App Store rejection (keystrokes access)

We recently enabled Hardened Runtime in our Mac app and now it is rejected in the App Store:


Guideline 2.4.5(v) - Performance:

Your app requests keystrokes access from the user during operation of launch of the app.


Next Steps

To resolve this issue, please confirm that you are using:

- NSEvent.addLocalMonitor

rather than

- CGEvent.TapCreate.


The problem is: we don't call CGEventTapCreate(). I verified this by printing all symbols in all executables with the 'nm' tool. The rejection message is clearly not sufficient for us to resolve the problem. Does anyone have insights here? Are there additional undocumented triggers for this type of rejection?

Up vote post of starbird1975 Down vote post of starbird1975
2k views
Posted by
starbird1975
Reply
Add a Comment

Replies

You don't need hardened runtime if yout want to publish your app via appstore. Yo need to enabled Hardened Runtime for Notarisation when you want to publish your app outside of the appstore.


Greetings

Brigitte

Posted by
Brigitte
Up vote reply of Brigitte Down vote reply of Brigitte
Add a Comment

I think the hardened runtime is a red herring here. If a Mac App Store app is triggering the Input Monitoring privacy prompt, that’s going to be a problem regardless of how it’s doing it.

Having said that, enabling the hardened runtime is a good thing in general so don’t feel compelled to disable it.

Did you intend to monitor the user’s keystrokes? If not, then something in your app is triggering that accidentally, right? My advice on that front is that you test you app on a clean machine to see if you can reproduce what App Review is seeing.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Post not yet marked as solved Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Hello eskimo


You are correct, disabling Hardened Runtime did not solve the problem.


We are also not able to reproduce the dialog. I have installed the failing package on a 10.15 system where the application has never run before. It did not trigger the dialog.


This means we are unable to progress.

Posted by
starbird1975
Up vote reply of starbird1975 Down vote reply of starbird1975
Add a Comment
We have resolved the problem. I am presenting details here in case other developers run into the same problem.

First, not every Mac shows the same symptoms. We were unlucky to start testing with a Mac Mini (10.15) that did not trigger the keystrokes dialog which made it impossible for us to debug. Further tests with other Macs were successful and allowed us to localise the problem.

In our case the offending code was located in an older version of SDL (2.0.8). The problem has been fixed in later versions, the two relevant commits are:

Commit 1
Commit 2

The first commit contains the actual fix for the privacy problem and the second is a correction, included here in case someone wants to patch older SDL versions instead of upgrading.


Posted by
starbird1975
Post not yet marked as solved Up vote reply of starbird1975 Down vote reply of starbird1975
Add a Comment

I am presenting details here in case other developers run into the same problem.

Thanks!

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment