Discuss how to secure user data, respect user data preferences, support iCloud Private Relay and Mail Privacy Protection, replace CAPTCHAs with Private Access Tokens, and more. Ask about Privacy nutrition labels, Privacy manifests, and more.

Posts under Privacy tag

200 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

Secure Enclave with symmetric keys
Hi Folks, I have a need to create and store a 256 bit symmetric key that I use to encrypt and decrypt data stored on disk. There is also a need to continue to do this both in the backgroud and in the application extensions. As far as I know, SE does not work with symmetric key, but there is an option to encrypt the symmetric key with an SE-protected asymmetric key. The question arises, how is this different from just storing the key in Keychain, since I can't take advantage of SE's main advantage of not storing the key in memory, even for a short time. (Anyway, I can't not store the key in memory anyway, because the key is used by a third-party framework.) Should I also use SE for this purpose, decrypt my symmetric key, give the symmetric key to the framework for a short time and then zeroize it?
2
0
386
Jul ’24
Request for Clarification on Guideline 5.1.2(i) Rejection for OneMind App
I have an app, OneMind. The purpose is to unify the voice of the users through a voting process. It is essentially a group chat, which is the main purpose of the app. As an optional incentive, I incorporated a OneMind Token, a Solana-based token, awarded to the user who created the message that won the most votes. It is not mandatory; it is an incentive for users, but it is not the main purpose of the app. My app was denied for the following reasons: Guideline 5.1.2(i) - Legal - Privacy - Data Use and Sharing The primary purpose of the app is still to encourage users to perform digital tasks in exchange for compensation, watch ads and/or perform other marketing-oriented tasks, which is not appropriate. I have thoroughly reviewed Guideline 5.1.2(i) and do not see how my app violates this guideline. The guideline mentions that: "Your app may not require users to enable system functionalities (e.g., push notifications, location services, tracking) in order to access functionality, content, use the app, or receive monetary or other compensation, including but not limited to gift cards and codes." OneMind does not require users to enable any system functionalities for the app to work or to receive compensation. The app functions perfectly without requiring such permissions. Regarding the feedback about encouraging digital tasks for compensation, watching ads, or performing marketing-oriented tasks: Digital Tasks for Compensation: The OneMind Token is a secondary feature to enhance engagement, not the primary purpose. The core functionality is facilitating thoughtful communication and collective decision-making. Watching Ads: Ads are minimal and not central to the user experience. Marketing-Oriented Tasks: The app does not ask users to perform tasks for marketing purposes. Could you please provide a direct quote from Guideline 5.1.2(i) that specifies the violation by our app? I want to ensure OneMind is fully compliant and would appreciate any specific guidance on how to address the review feedback. Thank you for your assistance. Best regards, Joel Castro
2
0
323
Jul ’24
Safari microphone access
Hello, I am browsing with Safari. A website asks me to access my microphone (it is a Safari prompt dialog, not a system dialog). I am answering "yes, you can access to my microphone". Everything works fine, my microphone is allowed. Now, i am going to macOS system settings, in "Privacy & Security" section. I open "Microphone" sub section: And i don't see any entry for Safari. My question is ... Why ? Safari is accessing to my microphone at this moment and i don't see any grant information about this in system settings... Maybe apple allows his own softwares but this is not good for security... I hope it is not the same behaviour for full disk access grant... Thanks
1
0
486
Jul ’24
AppTrackingTransparency and Google consent management platform
Hello, I show Google AdMob ads in my app so I needed to add Google consent management platform prompt provided by Google (documentation can be found here https://support.google.com/admob/answer/13554116). But at the same time, Apple wants me to use their prompt using the AppTrackingTransparency framework and remove the "custom" one (one from Google). Does anyone know how I could resolve that? Is the only way to resolve that to show a prompt using the AppTrackingTransparency framework first and once a user accepts that, show the one from Google CMP? Apple rejected my app update because of this, giving the following reason: "The app does not use App Tracking Transparency to request the user's permission before collecting data used to track them. Instead, the app displays a custom prompt that requests the user to allow tracking. Apps need to receive the user’s permission through the AppTrackingTransparency framework before collecting data used to track them. Requesting permission with a custom prompt is not appropriate.".
0
0
337
Jul ’24
Local Network Access Permission
We provide software that our customers deploy on their employee work computers to secure sensitive data. We have a daemon which could connect to an on-premise web-server for certain functionality. In Mac OS 15 beta we see that there is a local network access permission dialog that comes up sometimes, and it requires a permission to be provided under the Privacy & Security section of the system preferences. We have seen the local network access permission would pop up only when both Server and Client are residing in the same private network range (eg 172.16.x.x. in our case.) When the same server is accessed from a Sequoia machine over a VPN from external network, the local network access permission does NOT pop up. But note in this case, the Sequoia machine has an IP in the 10.x.y.z range, whereas the server is at 172.16.x.y. We have the following questions: In our setup with Macs connecting to a web-server, what conditions can trigger the local network prompt? In particular, do both the client and server need to be in the same private subnet range for the prompt to be shown? Is it possible that a user at home, working on a Sequoia machine, connecting over VPN to an on-prem server, would trigger this prompt? If so, we would submit this is not expected, as a VPN is not really a local network. Is there an MDM way of automatically providing the permission, so that the prompt is suppressed? In general, is there a programmatic way of providing this permission during installation ? if yes how can we do it. How do we stop users from disabling the permission incase the user has admin rights?
21
7
3.1k
Aug ’24
How do I display the "You can choose to quit "AppName" now, or do it on your own later." dialog?
Install and launch a macOS app. At that time, if the app requires permission to record the screen, the following dialog will be displayed from the OS. Grant access to this application in Privacy & Security settings, located in System Settings.   Follow the instructions in this dialog and select "Allow" in the system settings screen. Normally, after "Allow", the following dialog should be displayed from the OS. "AppName" mac may not be able to record the contents of your screen until it is quit. You can choose to quit "AppName" now, or do it on your own later.   But, it does not appear. Why? Is there some setting that needs to be done on the app side?
1
0
312
Jul ’24
Ambiguity in Apple docs - Hermes privacy manifest
The list of common 3rd party SDKs that require a privacy list here: https://developer.apple.com/support/third-party-SDK-requirements/ References a "hermes" SDK. There is some ambiguity about whether this references Facebook/meta's hermes JS engine: https://github.com/facebook/hermes Or Imgur's Hermes notification system: https://github.com/Imgur/Hermes A representative from Meta claims that Apple is referring to Imgur's library, despite the branding using a capital H and Apple's list using a lowercase h (see here: https://github.com/react-native-community/discussions-and-proposals/discussions/776). Can someone from Apple please confirm which SDK is concerned ? We wish to avoid app rejections. Thank you
5
1
425
Jul ’24
Location in the Background constant popups
We have a pair of apps that are used to monitor the location of a person and allow them to reach out for help when needed. The apps are designed to be used with persons with special needs. A large portion of our target audience is people that have cognitive disabilities. One app is used by people that monitor and help the person with needs, and the other is used by the person with needs who is not with them all the time. The issue we have is that our users have trouble understanding what to do when this verification popup appears. This popup continues to appear over and over and over. This is a severe health and safety issue for us. We find that the user is often times confused by the popup and is disabling the background location tracking preventing the needs provider from being able to track the location of the user. It would be great if there was a special Entitlement that could be granted that would prevent this 'feature' of iOS. Or possibly simply a setting that the user's provider can setup on their phone to stop the annoying and dangerous constant popups. If anybody knows of a way to prevent this popup, please let us know. Otherwise, if someone at Apple could suggest how we can make this happen in the future.
3
0
498
Jul ’24
Network Connection on watchOS App
I am developing a watchOS-only app, and whenever I attempt to make a network request, it always fails and throws the following error: Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." I noticed that when I turn off Wi-Fi and Bluetooth in the settings of the iPhone paired with the Apple Watch (thus disconnecting the Apple Watch from the iPhone), my app can successfully connect to the network. Additionally, when the app contains both an iOS app and a watchOS app, after granting network permissions on the iOS app, the watchOS app can access the network normally when connected to the iPhone. When opening some system apps on the Apple Watch (such as the "Workout" app), the app will display a network permission request similar to that on iOS, but this request does not automatically pop up when my watchOS app attempts to access the network. Is there a way to request network permissions in a watchOS-only app so that it can access the network while connected to the iPhone?
3
0
645
Oct ’24
App is getting Rejected Many Times
ITMS-91055: Invalid API reason declaration - The PrivacyInfo.xcprivacy for the “Frameworks/MoEngageSDK.framework/MoEngageSDK” file contains “C617.1” as the value for a NSPrivacyAccessedAPITypeReasons key instead of a valid reason code for using an API in the NSPrivacyAccessedAPICategoryUserDefaults category. Values for NSPrivacyAccessedAPITypeReasons keys in any privacy manifest must be valid reason codes for the corresponding API category. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. ITMS-91055: Invalid API reason declaration - The PrivacyInfo.xcprivacy for the “Frameworks/MoEngageInbox.framework/MoEngageInbox” file contains “1C8F.1 1C8F.1 1C8F.1 1C8F.1 1C8F.1 1C8F.1 1C8F.1” as the value for a NSPrivacyAccessedAPITypeReasons key instead of a valid reason code for using an API in the NSPrivacyAccessedAPICategoryUserDefaults category. Values for NSPrivacyAccessedAPITypeReasons keys in any privacy manifest must be valid reason codes for the corresponding API category. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.
0
0
318
Jul ’24
PHPickerViewController in Limited Access photos mode
Dear Experts, In "limited access" photos mode, I present a PHPickerViewController. It shows the entire photo library, with a note at the top saying that the app can only access the items that I select. I select a photo. In the delegate method, I get a PHPickerResult containing a plausible-looking string for the assetIdentifier. It's the same string that I get for that photo in "full access" mode. Should this photo now be accessible, or do I need to do something else at this point? When I call fetchAssetsWithLocalIdentifiers using this assetIdentifier, I get no results. When I call cloudIdentifierMappingsForLocalIdentifiers, I get error PHPhotosErrorIdentifierNotFound. In "full access" mode, both work OK. What am I missing? Thanks.
3
0
695
Jul ’24
Ios18 bug on “Help apple improve search”
hey guyss…. Im currently using ios18 developer beta 2 on my iphoen 12…Idk if u guys noticed it or not.. but when i turn off the toggle for “Help improve apple search” (settings->search->help improve apple search) it again turns on without my knowledge seconds aftr i close the page. Ive tried restarting my iphone & many more.. nothing seems to work.. im kindoff a more private guy i usually turn off apple analytics.. usage diagnostics and i always make sure data is stored only on my local storage.. and this bug kinda piss me off 😕. i’ve given u the link below to check it out. Peace. https://youtube.com/shorts/YfVDCA-Dfrs?si=qLcl0mWL-Jm9iJFz
1
1
630
Jul ’24
Inquiry Regarding File Scan Permissions for Anti-Malware Feature Implementation
We need to scan newly created or modified files for malware. To achieve this, we added a plist file in the /Library/LaunchDaemons directory and intended to use a daemon process to perform the scans. However, we have encountered an issue where the daemon process cannot access files within Home subfolders such as ~/Downloads/ and ~/Documents/. When running the process as a user, it fails to scan some files due to lack of read permissions. Conversely, when running the process as root, it cannot scan files in the Home subfolders due to privacy restrictions. Could you please advise on the best approach to achieve this configuration?
3
0
443
Jul ’24
AccessorySetupKit Picker does not show device as expected, console logs show device discovered
I'm trying to get the ASK Sample to discover and connect to a device using a 16-bit uuid. In my case, I have a few fitness sensors laying around like heart rate monitors and cycling sensors. Specifically, I've configured the following descriptor to be shown in the picker: private static let heartRateMonitor: ASPickerDisplayItem = { let descriptor = ASDiscoveryDescriptor() descriptor.bluetoothServiceUUID = CBUUID(string: "180D") return ASPickerDisplayItem(name: "Heart Rate Monitor", productImage: UIImage(named: "PolarH10")!, descriptor: descriptor) }() 100% another app on the device using an unfiltered scan can find this device, so I know the phone can see it. Also, the settings app Bluetooth screen sees it too. When the picker is active for this descriptor, in console I see the device is being discovered and it is matching the underlying filter. However the picker doesn't show the device. Received 'start active Unspecified scan' request , without duplicates, duration:unlimited, UUIDs [ E56A082E-C49B-47CA-A2AB-389127B8ABE3 E56A082E-C49B-47CA-A2AB-389127B8ABE4 0x180D ] on 1M PHY from session "com.apple.deviceaccessd-central-727-198" Matched UUID 0x180D for device "D3030A85-BBB9-6C0D-53C4-6697898B2E4B" This is an apparent bug: FB14078940 - AccessorySetupKit: ASDiscoveryDescriptor does not appear to identify 16-bit UUIDs like the Heart Rate Service/Profile UUID After more tinkering, I did discover that if I connect the device in the settings app, and keep it connected, the picker will find the device immediately. I assume it is under the hood it is calling this function or the internal implementation: https://developer.apple.com/documentation/corebluetooth/cbcentralmanager/retrieveconnectedperipherals(withservices:) This is still not expected, a developer should be able to discover and connect an accessory directly in their app. Noteworthy, I also found that ALL apps in the Settings app list the accessory once paired, which is totally not expected: FB14170263 - Settings: Viewing accessories in settings app for all apps show the accessory paired with another application P.S. forum moderators, there is no tag for 'AccessorySetupKit' which is the technology I'd like to tag this with. Last tested with iOS 18 developer beta 2.
1
2
466
Jul ’24
Why is VisionOS Barcode Scanning an Enterprise API?
I'm seeking insight on why the new VisionOS Barcode Scanning API is categorized as an Enterprise API and restricted only for proprietary and in-house apps. I understand Apple's focus on privacy and I can see how this restriction could make sense for other Enterprise APIs like main camera access and passthrough screen capture. Why is barcode scanning restricted from open apps? What makes barcode scanning more of a risk to privacy versus the unrestricted APIs for object tracking, image tracking, or hand tracking?
4
2
737
Jul ’24
What is the reason behind the apple rejects our App from the review which includes FMDB.framework where non of the required reason apis are used
Below is the GitHub link for the FMDB.framework contains privacyinfo.xcprivacy file provided as per the apple documentation were used in our App https://github.com/ccgus/fmdb I have reviewed the feedback, but I need additional clarification to fully understand the issue. Could you please provide more specific details or examples regarding the following points: We are using FMDB framework version 2.7.11 in our app available at https://github.com/ccgus/fmdb/ The version 4.0.0 submitted had the privacy file packaged as part of SQLCipher.bundle which resides under the FMDB framework. This was rejection with the same reason mentioned above. As a result, as part of Version 5.0.0 we have copied the privacy from the said bundle and placed it directly under the FMDB framework folder. This is rejected as well with the same reason again. Is there a concern because of empty values for the privacy keys? The GitHub source at https://github.com/ccgus/fmdb/ with the said version 2.7.11 does not use any APIs of concern listed at https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. As a result, the provider may not have provided the values for the keys.
0
0
389
Jun ’24