How to reset macOS 15 Local Network privacy settings?

macOS popup a dialog "Allow App to find devices on local networks?" to ask Local Network permission. I would like to analyze when it popup and how it impacts my app user scenario. But this dialog only popup when Local Network privacy list not contain this app, once user pressed allow / don't allow, it won't popup again.

System Settings UI does not support removing Local Network permission, so I tried this command but not working.

tccutil reset All

There is also a post mentions that it does not work: https://developer.apple.com/forums/thread/757949

Is there a way to remove this privacy settings? I don't want to reinstall macOS to test it.

Answered by DTS Engineer in 801805022

AFAIK the situation hasn’t changed since my response on that other thread.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

AFAIK the situation hasn’t changed since my response on that other thread.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Here is my test under macOS 15 beta 8.

First, according to FAQ-17, NECP use LC_UUID to identify the program. https://forums.developer.apple.com/forums/thread/737416

In fact it is NO. I ran dwarfdump to make sure builds are different LC_UUID, but still can't bring up the privacy alert. Instead I have to change product name.

Second, the sample code provided here is not working. Sending packet to localhost would not bring up the privacy alert. https://developer.apple.com/forums/thread/664775

Also, I found that FAQ-2 is incorrect too. https://developer.apple.com/forums/thread/663874

The operations that require local network access:

  • Sending a UDP unicast — yes
  • Sending a UDP broadcast — NO
  • Receiving an incoming UDP unicast — no
  • Receiving an incoming UDP broadcast — NO

I wonder which is correct behavior. This is very confusing.

First, according to FAQ-17, NECP use LC_UUID to identify the program.

That’s not what FAQ-17 is talking about. Let’s ignore macOS for the moment, and think about iOS. If LNP used LC_UUID as the sole way to identify an app, then every update to your app would trigger a new LNP alert (because every update to your app has a different LC_UUID). That’s clearly not the case.

Rather, on iOS LNP identifies your app by its bundle ID.

It’s not safe to identify code by its bundle ID on macOS. Typically macOS uses the designated requirement for this, as discussed in TN3127 Inside Code Signing: Requirements. However, I’ve not dug into this, so I can’t say for sure whether that’s how this works on macOS 15 (currently in beta).

The point of FAQ-17 is that if you have two iOS apps with different bundle IDs but the same LC_UUID, LNP on iOS gets confused. That’s the exact opposite of what you’ve been testing.


Second, the sample code provided here is not working.

On iOS? Or on macOS?

AFAIK that code continues to work on iOS. And, as I called out at the top of the LNP-FAQ, the entire FAQ needs an update for macOS. Indeed, there’s an LNP-FAQ update folder sitting on my desktop right now (-:


I wonder which is correct behavior.

I’m pretty sure that I tested each operation in FAQ-2 when I wrote the FAQ. That was on iOS, of course.

Regardless, it’s clear that the FAQ-2 behaviour is the expected behaviour. If an app can send and receive broadcasts on the local network without triggering the local network privacy alert, that completely undermines the utility of LNP. So, if that’s what you’re seeing on macOS 15 beta, I encourage you to file a bug about it.

Please post your bug number, just for the record.


Don’t get me wrong, there are bugs aplenty here. The LNP-FAQ has not been updated for macOS, and that’s on me. But LNP has a long history of bugs on iOS, and I’m seeing a similar story on macOS [1]. It’s gonna take some time for this to all converge.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] For example, one of the recent betas included a fix so that programs running as root don’t trigger LNP.

Thanks for detailed reply. The FAQ-2 behavior and FAQ-8 sample code are tested with macOS 15 beta 8.

I filed two feedbacks, one is about reset permission, one is about behavior:

  • FB14944392 Allow reset macOS Local Network Permission
  • FB14976671 Local Network access unexpected behavior

I tested my app with macOS 15 RC.

Something strange happened on one of our test devices after upgraded from Beta 8. In the system settings LNP list, it recognizes the app as two items. The UDP connection works fine, but the TCP connection fails for both inbound and outbound.

I’m not sure what could be causing this. We have only tested with the same signed app recently. The problem is, currently there is no way to reset LNP without reinstalling the OS. Our app has special requirements, so we must test without a VM. Not being able to reset LNP is very troubling.

Is there really no way to reset LNP? Should I file a TSI to ask more deeply?

Thanks.

Is there really no way to reset LNP?

Well, It’s Just Bits™, so I’m sure sure there’s a way (-: Rather, there’s no supported way )-:

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Updates for Newcomers using macOS 15 RC:

  • LNP is now automatically removed after delete APP and restart Mac. However, this may not apply to items added from macOS 15 Beta.
  • LNP of Apps built with Xcode are also automatically removed too, after clean build folder and restart Mac.
  • Since LNP is user permission, it’s advisable to create a test account if you need to do some experiment. There’s no need to reinstall macOS.

Found another bug. If you restart Mac after allow LNP, the LNP of APP will not working.

I filed feedback: FB15118138 Local Network Privacy not working after restart Mac

Here's test steps:

Prepare two Mac, A is macOS 15 RC, B can be 14 or 15

  1. Install Packet Sender on A & B, and launch it
  2. A send TCP packet to B, allow Local Network
  3. A send TCP packet to B again, B received TCP success
  4. A restart
  5. A launch Packet Sender, send TCP packet to B, A throw error: Could not connect, B not received packet

PS. If A toggle LNP in system settings after restart, TCP works, but fail again if do another restart.

How to reset macOS 15 Local Network privacy settings?
 
 
Q