Hello, Title states it basically. I have a java program (launched via shell script) running as a service using launchd which is running as a user (not root) and it does not request Local Network permissions ever. I feel like i'm missing something here. I combed through all of the Local Network FAQs and don't really see this use case addressed. I do see that there is an open ticket for an API to trigger the request, but no update on that and the ticket is not visible publicly. Is there is a way to accomplish this for java or other programs running via launchd with a user other than root? something like an entitlement or an API to seed the permission of Local Network when installing the service via launchctl etc?

Please help me clarify the current situation regarding the necessity of a privacy manifest file in 3rd party SDKs. It would be nice to have a reply from someone working at Apple, to have a reliable answer. A quick summery of the events from last year https://developer.apple.com/support/third-party-SDK-requirements/ : "Starting in spring 2024, you must include the privacy manifest for any SDK listed below when you submit new apps in App Store Connect that include those SDKs, or when you submit an app update that adds one of the listed SDKs as part of the update." Last autumn, we started receiving warning emails from Apple after initiating app reviews, even when our apps did not have a newly added SDK: ITMS-91061: Missing privacy manifest - Starting November 12, 2024, if a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. According to this warning message, app updates which do not contain any new SDKs are still not affected. Since then, at one point in time the deadline changed, as now we have February 12, 2025 in the privacy manifest documentation: https://developer.apple.com/documentation/bundleresources/adding-a-privacy-manifest-to-your-app-or-third-party-sdk However, this page does not contain any mention of the circumstances, it only states in general that apps you submit for review in App Store Connect must contain a valid privacy manifest file for a certain number of commonly used third-party SDKs. My questions Does the February deadline apply to every app update, even if they do not contain any newly added SDKs? Or does it still affect only the app updates "that adds one of the listed SDKs as part of the update." ? If the former, the 3rd party requirements page should be updated in my opinion. And if the latter, why does the documentation not contain this important piece of information? We have a basic product which then gets customised for the clients so we upload several different apps based on the same code with the same dependencies. How is it possible that during autumn, Apple sent ITMS-91061: Missing privacy manifest warnings for some of our apps, but did not send it for others? Does Apple not validate all the apps but only some of them randomly? Also, the warning still states that it should be relevant if "an app update adds a new privacy-impacting SDK", but that was not the case for us, we did not add anything newly to our apps - why did we even get these warnings then? Just in general: when the deadlines change, is there any channel where Apple communicates these, besides the warning emails? I did not see any posts on the Apple Developer site's News page about this February date, I just found it by accident. I don't even remember seeing a notice about the original November deadline, we just started receiving the email warnings without expecting them. Thank you in advance for anyone sharing an answer.

I have read the other most relevant posts on this topic here and here. However, the situations described in these posts are different. My app is just a regular Mach-O bundle with a single executable that is launched by the user from the Finder. I've read the Local Network Privacy FAQ and TN3179 carefully and these also doesn't cover the problem described below, which is being reported to me by several of my users. The problem is that some days after giving Local Network permission to my app, without having changed anything, local network connections will spontaneously start failing with EHOSTUNREACH, indicating that it is being blocked by macOS. This typically happens after a Mac reboot. Toggling off/on the Local Network permission for my app will get it working again, until the next time it fails. My users who are reporting this have stated that they are running macOS Sonoma 15.2, with only a single version/copy of my app installed. I've tried, and failed, to reproduce this in a VM with a clean 15.2 system, but maybe this is due to the relatively short duration of my testing (days rather than weeks). I know there isn't much to go on here, and it may be tempting to put this down to misreporting. After all, the vast majority of my users aren't reporting this, and I can't reproduce it. But, I have received enough similar reports at this point that it's starting to feel like a macOS bug. Is anyone else seeing this? If there is anything that anyone can suggest - either modifications in my app, or anything that my users can do on their side - this would be very much appreciated! Many thanks, Ben

My apps was rejected because of this issue Can anyone help me to fix this? how am I supposed to do with this issue?

I want to use the Apple Healthkit data to recommend personalised insurance. Is this allowed? As I have read in the documentation that the Apple Healthkit data can only be used for fitness and health purposes. Anyone knows what is meant / scope of "fitness and health purposes"? Will personalised insurance as per health data be allowed under this category?

AFAIU a new screen capture notification was added within the Control Center in Sequoia 15.2, see attached examples: My question is whether there is some way to suppress this notification preferably via an MDM configuration profile. See also https://discussions.apple.com/thread/255886645?sortBy=rank for more information. Thanks, Doron.

hey everyone.!! In one of my macOS projects I am trying to fetch the files and folders available on "Desktop" and "Document" folder and trying to showing it on collection view inside the my project, but when I try to fetch the files and folder of desktop and document, I am not able to fetch it. But if i try it by setting the entitlements False, I am able to fetch it. If any have face the similar issue, or have an alternative it please suggest. NOTE:- I have tried implementing it using NSOpenPanel and it works, but it lowers the user experience.

Hello, in Appstore Connect, it is expected to declare the collected data types. However, there is something that is pretty confusing, namely the definition of "Data Collection". According to the form: Data Collection Thanks for helping users understand your app's privacy practices. Remember that you're responsible for any third-party code that is added to your app, so if your third-party partners collect data from your app, you must represent that in your responses. “Collect” refers to transmitting data off the device in a way that allows you and/or your third-party partners to access it for a period longer than necessary to service the transmitted request in real time. ..... What does the point "longer than necessary" refer to? Obviously, my app is storing data of user to "function". My understanding is, storing data for functionality doesn't mean collecting data. Is this correct? Thank you.

I am in need of assistance with sandboxing the riot games client and game league of legends. I originally played on a vm from linux but after the change to the incredibly intrusive rootkit malware vanguard. I cannot play from a vm or at least it would be difficult, if this route of containerizing it on mac proves to be more difficult (which wouldn't make sense) then I will go back to spoofing the a vm to not look like a vm. This is even more infuriating because I almost exclusively play Team Fight Tactics in which there is zero cheating and cheating would give a player zero advantage. I decided I would try the Mac version of the game but apple does not sandbox applications at all like flatpak and flatseal from linux. The game has access to my entire system and can read and write to my home directory. This is a massive security risk. I originally tried checking the system settings privacy and security section but the application was not listed anywhere nor was it given access on any of the sections listed. I checked both user local and global tcc.dbs and neither had records that gave the game or client any privileges. This was concerning because tcc.db appears to be the only user facing way of managing permissions that you would think would be a bare minimum baseline and yet the game and client have full access to my system and those permissions are listed nowhere and are given no where. Ie. the default is just to let it do as it pleases even though its a game that only thing it needs to render to the screen. MacOS should properly fix this and implement proper sandboxing of applications like flatpak. I then began building a configuration scheme for sandbox-exec seeing as it was the last opportunity to correctly contain the application to only have the permissions it needs. I carefully crafted the config but it fails just as simply allowing all with allow default... (version 1) (allow default) I run the application with the following command: sandbox-exec -f ~/config.sb "/Users/Shared/Riot Games/Riot Client.app/Contents/MacOS/RiotClientServices" Below are some of the errors produced from running the client sandboxed. 00:44:09.819 (SplashScreenManager) Displaying splash screen from default-splash.html for 2000ms 00:44:09.825 app.isPackaged true 00:44:09.842 Loading page from http://127.0.0.1:51563/index.html sandbox initialization failed: Operation not permitted Failed to initialize sandbox.[0102/004409.953876:ERROR:exception_snapshot_mac.cc(139)] exception_thread not found in task [0102/004409.954838:ERROR:process_reader_mac.cc(309)] thread_get_state(4): (os/kern) invalid argument (4) [0102/004409.954852:ERROR:process_reader_mac.cc(309)] thread_get_state(4): (os/kern) invalid argument (4) [0102/004409.955178:WARNING:process_reader_mac.cc(532)] multiple MH_EXECUTE modules (/usr/libexec/rosetta/runtime, /Library/Apple/usr/libexec/oah/libRosettaRuntime) [0102/004409.955364:WARNING:process_reader_mac.cc(532)] multiple MH_EXECUTE modules (/usr/libexec/rosetta/runtime, /Users/Shared/Riot Games/Riot Client.app/Contents/Frameworks/Riot Client.app/Contents/Frameworks/Riot Client Helper (Renderer).app/Contents/MacOS/Riot Client Helper (Renderer)) [0102/004410.111422:ERROR:exception_snapshot_mac.cc(139)] exception_thread not found in task [4607:0102/004415.168524:ERROR:gpu_process_host.cc(991)] GPU process exited unexpectedly: exit_code=6 [4607:0102/004415.187770:ERROR:network_service_instance_impl.cc(521)] Network service crashed, restarting service. 00:44:15.215 Renderer process has unexpectedly crashed or was killed: crashed (6) { reason: 'crashed', exitCode: 6 }

I am currently developing a macOS application that listens for system-wide mouse clicks to simulate typing with user-provided text. The app requires Accessibility permissions to function properly, and I want to ensure compliance with Apple’s latest privacy and security guidelines. The app listens to global mouse clicks. It simulates keyboard input with user-provided text I would like detailed guidance on the following aspects: What specific entitlements are required to allow system-wide mouse click monitoring and simulating user input ? App Sandbox enable or disable? what keys required to explain global mouse click monitoring and keyboard input simulation in the info.plist What will be the configuration of Privacy Manifest

I am developing apps using NWJS framework, which access devices on the local network. I am doing this on Sequoia on Macos (Desktop). I have developed other apps using NWJS before, but on earlier versions of Macos. My issue is, I am unable to give my app permission to app to access devices on local network on one of the apps. Some background: Other apps which I have used which access devices on the local network, on first-time launching, have given a prompt asking me if I want to allow or deny access to local device for the app. However, on first-time launching (and many others after that), It simply says the device cannot be reached, and I never get a prompt asking me if I want to allow or deny access to local device for my app. In its barebones proof-of-concept stage of my app, I have an iframe who's src attribute is the IP address of a device known on the network with that address. I have tried the protocol https://192.168.1.99 and http://192.168.1.99 in the src attribute. This protocol works in another app I have built where upon first-time launch, I was able to get a prompt and give it the needed permission. If I check in System Settings > Privacy and Security > Network, the app doesn't appear where I can toggle a setting. I also am unable to explicitly add my app to the list. ** This worked for one app, but not another: In researching this issue, it was recommended that I add the following keys in info.plist: com.apple.developer.networking.multicast - boolean true NSLocalNetworkUsageDescription - string description NSNearbyInteractionUsageDescription - string description This worked for one of my apps, but not another, which has a nearly identical structure. In fact, other than CFBundleIdentifier, CFBundleDisplayName and CFBundleName, info.plist is identical. Why did this work one time, and how can I get my app to prompt for permission for local network access?

Hello, we have received a crash report from AppStore connect / Xcode, TCC_CRASHING_DUE_TO_PRIVACY_VIOLATION on an iPhone 12 Pro running iOS 18.1 (unfortunately, we don't know the user and how did they get the crash) The log mentions NSPhotoLibraryAddUsageDescription, but we are not using photo library in any shape or form, do we still need to include this key in Into.plist? And what do we put there? Thanks! Full log will not fit here, but here is a about half of it, with parts that mention crash (Thread 7), PhotoLibraryServicesCore, PHPerformChangesRequest determineAuthorizationStatusForChanges (Thread 4) and Binary Images, including /System/Library/Frameworks/Photos.framework/Photos /System/Library/PrivateFrameworks/PhotoLibraryServicesCore.framework/PhotoLibraryServicesCore (not sure why are they there) Incident Identifier: 5AFB7CCF-ECEC-40E1-AF71-02799924BC8C Distributor ID: com.apple.AppStore Hardware Model: iPhone13,3 Process: Polynomials [8291] Path: /private/var/containers/Bundle/Application/168A2A15-821B-414A-84B6-43C5184E5B59/Polynomials.app/Polynomials Identifier: com.graphmath.PolynomialsSbS Version: 5.1 (16) AppStoreTools: 16C5031b AppVariant: 1:iPhone13,3:18 Code Type: ARM-64 (Native) Role: Foreground Parent Process: launchd [1] Coalition: com.graphmath.PolynomialsSbS [2383] Date/Time: 2024-12-10 05:23:26.6944 +0200 Launch Time: 2024-12-10 05:16:45.7989 +0200 OS Version: iPhone OS 18.1 (22B5069a) Release Type: Beta Baseband Version: 5.10.01 Report Version: 104 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: TCC 0 This app has crashed because it attempted to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSPhotoLibraryAddUsageDescription key with a string value explaining to the user how the app uses this data. Triggered by Thread: 7 ... Thread 3: ... 9 UIKitCore 0x000000018dac114c closure #2 in InProcessAnimationManager.startAdvancing(_:) + 156 (InProcessAnimationManager.swift:900) 10 UIKitCore 0x000000018d5cd118 thunk for @escaping @callee_guaranteed @Sendable () -> () + 36 (:0) 11 Foundation 0x00000001898296c8 NSThread__start + 724 (NSThread.m:991) 12 libsystem_pthread.dylib 0x000000021304937c _pthread_start + 136 (pthread.c:931) 13 libsystem_pthread.dylib 0x0000000213044494 thread_start + 8 Thread 4 name: Thread 4: 0 libsystem_kernel.dylib 0x00000001daf24604 semaphore_wait_trap + 8 1 libdispatch.dylib 0x000000019288466c _dispatch_sema4_wait + 28 (lock.c:139) 2 libdispatch.dylib 0x0000000192884d20 _dispatch_semaphore_wait_slow + 132 (semaphore.c:132) 3 PhotoLibraryServicesCore 0x00000001a37cde70 -[PLPrivacy _checkAuthStatusForPhotosAccessScope:preflightStatus:promptIfUnknown:resultHandler:] + 532 (PLPrivacy.m:554) 4 PhotoLibraryServicesCore 0x00000001a37cd9e0 __87-[PLPrivacy _isPhotosAccessAllowedWithScope:promptIfUnknown:synchronous:resultHandler:]_block_invoke + 240 (PLPrivacy.m:587) 5 libdispatch.dylib 0x00000001928840d0 _dispatch_client_callout + 20 (object.m:576) 6 libdispatch.dylib 0x0000000192893750 _dispatch_lane_barrier_sync_invoke_and_complete + 56 (queue.c:1104) 7 PhotoLibraryServicesCore 0x00000001a37c2c44 -[PLPrivacy _isPhotosAccessAllowedWithScope:promptIfUnknown:synchronous:resultHandler:] + 156 (PLPrivacy.m:582) 8 PhotoLibraryServicesCore 0x00000001a385af74 -[PLPrivacy checkPhotosAccessAllowedWithScope:] + 136 (PLPrivacy.m:608) 9 Photos 0x00000001a2b99854 -[PHPerformChangesRequest determineAuthorizationStatusForChanges] + 52 (PHPerformChangesRequest.m:417) 10 Photos 0x00000001a2c59a78 __102-[PHPhotoLibrary _performCancellableChanges:withInstrumentation:onExecutionContext:completionHandler:]_block_invoke + 80 (PHPhotoLibrary.m:2044) ... Thread 7 Crashed: 0 libsystem_kernel.dylib 0x00000001daf36ec4 __abort_with_payload + 8 1 libsystem_kernel.dylib 0x00000001daf56bec abort_with_payload_wrapper_internal + 104 (terminate_with_reason.c:102) 2 libsystem_kernel.dylib 0x00000001daf56c20 abort_with_payload + 16 (terminate_with_reason.c:124) 3 TCC 0x00000001ada4eb10 TCC_CRASHING_DUE_TO_PRIVACY_VIOLATION + 172 (TCC.c:579) 4 TCC 0x00000001ada4a210 ___tcc_server_send_request_authorization_block_invoke_3 + 124 (tcc_server.c:322) 5 TCC 0x00000001ada4e230 __tccd_send_message_block_invoke + 624 (TCC.c:0) 6 libxpc.dylib 0x00000002130adc40 _xpc_connection_reply_callout + 116 (serializer.c:119) 7 libxpc.dylib 0x00000002130a0390 _xpc_connection_call_reply_async + 80 (connection.c:894) 8 libdispatch.dylib 0x0000000192884150 _dispatch_client_callout3 + 20 (object.m:602) 9 libdispatch.dylib 0x00000001928a1b2c _dispatch_mach_msg_async_reply_invoke + 340 (mach.c:3102) 10 libdispatch.dylib 0x0000000192896f98 _dispatch_root_queue_drain_deferred_item + 336 (queue.c:7291) 11 libdispatch.dylib 0x00000001928967cc _dispatch_kevent_worker_thread + 500 (queue.c:6764) 12 libsystem_pthread.dylib 0x0000000213047cb4 _pthread_wqthread + 344 (pthread.c:2702) 13 libsystem_pthread.dylib 0x0000000213044488 start_wqthread + 8 Binary Images: ... 0x1a2b1e000 - 0x1a2e98fff Photos arm64e <286e53b489dc3526809cde731d193edd> /System/Library/Frameworks/Photos.framework/Photos 0x1a37bf000 - 0x1a38d8fff PhotoLibraryServicesCore arm64e <2ef5261171363f638de0424b4a0ad257> /System/Library/PrivateFrameworks/PhotoLibraryServicesCore.framework/PhotoLibraryServicesCore 0x1ada46000 - 0x1ada5dff0 TCC arm64e <8d07479816c73b24a7cc13b7e3f6f361> /System/Library/PrivateFrameworks/TCC.framework/TCC 0x1d6b63000 - 0x1d6b6bfff GraphicsServices arm64e /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices ...

Hey Devs, Do we have any possibility to make the apps hidden or move them to hidden folder(in iOS 18) programmatically?

I'm trying to detect the state of Local Network privacy on macOS Sequoia via NWBrowser, as recommended in https://developer.apple.com/documentation/technotes/tn3179-understanding-local-network-privacy Regardless of the state of Local Network privacy - undetermined, allowed or denied, NWBrowser receives an update indicating that its in the ready state. Scanning does not seem to trigger the Local Network privacy alert for me - I have to use the other recommended method to trigger the prompt. Enabling or disabling Local Network privacy does not seem to send any updates for NWBrowser. https://developer.apple.com/forums/thread/666431 seems related, and implies that they did receive further updates to NWBrowser. Filed as FB16077972

I am a complete newbie when it comes to Swift and MacOS development. So apologies, I don't even know what is the right thing to search for. I have an app which uses ScreenCaptureKit. I had a preview working which showed the different windows available, it initially required me to give my app permissions for screen and system audio recording which I did. However now whenever I rebuild the app it asks for permission again and fails - despite the permission already being given.

Hi, We have an issue (https://github.com/actions/runner-images/issues/10924) raised by a user requesting to add 'local network access' permission for macOS 15 and macOS 15-arm64 image runners. Apple introduced a new LNP policy with macOS Sequoia that is not controlled by TCC or MDM. Could you please guide us on how to add 'local network access' permission for macOS 15 and macOS 15-arm64 image runners? Thanks.

I am a new developer working to publish an app that includes a location tracker but does not collect user location data. I lam developing my app using Thunkable. My initial submission was rejected because opening the app triggered the error message: "This app is missing "NUserTrackingDescription so tracking transparency will fail. Ensure that this key exists in app's info.plist" However when I add in the NUserTrackingDescription it triggers a process by which I have to notify users that their location data is being collected, which is not the case. I am looking for advice on how to re-submit my app with the correct privacy settings that do not trigger the error message received previously.

When a user first downloads my application they are prompted to sign into their apple account via a pop up. I have not had this pop up previously, I believe the change occurred after iOS18. I have functions that do a few things: Retrieves userRecordID Retrieves a userprofile(via userrecordid) from cloudkit.

I’m trying to understand how the Reddit app knows to open in its anonymous mode when a link is opened from Safari’s Private Browsing mode. Does Safari explicitly pass any flag or metadata indicating the request originated from Private Browsing? Or is it inferred by the absence of shared cookies, session tokens, or other stateful data? If the detection is based on the absence of cookies, could this logic misidentify other stateless scenarios as ‘private’?

I use activeInputModes in my app. I require the users to use English keyboard on one view controller in my app. At that page, I access the activeInputModes and return the English system keyboard. I don't customize the keyboard. Which one should I choose? In your NSPrivacyAccessedAPITypeReasons array, supply the relevant values from the list below. 3EC4.1 Declare this reason if your app is a custom keyboard app, and you access this API category to determine the keyboards that are active on the device. Providing a systemwide custom keyboard to the user must be the primary functionality of the app. Information accessed for this reason, or any derived information, may not be sent off-device. 54BD.1 Declare this reason to access active keyboard information to present the correct customized user interface to the person using the device. The app must have text fields for entering or editing text and must behave differently based on active keyboards in a way that is observable to users.