Hi, I'm trying to set up automated backups on my machine using a combination of restic, a wrapper script, and a launchd agent, but I think I'm hitting a problem with the local network privacy dialogue. Basically, the script sets up the environment variables for Restic, which then tries to backup to a local REST server. Problem is, when trying to do that, I get the following error: Fatal: unable to open config file: Head "https://X:X@X.X.X.network:8000/X/X.X.X.network/config": dial tcp 192.168.50.229:8000: connect: no route to host So it resolves DNS just fine, but can't connect to the local server. I tried a couple of things, tools such as ping work and can ping the local server, but nothing I do fixes the issue with restic itself. After reading about the network privacy feature, which I loved by the way, I believe it's the culprit here. This is the .plist file I'm using, which lives in ~/Library/LaunchAgents/com.james.local-backup.plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.james.local-backup</string> <key>ProgramArguments</key> <array> <string>/Users/james/.local/bin/replicator</string> <string>--backup</string> <string>rest:https://X.X.X.network:8000/X/X.X.X.network</string> </array> <key>EnvironmentVariables</key> <dict> <key>PATH</key> <string>/opt/homebrew/opt/coreutils/libexec/gnubin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string> <key>XDG_CONFIG_HOME</key> <string>/Users/james/.config</string> </dict> <key>StartCalendarInterval</key> <dict> <key>Hour</key> <integer>13</integer> <key>Minute</key> <integer>0</integer> </dict> <key>StandardErrorPath</key> <string>/tmp/com.user.backup.err</string> <key>StandardOutPath</key> <string>/tmp/com.user.backup.out</string> <key>ProcessType</key> <string>Background</string> </dict> </plist> The local network dialogue never shows up, so I can't give the wrapper script or restic access to the local network, which I assume is why it can't connect to the local server. Any way I can solve this? I could build a proper Swift CLI that calls restic, but I assume I'd hit the same issue. Plus, it seems overkill for my needs.

I have an app where I'm integrating the Branch.io SDK for deeplinks. I plan to use it just for deeplinks and that's it. The SDK provides it's own privacy manifest file with privacy tracking domains defined and some collected data types with "Used for Tracking" set to YES. Does anyone know if I can keep tracking disabled in the App Store Connect - App Privacy section in case if I'll configure the SDK to disable tracking completely without asking users with the ATT permission request?

I am currently developing an SMS filter extension and would like to clarify certain aspects of App Store policies and Apple's privacy guidelines regarding data collection. In my extension, SMS messages are filtered using the deferQueryRequestToNetwork method to perform server-based filtering. While I understand and respect Apple’s prohibition on transmitting or storing sensitive data such as message content or sender information, I am considering collecting non-personally identifiable statistical data related to the filtering process, such as: The total number of messages filtered via the extension. Hourly statistics of filtered messages. Category-based statistics (e.g., promotion, phishing, transaction). This statistical data would be: Fully anonymized, ensuring no personally identifiable information (PII) is collected or stored. Used exclusively for providing users with aggregated insights, such as daily or weekly filtering statistics, and improving the filtering process. Given that the filtering occurs via the deferQueryRequestToNetwork mechanism, the data collection would involve the server but would remain strictly limited to anonymized statistics. Furthermore: Users would be fully informed about this data collection via a transparent privacy policy and in-app notification. Explicit user consent would be obtained before collecting or transmitting any data. Data transmission would be secured, and no raw message content or sender details would ever be stored or transmitted. Could you confirm if this practice complies with Apple’s policies? Are there any additional requirements or recommendations for handling anonymized statistical data collected via server-based filtering in an SMS filter extension?

Hello, I'm currently working on an authorization plugin for macOS. I have a custom UI implemented using SFAuthorizationPluginView (NameAndPassword), which prompts the user to input their password. The plugin is running in non-privileged mode, and I want to store the password securely in the system keychain. However, I came across this article that states the system keychain can only be accessed in privileged mode. At the same time, I read that custom UIs, like mine, cannot be displayed in privileged mode. This presents a dilemma: In non-privileged mode: I can show my custom UI but can't access the system keychain. In privileged mode: I can access the system keychain but can't display my custom UI. Is there any workaround to achieve both? Can I securely store the password in the system keychain while still using my custom UI, or am I missing something here? Any advice or suggestions are highly appreciated! Thanks in advance!

If we record the user's Device Model (ie. iPhone 15), what checkbox do we need to select under Data Collection in App Privacy? Device model is not a unique identifier, we do not use it for tracking. We use it to know in aggregate which phone models are using our app the most so we can prioritize our QA to focus on the top devices. Please note: we DO NOT access Device ID, as we DO NOT use it.

Hello, Let's say I have several opened user sessions in parallel. Endpoint Security notify about executing a process (ES_EVENT_TYPE_NOTIFY_EXEC) and provide audit token. The goal is to find relationship between logged-in users and new process. Can I use audit user ID for this? Thank you in advance.

Hello Developers, I have ran into a problem while sending mail to apple private relay email. We have built a mobile application where user can sign up through apple and they can sign up using hide-my-email feature. Which provides private relay address for us. Now we want to communicate with them using private relay mail address. The technology we are using to send emails are amazon SES, have done SPF, DMIK, DMARC and added domains in apple identity services for mail communication, passed an SPF check as well. But still mail is not getting delivered what am i doing wrong or apple doesn't support third party apps for sending emails to private relay? Is there any other way to achieve this please let me know Using the same body as attached in image is working fine for rest emails.

The user has already enabled local network permissions. However, when I use nw_connection_t for a local network TCP connection, nw_path_unsatisfied_reason returns nw_path_unsatisfied_reason_local_network_denied. The system logs also indicate a lack of local network permissions. This is an intermittent bug that typically occurs after uninstalling and reinstalling the app. Restarting the app does not help, toggling permissions on and off does not work, and uninstalling and reinstalling the app also fails to resolve the issue. Restarting the phone is the only solution, meaning users can only fix it by rebooting their device.

I have a command line app under active development in XCode. It is based on receiving multicast traffic and processing it. I generate this traffic with another app, and generally just leave it running. When I do a build and run in XCode, I get a message asking me for Local Access. If I click yes, no network traffic will be received. I need to restart the command line tool multiple times until I get access. I'm also getting a ton of repeated entries in my Setting-&gt;Privacy-&gt;Local Access. If I configure xcode to launch with terminal, it does work, but that's not a great solution because of the external window (and the fact that I have terminal set "close if exit cleanly", so I lose my data. I can change that setting, but it is fairly inconvenient, and I don't get the console history in XCode. Is there a way to allow my apps to run from xcode without the pop-up or with the delay in activating the network and creating new entries in the Settings? Thanks!

Hi all, For context, the Family Controls entitlement request (for the Personal Device Management category/individual use case) includes the question: Will your app share device or usage data beyond the individual for the individual use case, or Family Sharing for the parent/guardian use case, including through means such as screenshots, screen recordings, or server logging? I'm looking for clarification on how to interpret this. I originally answered Yes and was rejected, then later answered No and was accepted. Ideally, I would like my screen time management app to allow users to opt-in to social features. One simple example is opting into a leaderboard with your friends for who has the lowest screen time. If the user installed this app for themself and chooses to share this basic data with their friends, it sounds like an ethical and unproblematic feature but I suppose storing that data would fall under "server logging"? If anyone has any experience with this, I would appreciate a more explicit description of the requirement above. Is what I described allowed? Thanks for reading!

My application needs local network access. When it is started for the first time, the user gets a prompt to enable local network access (as expected). The application is then shown as enabled in Privacy & Security / Local Network and local network access is working. If macOS is then shutdown and restarted, local network access is blocked for the application even though it is still shown as enabled in Privacy & Security / Local Network. Local network access can be restored either by toggling permission off and on in Privacy & Security / Local Network or by disabling and enabling Wi-Fi. This behaviour is consistent on Sequoia 15.1. It happens sometimes on 15.0 and 15.0.1 but not every time. Is my application doing something wrong or is this a Sequoia issue? If it is a Sequoia issue, is there some change I can make to my application to work around it?

We received a rejection today based on an invalid PrivacyInfo.xcprivacy file. It contained one extra space character was somehow added to a value field. Is there a tool that can check the validity of our PrivacyInfo.xcprivacy files?

Hello everyone! I am having troubles launching my application as Apple keep rejecting it based on Objectifiable Content 1.1.1. My app allows users post events and add car plates to the event and even a photo, to announce that one car has been hit in the parking lot or it's been towed or any other useful usecase that one might one to be aware of about his vehicles. Apple reviewd my app and gave me multiple indications, not to show car plates in the UI, and not even in the pictures. In order to be complient with the GDPR, and any other safety & privacy concerns, I have censored all plates in UI, I have added a functionality that car plates (and faces) are blured in the photos, so basically everything is anonnymised and secured. After this, I was hoping that Apple will approve my app, but here's the unexpected: I still get rejected for 1.1.1 as "posting and collecting plate number information can be defamatory and mean-spirited". Even if I tried to explain them multiple times, I get "robot" responses such as "As I understand your position, we still find your app not complient with 1.1.1" etc. and to review my "app concept" so basically what they are saying is that the only problem remaining with my app si basically....my app. I am really frustrated because on Android the app is already launched and I cannot believe that I am being stuck with it on iOS :( Please help me understand better what can I do. I asked them a last question, If I would implement something like : Admin approval required on each user post, so moderators will need to manually approve posts, so then I will have full annonymisation + full control on what posts are going to reach the news feed, but I got a response like " We cannot review features or concepts" .....

In the past, I used to ping my iPhone‘s local IP address via UDP. If local network permissions were not enabled, it would return an error. If they were enabled, it would return success, which I used to determine whether my app had local network permissions enabled. Now, with iOS 18, it seems to not work anymore. Regardless of whether local network permissions are enabled, pinging the iPhone‘s local IP address always returns success. Is there any other good method to check this permission status? Case-ID: 9934335

We develop and test App for macOS. We start to see system alert - "UlTests-Runner" would like to access data from other apps on each UITest run. Our test suite does cleanup of files generated by App so we need access outside of UITests-Runner sandbox. We enabled Full Disk Access for UITests-Runner at Settings -> Privacy & Security -> Full Disk Access but unfortunately still see this alert. Is there any way to permanently remove/hide this alert or remove sandbox for 'UITests-Runner' since we want to run tests on CI and having this alert is not an option? Note: everything works fine on previous versions of macOS. Environment: macOS - 15.1 (24B83) Xcode - Version 16.1 (16B40)

I'm looking at a case where a handler for NSWindowDidBecomeMain gets the NSWindow* from the notification object and verifies that window.isVisible == YES, window.windowNumber &gt; 0 and window.screen != nil. However, window.windowNumber is missing from the array [NSWindow windowNumbersWithOptions: NSWindowNumberListAllSpaces] and from CGWindowListCopyWindowInfo( kCGWindowListOptionOnScreenOnly, kCGNullWindowID ), how can that be? The window number is in the array returned by CGWindowListCopyWindowInfo( kCGWindowListOptionAll, kCGNullWindowID ). I'm seeing this issue in macOS 15, maybe 14, but not 13.

We noticed a change in the page Adding a privacy manifest to your app or third-party SDK that adds a deadline of November 12 past which invalid manifests will not be allowed in store submissions. Does this mean we can no longer use old versions of third-party SDKs which lack a manifest? (The ones that were allowed because we had already shipped with them.)

The first time my application opened the app on macos15, after I enabled the LNP, my app could access the local network (a socket service was opened locally), but when I restarted the computer and opened the APP again, I could not access the local network at this time, why? Solution :1. Disable and enable the LNP or 2. Reinstall the app

Hi, I have recently encountered an app with some odd behaviour and wanted to clarify some details about the way sandboxing works with iOS apps installed on a Mac. I am unsure whether this is due to a misunderstanding of system behaviour or whether this is a bug. The app was installed from the Mac App Store, designed for iPad. The developer of the app informed me that in lieu of a sign-in process, the app tries to persistently store a UUID of the user on the device so that when the app is deleted and reinstalled, the user is automatically logged in again. The developer says that two mechanisms are being used: 1) NSUserDefaults (via Flutter shared prefs) and 2) identifierForVendor. In the case of 1), my understanding is that these are managed by cfprefsd. Using the 'defaults domain' command, the domain of the app appears. However, there are no keys or values stored. Using the 'defaults write' and 'defaults read' and 'defaults delete' commands on that bundle identifier works as expected, but since it starts out empty, it cannot be read or deleted. Furthermore, the app's data is supposed to be sandboxed in /Library/Containers. When the app is uninstalled from Launchpad, I have confirmed that the folder is missing. When reinstalled, the app's settings and data are missing, but crucially, the cloud identifier is still persistent and is evident after 'setup'. In the case of 2), the developer documentation states that identifierForVendor changes when all apps from a developer have been removed from a device. The app in question is the only app that was installed from this developer, so logically this identifier should have changed when the app was deleted and reinstalled. I have confirmed that iCloud drive is not being used to store this data as there is no data in iCloud for this app. In any case, when the app is uninstalled and reinstalled, the app automatically logs the user into the "account" it was previously logged into, along with all of that user's data in the cloud. I have a sense that this type of persistent identifier tracking is what sandboxing was meant to address, but I am unsure why I have been unable to remove the UUID tag from my system. Any insight would be greatly appreciated!

My application allows to upload photo logs and assign it to a person only by uploading images from camera. In the process it asks for camera and geolocation permissions. At this moment it doesn't do much. Why could this be happening? Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage The app collects information from various public sources to build individual profiles. Next Steps To resolve this issue, please remove any feature that attempts to build individual profiles based on collected public data.