Network Extension Providers and the Mac App Store

App & System Services Networking
bb1216 OP
Created Feb ’20
Replies 4
Boosts 0
Views 1.1k
Participants 3

I want to make sure I understand the implications of some of the answers in the Network Entitlement FAQ post -> https://forums.developer.apple.com/thread/67613


My current commercial enterprise-focused app uses the NKE APIs to protect the user from network threats. It is installed, updated and controlled by a management system built for the administration of the product. If we use the newly provided APIs from the Network Extensions, then it must be distributed by the Mac App Store? If we use these APIs we no longer control the installation/update of (at least) that portion of the product?


Is this correct?

Answered by DTS Engineer in 406696022

Note System extensions are not supported on iOS, so all of the following applies to the Mac only.

A system extension runs system wide. An app extension, conceptually at least, runs on behalf of one user.

The logic behind this is very clear in other contexts. For example, it makes sense that an EndpointSecurity system extension run system wide and a share extension run on behalf of a specific user. This is less clear for NE providers. Some NE provider types are only supported as system extensions. In contrast, NE tunnel providers are supported as both app extensions and system extensions.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Replies  4
Boosts  0
Views  1.1k
Participants  3
DTS Engineer OP
Apple
Feb ’20

If we use the newly provided APIs from the Network Extensions, then it must be distributed by the Mac App Store?

Until very this was not possible. This changed as of last month, assuming that:

  • You’re creating a NE system extension, not an app extension

  • You’re targeting 10.15 or later

See this thread, specifically my 14 Jan post.

And now I’m off to fix the Network Extension Framework Entitlements FAQ; thanks for the reminder!

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
roee84 OP
Feb ’20

Not related to the original question, but can I ask what's the difference between system extension and app extension?

"Your NetworkExtension provider must be packaged as a system extension, not an app extension."

0
DTS Engineer OP
Apple
Feb ’20
Accepted Answer

Note System extensions are not supported on iOS, so all of the following applies to the Mac only.

A system extension runs system wide. An app extension, conceptually at least, runs on behalf of one user.

The logic behind this is very clear in other contexts. For example, it makes sense that an EndpointSecurity system extension run system wide and a share extension run on behalf of a specific user. This is less clear for NE providers. Some NE provider types are only supported as system extensions. In contrast, NE tunnel providers are supported as both app extensions and system extensions.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
roee84 OP
Feb ’20

Thanks for the quick answer!

0
Network Extension Providers and the Mac App Store
First post date Last post date
 
 
Q