It does not seem to be stored in the system or user TCC database? Having a way to programatically grant the permission to a given app without user interaction, for example when automatically provisioning a CI node for macOS testing (with SIP disabled, so full disk access available), would be nice. Filed as FB14878596

I've been working a lot with the FamilyControls API and App Shield recently but have encountered a problem with no documentation. I used the FamilyActivitySelection to select the app store to shield(This is just for testing), and then printed out the application token: 1wfY¸êB ò S« öi #×(É?âðw ù/jQ ¿ J ïE¢? ·¿ º<Òd?ý r7¥Ãn N átJ¹ÿ85B_{VAF fC8. ,,¸¯3 T7F ±õü; ¹?v@¯ô Ä \-õ# Ò I know the application token is a Codable object so I was wondering, How do I create an application token using the Token<Application> initializer init(from: any Decoder) throws Creates a new instance by decoding from the given decoder. Using the above data? Do I have to encode first in order to decode it? For reference, the code I tried to use is: newValue.applicationTokens.encode(to: JSONEncoder) if let encoded = try? JSONEncoder().encode(newValue.applicationTokens) { data = encoded print(String(data: data, encoding: .utf8)!) } if let app = try? JSONDecoder().decode(Token<Application>.self, from: data) { let token = Application(token: app) print(token) } else { print("didn't work") } But it prints didn't work every time. What should I do differently?

Currently if the app is hidden and locked behind face id even though the notifications are not displayed but the Notification Service Extension still wakes up for the notification. Is it the expected behaviour ? Or should we expect the NSE would not be used as well when the app is hidden.

According to this Apple page, if you make any money from your apps in the EU you have to provide your email address, phone number and address, and they will be displayed on your App Store page for all and sundry to see, use, and likely, abuse. I don't want anyone and everyone to know those details; they are private. I thought Apple was all about privacy? I understand they have to adhere to the DSA, but Apple hasn't raised a single objection to this. Apple has consistently said that not sharing a user's email address with a developer is a part of being in the App Store, i.e. Spotify can't contact someone who downloaded their app; but a user can now contact the developer? I barely make any money from my apps - not even enough to cover the annual developer program fee - but I keep developing to stay current. I cannot afford a PO Box or business address and phone number to shield me from this, so I'm likely to remove my apps from the EU market. You might think I'm being overly-cautious, or having a knee-jerk reaction, but these are my personal, private details, and they should not be available publicly just because I barely clear £1.50 a month from my apps.

MacBook Air black screen

When using wkwebview to load a web page for audio and video calls in iPhone and Mac apps, the permission box will pop up every time after reconstruction of wkwebview, affecting the user's use, is there any way to make the permission pop-up box only pop up for the first time, like app permision pop-up window,instead of popping up every time. If you have previously authorized the permission, even after the app is restarted, do not pop up the permission prompt box in the webview.

Starting with macOS 15, the Local Network Privacy (LNP) feature has been introduced, which has been available on iOS for some time. We are developing an enterprise application for remote control and protection of corporate devices. The management is carried out using a dedicated server, usually located on the internal LAN of the enterprise. In order to interact with this server, devices require access to the local network, which is managed by the new TCC LNP. The UX of our application involves minimal user interaction. To address this issue, we use Apple's MDM to automatically grant various permissions. Additionally, we have scripts for remotely installing the application and configuring it. However, for the new TCC LNP, we have not found a way to do this through the MDM profile. Does Apple intend to incorporate the relevant functionality into the MDM? There are several posts on the dev forum about this topic, but they are all about iOS.

Hello, I am currently developing an app using React Native. The app requires the following permissions: location sharing, camera access, photo library access (write and usage), and microphone access. I have listed all the necessary permissions in the Info.plist file. Until two days ago, everything was working perfectly. However, since then, the location, camera, and microphone permissions have disappeared from the App's Settings page. The photo library permission remains intact. I have not encountered any errors in the Xcode build, and there are no notable differences in the logs. I have tried the following troubleshooting steps: Deleted and reinstalled the app. Removed and re-added the permissions in the Info.plist file, including testing the photo library permission which works as expected. Cleared the Xcode derived data cache using rm -rf ~/Library/Developer/Xcode/DerivedData/*. Deleted and reinstalled CocoaPods by removing the Pod and Podfile.lock files. Reverted to versions from more than two days ago, but the permissions are still missing. Tested on the simulator, but the issue persists. Interestingly, a team member located in a different country (South Korea) reports that all permissions except the microphone are working fine. Has anyone else encountered a similar issue? What could be causing this problem? Are there any suggested solutions or inspired approaches to resolve this? Thank you in advance for any assistance or insights.

Hello, I have been testing my app with iOS 18 beta and noticing an issue with the triggering of Local Network privacy prompt. My app uses this permission to make a request to a local network address. Prior to iOS upgrade to 18 beta, the privacy prompt used to get triggered upon making the request and only after tapping on 'Allow', the subsequent requests used to succeed. If the user turned off the toggle for 'Local Network' in the app settings, then this functionality used to break as expected. Issues observed with 18 beta: The privacy prompt is not getting triggered upon making the request to local network and the request is succeeding. The app already seems to have this access granted but I do not see the permission toggle in the app settings. Upon device restart, the prompt got triggered but even on disallowing the access (tapping Don't Allow), the app is able to make requests to the local network. The permission toggle appears in the app settings, but its state does not impact the app's functionality. Has something changes in this flow? Can someone please help with what might be causing this behaviour?

While analyzing iCloud Private Relay traffic using my App's content filter (based on NEFilterDataProvider), I noticed a couple of items that piqued my curiosity and wanted to see if I could get more information here. Namely, when accessing a HTTP site via iCloud Private Relay, there is an initial flow established to UDP port 80 and an unspecified IPv6 address (i.e, '::'). This seemed odd for a few reasons: IPv6 is disabled on the system and the site I'm connecting with only has an IPv4 address. Also, the unspecified IPv6 address seems strange in general. In the documentation, iCloud Private Relay claims to only use UDP port 443 [1][2]. Could you provide more clarity on how this works in the background? Would it also be possible to confirm whether UDP port 80 should be included in any filtering logic concerning iCloud Private Relay? Note: in case this isn't the general behavior for iCloud Private Relay, I wanted to further clarify that this is the behavior I've seen in Safari 17 on Sonoma and Sequoia, when accessing websites via HTTP, with Safari's "Use advanced tracking and fingerprinting protection" enabled. Thanks! [1] https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay [2] https://support.apple.com/en-ca/101555

with the same issue. https://developer.apple.com/forums/thread/100501 I am running xucitest framework, for e2e testing. And webdriver app is running background, so it could't get clipboard while my tested app in running in front. I could't switch app to get clipboard, because it will refresh my app. Is there any way to allow clipboard permission with webdriver ?

I know, for secure reason, apple forbidden app the ability to get clipboard data in background. But in some case, for example, i use appium to e2e testing my real device. And I could't get clipboard from webdriver. Because it's running background! So, it's there any way to get clipboard from webdriver? It bothers me.

On a personal level, I use 6 trusted apps that utilize screen and system audio recording and I expect that when I allow them to do so, that I am not prompted weekly or upon every startup. On a professional level, it's just bad for developers when there is simply no work around to this. Apple, please add an "always allow" option in the prompt. Thank you. https://9to5mac.com/2024/08/06/macos-sequoia-screen-recording-privacy-prompt/

In my application, I need to load the html5 code downloaded to the local computer through the https server embedded in the application. These local html5 codes are small programs developed by some front-end developers. My https server will only load these small programs locally, so I use a self-signed certificate. The code to access the small program is like this: "https://localhost:12345/MiniAppA", ""https://localhost:12345/MiniAppB". ，My applet container will use different certificate verification rules based on the domain name. I want to know if this technical form will be rejected by AppStore reviewers? - (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler { if ([challenge.protectionSpace.host isEqualToString:@"localhost"]) { NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]; completionHandler(NSURLSessionAuthChallengeUseCredential, credential); } else { completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil); } }

In my app im able to get the live heart rate when app is in foreground. When app is in background/ locked condition live heart rate is not fetched. How to get live heart rate frequently.

Hello, I am developing a health tracking app that includes a feature to calculate heart rate zones. To accurately determine these zones, it is necessary for users to input their date of birth. As a result, after a successful login, the app prompts users to enter their birthday, and this step is mandatory as the information is crucial for calculating heart rate zones tailored to specific age groups. I would like to inquire if this requirement to input the birthday upon login complies with Apple's policies. Additionally, I seek advice on any potential solutions or best practices to address this requirement while adhering to Apple's guidelines. Thanks so much,

As mentioned in https://developer.apple.com/forums//thread/759955 I was having trouble on macOS 15 with a launch agent accessing local network resources, even if the local network permission dialog pops up, and Settings app visually claims the app has permission granted. The following was logged: nehelper +[NEProcessInfo copyUUIDsForExecutable:]_block_invoke: failed to get UUIDs for /Users/foo/my-binary It turned out that the problem was caused by the default golang toolchain not producing a LC_UUID load command, which seems to be critical for the network privacy subsystem to determine whether the binary is allowed access or not. The issue has been reported upstream here: https://github.com/golang/go/issues/68678 To work around this I added -ldflags="-linkmode=external" when building the go binary, so that the system linker (which does add LC_UUID) is invoked.

If I encrypt user data with Apple's newly released homomorphic encryption package and send it to servers I control for analysis, how would that affect the privacy label for that app? E.g. If my app collected usage data plus identifiers, then sent it for collection and analysis, would I be allowed to say that we don't collect information linked to the user? Does it also automatically exclude the relevant fields from the "Data used to track you" section? Is it possible to make even things that were once considered inextricably tied to a user identity (e.g. purchases in an in-app marketplace) something not linked, according to Apple's rules? How would I prove to Apple that the relevant information is indeed homomorphically encrypted?

Hello, is there any plan to add a new service type for Privacy Preferences Policy Control profile to allow apps deployed via MDM on Organization owned devices to access local network without prompting end user on Sequoia ? This would be very welcome, especially in education world where students are good at finding on how to block the tools they are supposed to use. I created FB14540495 for reference. Thanks !

A client asked why we can't detect other apps installed on a device without an MDM profile, we explained this isn't possible due to privacy and security restrictions on iOS. A regular app cannot find other apps that are installed unless part of the same group. The client then told us to download SpyBuster (on the App Store) which somehow is collecting a list of Bundle IDs or names of all installed apps somehow. We were skeptical, but sure enough, the app showed us a list of apps we had installed. How is it doing this?!?! No MDM profile associated with the app. No special permissions requested. No access to anything shown in privacy &amp; security in settings. Is there a special entitlement we're not aware of? Just seems like they must be using a private API call to get this info but that would of course mean it should be pulled from the App Store. We'd love to have this capability in our apps if it's legit and accepted by App Store review. Thanks!