I would like to create a private container and share a zone between two users with different iCloud accounts. All changes made by one would be notified with push notifications to the other user's db. Both could change the same information. Exactly as it is done in this apple project. https://developer.apple.com/documentation/cloudkit/shared_records/sharing_cloudkit_data_with_other_icloud_users However, I have been reading this code for days and I am stuck on it, it is extremely complicated for my level. I would really like to know if there is any simple project that uses the same idea to build this logic with swiftui.

On Sequoia it became impossible to properly debug programs using third party mDNS, multicast or broadcast, thanks to a bug? in I guess the new local network privacy feature, every send call returns no route to host. If I run the CI job, which properly packages, signs, notarizes said program, the resulting .app works fine and also requests permission to access the local network - which is impossible through lldb as it doesn't have an Info.plist, just the ***** binary itself. However this may not be the issue, see the repro method below. A fast and easy method to reproduce is using an example from this repo: https://github.com/keepsimple1/mdns-sd/ Running the query example in a good old shell without lldb (cargo run --example query _smb._tcp) starts outputting results. Then running the same binary through lldb (lldb -o run target/debug/examples/query _smb._tcp) would result in no route to host errors. I can't provide an output anymore as I was forced to downgrade. It works fine again on 14.6.1. I'm a bit reluctant to even try 14.7. Also reported in feedback assistant: FB15185667

Hello! I'm developing NETransparentProxyProvider which started to work unexpectedly on macOS 15. Seems that iCloud Private Relay is not auto-disabled anymore in favor of another filtering software, when Firewall is enabled in macOS 15. Disabling firewall immediately restores old behavior. To reproduce this issue, you need to enable both iCloud Private Relay and Firewall. Then, Safari will always try to use iCloud Private Relay, even if Transparent Proxy has "destinationAddress:nil" rule. Every connection from Safari will be to "mask.icloud.com" over HTTP/3. Connections inside are not visible as separate flows. Since I have excludedRule for "icloud.com" (to not to alter Apple services), Safari traffic is just stopped to be processed. Is new behavior is expected or some type of regression?

I was able to successfully pass a PAT token challenge with my iPhone in iOS 18. However, after installing a corporate profile via Google Device Policy, it no longer passes the challenge. Is this expected? I.e. does Apple consider a device with a profile to be less secure than one without it?

New Local Network Privacy Setting has been added in Privacy & Security Section of system Settings. I just want to know if this permission be managed through MDM mobileconfig profile. Let me know if any suggestions are there, in respect to this.

Hello, I have a Qt c++ executable that accesses a server backend on my local network. After building the executable, I can run it either from within the Qt Creator IDE, OR I can run it from the command line. When I launch from within the Qt Creator IDE, the same executable cannot talk to the backend server on my local network. However, the same executable when launched from the command line works fine. This started only with macOS Sequoia and the new "Local Network" permission. How can I get my IDE launched executable to work? Otherwise I cannot continue my app development.

My App is a rather small menu-bar status-item app with 2 informational windows. It does NOT make use of ANY of the APIs mentioned here: https://developer.apple.com/forums/thread/663874 that are bound to need "Local Network" hence trigger TCC dialog. Yet - on first run of the app, the dialog pops. App is Obj-C, and the only APIs used are Notification-Center (for scheduling local notifications to the user), XPC connections and calls to other (our) apps for gathering that information, plus normal AppKit windowing (Controls, Text-fields, etc.) nothing else. Obviously SOMETHING I do causes the thing - and I know for sure this app DOES NOT NEED access to the local network - only I do not know how to identify the specific API I need to avoid using (or change the way I'm using) Are there any specific system logs to watch for? Is there any official set of APIs that will trigger the dialog? Provided that I cannot avoid this - could this permission be granted via MDM profile payload? Our product comes with

Users will receive a unique ID, if a user enters another user's ID they will go to a view where both have access to the information, being able to change, add, delete... (Paired, available on App Store) Public container is not secure, private with ckshare doesn't seem to work for what I would like, plus the content is very confusing I need something that uses native Apple technologies to build this system.

Hi Team, OS is prompting for local network permission for our application which runs as root level daemon. As per the our analysis, it looks like it is prompting from our own library which is trying to get network info ' using /usr/sbin/system_profiler with "-xml -detailLevel basic SPNetworkDataType" and then trying to iterate to find DNS.ServerAddresses for each item. Then using [NSHost hostWithAddress:IPAddress];(When this library is not linked to the app then there is no prompt, so most likely this is the code that is resulting in the prompt). Is this expected ? . Is there any other way that we can get DNS host name without being prompted for local network permission on mac OS 15

I need to integrate BLE (Bluetooth Low Energy) functionality into an authorization plugin. Specifically, I want to use a beacon to send a notification to the user if the app is not running or has been killed. However, I’ve encountered a significant limitation: Core Bluetooth is not permitted to be used within authorization plugins, whereas the Multipeer Connectivity framework operates without issue which use WiFi. This has led me to a few questions: What are the fundamental differences in entitlements or restrictions between Core Bluetooth and the Multipeer Connectivity(WiFi) framework that could explain why Core Bluetooth is disallowed in authorization plugins? Are there specific technical or security concerns associated with Core Bluetooth that prevent its use in these contexts, while the Multipeer Connectivity framework is allowed? Given that Google’s Nearby Connections API can work within authorization plugins, could there be any similar approaches or best practices for implementing BLE functionality in scenarios involving authorization plugins? For reference, you can check Google’s Nearby Connections API here: Google Nearby Connections - https://developers.google.com/nearby/connections/swift/get-started Any insights or suggestions on how to overcome this limitation or alternative approaches to achieve the desired functionality would be greatly appreciated. Thank you in advance for your help!

Starting from macOS 15 (macOS Sequoia), a new pop-up is triggered: “Local Network Privacy.” We have some questions regarding this new pop-up on MacOS: Running the following simple code: cups_dest_t *dests; int num_dests = cupsGetDests(&dests); triggers the “Local Network Privacy” pop-up. Question: Is this intended behavior? Even if the user presses the “Deny” button, printers can still be iterated, and it is possible to set options for the printer. Is this intended behavior? If so, which actions related to the CUPS library will be denied when the user presses the “Deny” button? Question: Should this pop-up appear for daemons/launchd processes? We found similar questions on some forums, but the answers are unclear. It seems that the pop-up should not appear for launch daemons. We tested the mentioned code with CUPS, and the pop-up was triggered. Is this a bug? If so, will it be resolved before the new macOS version is released? Question: There is somewhere documented all the scenarios in which this pop-up may appear is challenging? Regarding automatically allowing or disallowing the pop-up: We found the following response: “There is no way to automatically allow or disallow the local network privacy prompt. If it shows up in your app, you will need to analyze your code to better understand how the prompt is being triggered. If the prompt is triggered by a library you do not control, you will need to either remove the library or inquire further with the library vendor.” Question: How can we ensure that a launchd daemon will work as expected if the user presses the “Deny” button? Is there any way to detect if the user pressed “Deny”?

In macOS Sequoia, I want to open programmatically the Local Network pane in Settings > Privacy & Security. But I can't find the pane ID.

I am looking to use the iOS share sheet in my app where the user can send an invite link to friends, however I want to limit the number of times they can do this. Is it possible to limit the number of recipients who you can share an item using the share sheet, or if there any sort of post-feedback sent from the share sheet back to the app once the share sheet is closed?

PLATFORM AND VERSION macOS Development environment: Other: Python Run-time configuration: macOS 14.6.1 DESCRIPTION OF PROBLEM We have created application using python and created .app using pyInstaller. We want to get the location access using python based application which we are trying to run on MacOS 14.6.1. Without including NSLocationUsageDescription in our info.plist, it is working fine but not getting location permission pop up. After including NSLocationUsageDescription in info.plist application got corrupted. STEPS TO REPRODUCE We are using below commands to sign the application codesign --force -s "Developer ID Application: Pitney Bowes (72NX38Y9GF)" -v DeviceHub.app --deep --strict --options=runtime --entitlements ../info.plist DeviceHub.app ditto -c -k --keepParent --rsrc --sequesterRsrc --arch 'x86_64' DeviceHub.app DeviceHub.zip xcrun notarytool submit DeviceHub.zip --keychain-profile "DHAgentProfile" --wait xcrun stapler staple DeviceHub.app

I have some questions about Apple privacy manifest. I have a visionOS app called Project Graveyard. I'm getting ready for the visionOS 2 release. Since my last update Apple has started requiring privacy manifest files, but the documentation is extremely vague and I can't tell if I actually need one or not. My app stores data two types of data for the user. User Defaults - App settings: lights, rain, window placement etc. SwiftData + CloudKit - User generated data: a list of project names and some optional text. User customization options for each item. The data is stored on device or in CloudKit. I do not "collect" this data, it is simply there for the app to function. Do I need a privacy manifest for this type of data? If so, what do I "declare".

When I want to update my iOS, get this message: does temporary removing this apps, changes their identifierForVendor? Because as documentation states, identifier changes when all apps from the same vendor are being reinstalled. If it does, does also UserDefaults gets cleared?

"Sign in with Apple" logo - how to make personalized for MacOS using my customized logo for the specific application?

macOS popup a dialog "Allow App to find devices on local networks?" to ask Local Network permission. I would like to analyze when it popup and how it impacts my app user scenario. But this dialog only popup when Local Network privacy list not contain this app, once user pressed allow / don't allow, it won't popup again. System Settings UI does not support removing Local Network permission, so I tried this command but not working. tccutil reset All There is also a post mentions that it does not work: https://developer.apple.com/forums/thread/757949 Is there a way to remove this privacy settings? I don't want to reinstall macOS to test it.

I'm using CMMotionManager startDeviceMotionUpdatesUsingReferenceFrame: CMAttitudeReferenceFrameXTrueNorthZVertical and have set the NSMotionUsageDescription ("Privacy - Motion Usage Description") property in the info.plist. But I don't see a permissions popup. I also don't see any mention of this in the app's section of the Settings app. When is this usage description string used? I wonder if there is some connection between the motion permission and the location permission, which I also use?

I'm running a launch agent in a CI node. The agent is responsible for launching CI build/test jobs. The agent, being the responsible process, has been granted kTCCServiceScreenCapture permission. With this in place I can run /usr/sbin/screencapture during CI test jobs, archiving the visual state of the CI machine if a test fails, which makes it easier to diagnose why the test failed. However with macOS 15 I get weekly/monthly notifications about the agent being able to record the screen. The general advice for this is that apps should migrate to ScreenCaptureKit, but I'm using a built in tool in macOS, /usr/sbin/screencapture, so how am I supposed to deal with that?