a37c2c44 -[PLPrivacy _isPhotosAccessAllowedWithScope:promptIfUnknown:synchronous:resultHandler:] + 156 (PLPrivacy.m:582) 8 PhotoLibraryServicesCore 0x00000001a385af74 -[PLPrivacy checkPhotosAccessAllowedWithScope:] + 136 (PLPrivacy.m:608) 9 Photos 0x00000001a2b99854 -[PHPerformChangesRequest determineAuthorizationStatusForChanges] + 52 (PHPerformChangesRequest.m:417) 10 Photos 0x00000001a2c59a78 __102-[PHPhotoLibrary _performCancellableChanges:withInstrumentation:onExecutionContext:completionHandler:]_block_invoke + 80 (PHPhotoLibrary.m:2044) ... Thread 7 Crashed: 0 libsystem_kernel.dylib 0x00000001daf36ec4 __abort_with_payload + 8 1 libsystem_kernel.dylib 0x00000001daf56bec abort_with_payload_wrapper_internal + 104 (terminate_with_reason.c:102) 2 libsystem_kernel.dylib 0x00000001daf56c20 abort_with_payload + 16 (terminate_with_reason.c:124) 3 TCC 0x00000001ada4eb10 TCC_CRASHING_DUE_TO_PRIVACY_VIOLATION + 172 (TCC.c:579) 4 TCC 0x00000001ada4a210 ___tcc_server_send_request_authorization_block_invoke_3 + 124 (tcc_server.c:322) 5 TCC 0x00000001ada4e230 __tccd_send_message_block_invoke + 624 (TCC.c:0) 6 libxpc.dylib 0x00000002130adc40 _xpc_connection_reply_callout + 116 (serializer.c:119) 7 libxpc.dylib 0x00000002130a0390 _xpc_connection_call_reply_async + 80 (connection.c:894) 8 libdispatch.dylib 0x0000000192884150 _dispatch_client_callout3 + 20 (object.m:602) 9 libdispatch.dylib 0x00000001928a1b2c _dispatch_mach_msg_async_reply_invoke + 340 (mach.c:3102) 10 libdispatch.dylib 0x0000000192896f98 _dispatch_root_queue_drain_deferred_item + 336 (queue.c:7291) 11 libdispatch.dylib 0x00000001928967cc _dispatch_kevent_worker_thread + 500 (queue.c:6764) 12 libsystem_pthread.dylib 0x0000000213047cb4 _pthread_wqthread + 344 (pthread.c:2702) 13 libsystem_pthread.dylib 0x0000000213044488 start_wqthread + 8 Binary Images: ... 0x1a2b1e000 - 0x1a2e98fff Photos arm64e <286e53b489dc3526809cde731d193edd> /System/Library/Frameworks/Photos.framework/Photos 0x1a37bf000 - 0x1a38d8fff PhotoLibraryServicesCore arm64e <2ef5261171363f638de0424b4a0ad257> /System/Library/PrivateFrameworks/PhotoLibraryServicesCore.framework/PhotoLibraryServicesCore 0x1ada46000 - 0x1ada5dff0 TCC arm64e <8d07479816c73b24a7cc13b7e3f6f361> /System/Library/PrivateFrameworks/TCC.framework/TCC 0x1d6b63000 - 0x1d6b6bfff GraphicsServices arm64e /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices ...

Hey Devs, Do we have any possibility to make the apps hidden or move them to hidden folder(in iOS 18) programmatically?

I'm trying to detect the state of Local Network privacy on macOS Sequoia via NWBrowser, as recommended in https://developer.apple.com/documentation/technotes/tn3179-understanding-local-network-privacy Regardless of the state of Local Network privacy - undetermined, allowed or denied, NWBrowser receives an update indicating that its in the ready state. Scanning does not seem to trigger the Local Network privacy alert for me - I have to use the other recommended method to trigger the prompt. Enabling or disabling Local Network privacy does not seem to send any updates for NWBrowser. https://developer.apple.com/forums/thread/666431 seems related, and implies that they did receive further updates to NWBrowser. Filed as FB16077972

I am a complete newbie when it comes to Swift and MacOS development. So apologies, I don't even know what is the right thing to search for. I have an app which uses ScreenCaptureKit. I had a preview working which showed the different windows available, it initially required me to give my app permissions for screen and system audio recording which I did. However now whenever I rebuild the app it asks for permission again and fails - despite the permission already being given.

Hi, We have an issue (https://github.com/actions/runner-images/issues/10924) raised by a user requesting to add 'local network access' permission for macOS 15 and macOS 15-arm64 image runners. Apple introduced a new LNP policy with macOS Sequoia that is not controlled by TCC or MDM. Could you please guide us on how to add 'local network access' permission for macOS 15 and macOS 15-arm64 image runners? Thanks.

I am a new developer working to publish an app that includes a location tracker but does not collect user location data. I lam developing my app using Thunkable. My initial submission was rejected because opening the app triggered the error message: "This app is missing "NUserTrackingDescription so tracking transparency will fail. Ensure that this key exists in app's info.plist" However when I add in the NUserTrackingDescription it triggers a process by which I have to notify users that their location data is being collected, which is not the case. I am looking for advice on how to re-submit my app with the correct privacy settings that do not trigger the error message received previously.

When a user first downloads my application they are prompted to sign into their apple account via a pop up. I have not had this pop up previously, I believe the change occurred after iOS18. I have functions that do a few things: Retrieves userRecordID Retrieves a userprofile(via userrecordid) from cloudkit.

I’m trying to understand how the Reddit app knows to open in its anonymous mode when a link is opened from Safari’s Private Browsing mode. Does Safari explicitly pass any flag or metadata indicating the request originated from Private Browsing? Or is it inferred by the absence of shared cookies, session tokens, or other stateful data? If the detection is based on the absence of cookies, could this logic misidentify other stateless scenarios as ‘private’?

I use activeInputModes in my app. I require the users to use English keyboard on one view controller in my app. At that page, I access the activeInputModes and return the English system keyboard. I don't customize the keyboard. Which one should I choose? In your NSPrivacyAccessedAPITypeReasons array, supply the relevant values from the list below. 3EC4.1 Declare this reason if your app is a custom keyboard app, and you access this API category to determine the keyboards that are active on the device. Providing a systemwide custom keyboard to the user must be the primary functionality of the app. Information accessed for this reason, or any derived information, may not be sent off-device. 54BD.1 Declare this reason to access active keyboard information to present the correct customized user interface to the person using the device. The app must have text fields for entering or editing text and must behave differently based on active keyboards in a way that is observable to users.

I am trying to create an app that lets the user send Wake On LAN calls to computers in the local network. I created a small package that uses BSD sockets (https://github.com/pultar/WakeOnLAN/blob/main/Sources/CWakeOnLAN/wol.c) to send the magic packet. For now, I select "en0" manually as the interface. The app works in the simulator but fails on a real device. I also noticed that I can test the package when I only use the terminal and Swift Package Manager but not from a CLI within XCode. In either case, I observe: "No route to host" Following previous post in the forum (see below), I figured I require the multicast entitlement, which I was granted and could add in the Xcode project settings and on Apple Developer together with my App Bundle ID. However, even after activating the entitlement for my app, I observe the same error.

Hello, AFAIU, a new purple dot indicator was added within the Control Center in Sequoia 15.1. Up until now it was used to indicate audio recording. My question is where would I get detailed documentation on this new indicator? I did find the following link https://support.apple.com/en-ca/guide/mac-help/mchl50f94f8f/15.1/mac/15.1 although it seems out of date, i.e. still noting only audio recording and nothing regarding screen recording. Also, can this indicator be suppressed in any way? e.g. via MDM or other means. Thanks, Doron.

Hi all, I received the following email from Apple: ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/share_plus.framework/share_plus”, which includes share_plus, an SDK that was identified in the documentation as a privacy-impacting third-party SDK. Starting February 12, 2025, if a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests I use Share Plus version 7.2.2 which does not have privacy manifest file yet but I am currently unable to upgrade it to a newer version since it would then bring a restriction that I should start using Dart version 3 where I am not there yet considering my other dependencies! So I am wondering what options I have... Will Apple accept my app's new submission if I add this manifest file to my project itself rather than it is being presented in the third-party SDK? Or what else can I do, please?

Hi, I'm trying to set up automated backups on my machine using a combination of restic, a wrapper script, and a launchd agent, but I think I'm hitting a problem with the local network privacy dialogue. Basically, the script sets up the environment variables for Restic, which then tries to backup to a local REST server. Problem is, when trying to do that, I get the following error: Fatal: unable to open config file: Head "https://X:X@X.X.X.network:8000/X/X.X.X.network/config": dial tcp 192.168.50.229:8000: connect: no route to host So it resolves DNS just fine, but can't connect to the local server. I tried a couple of things, tools such as ping work and can ping the local server, but nothing I do fixes the issue with restic itself. After reading about the network privacy feature, which I loved by the way, I believe it's the culprit here. This is the .plist file I'm using, which lives in ~/Library/LaunchAgents/com.james.local-backup.plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.james.local-backup</string> <key>ProgramArguments</key> <array> <string>/Users/james/.local/bin/replicator</string> <string>--backup</string> <string>rest:https://X.X.X.network:8000/X/X.X.X.network</string> </array> <key>EnvironmentVariables</key> <dict> <key>PATH</key> <string>/opt/homebrew/opt/coreutils/libexec/gnubin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string> <key>XDG_CONFIG_HOME</key> <string>/Users/james/.config</string> </dict> <key>StartCalendarInterval</key> <dict> <key>Hour</key> <integer>13</integer> <key>Minute</key> <integer>0</integer> </dict> <key>StandardErrorPath</key> <string>/tmp/com.user.backup.err</string> <key>StandardOutPath</key> <string>/tmp/com.user.backup.out</string> <key>ProcessType</key> <string>Background</string> </dict> </plist> The local network dialogue never shows up, so I can't give the wrapper script or restic access to the local network, which I assume is why it can't connect to the local server. Any way I can solve this? I could build a proper Swift CLI that calls restic, but I assume I'd hit the same issue. Plus, it seems overkill for my needs.

I have an app where I'm integrating the Branch.io SDK for deeplinks. I plan to use it just for deeplinks and that's it. The SDK provides it's own privacy manifest file with privacy tracking domains defined and some collected data types with "Used for Tracking" set to YES. Does anyone know if I can keep tracking disabled in the App Store Connect - App Privacy section in case if I'll configure the SDK to disable tracking completely without asking users with the ATT permission request?

I am currently developing an SMS filter extension and would like to clarify certain aspects of App Store policies and Apple's privacy guidelines regarding data collection. In my extension, SMS messages are filtered using the deferQueryRequestToNetwork method to perform server-based filtering. While I understand and respect Apple’s prohibition on transmitting or storing sensitive data such as message content or sender information, I am considering collecting non-personally identifiable statistical data related to the filtering process, such as: The total number of messages filtered via the extension. Hourly statistics of filtered messages. Category-based statistics (e.g., promotion, phishing, transaction). This statistical data would be: Fully anonymized, ensuring no personally identifiable information (PII) is collected or stored. Used exclusively for providing users with aggregated insights, such as daily or weekly filtering statistics, and improving the filtering process. Given that the filtering occurs via the deferQueryRequestToNetwork mechanism, the data collection would involve the server but would remain strictly limited to anonymized statistics. Furthermore: Users would be fully informed about this data collection via a transparent privacy policy and in-app notification. Explicit user consent would be obtained before collecting or transmitting any data. Data transmission would be secured, and no raw message content or sender details would ever be stored or transmitted. Could you confirm if this practice complies with Apple’s policies? Are there any additional requirements or recommendations for handling anonymized statistical data collected via server-based filtering in an SMS filter extension?

Hello, I'm currently working on an authorization plugin for macOS. I have a custom UI implemented using SFAuthorizationPluginView (NameAndPassword), which prompts the user to input their password. The plugin is running in non-privileged mode, and I want to store the password securely in the system keychain. However, I came across this article that states the system keychain can only be accessed in privileged mode. At the same time, I read that custom UIs, like mine, cannot be displayed in privileged mode. This presents a dilemma: In non-privileged mode: I can show my custom UI but can't access the system keychain. In privileged mode: I can access the system keychain but can't display my custom UI. Is there any workaround to achieve both? Can I securely store the password in the system keychain while still using my custom UI, or am I missing something here? Any advice or suggestions are highly appreciated! Thanks in advance!