Core Bluetooth and Authorization Plugin: Why is Core Bluetooth Not Allowed While Multipeer Framework Works?

I need to integrate BLE (Bluetooth Low Energy) functionality into an authorization plugin. Specifically, I want to use a beacon to send a notification to the user if the app is not running or has been killed. However, I’ve encountered a significant limitation: Core Bluetooth is not permitted to be used within authorization plugins, whereas the Multipeer Connectivity framework operates without issue which use WiFi.

This has led me to a few questions:

  1. What are the fundamental differences in entitlements or restrictions between Core Bluetooth and the Multipeer Connectivity(WiFi) framework that could explain why Core Bluetooth is disallowed in authorization plugins?

  2. Are there specific technical or security concerns associated with Core Bluetooth that prevent its use in these contexts, while the Multipeer Connectivity framework is allowed?

Given that Google’s Nearby Connections API can work within authorization plugins, could there be any similar approaches or best practices for implementing BLE functionality in scenarios involving authorization plugins? For reference, you can check Google’s Nearby Connections API here: Google Nearby Connections - https://developers.google.com/nearby/connections/swift/get-started

Any insights or suggestions on how to overcome this limitation or alternative approaches to achieve the desired functionality would be greatly appreciated.

Thank you in advance for your help!

Answered by DTS Engineer in 803724022

Your post is the epitome of a why question, which isn’t something I tackle in general. See tip 3 in Quinn’s Top Ten DevForums Tips. If you want to use Core Bluetooth from an authorisation plug-in, I recommend that you file an enhancement request explaining your rationale. Please post your bug number, just for the record.

However, there is some technical stuff I can talk about…

First up, I want to be clear that there’s nothing special about Multipeer Connectivity here. It’s a Bonjour client with peer-to-peer Wi-Fi enabled, and you can access the same technology yourself via Network framework and other APIs. See TN3151 Choosing the right networking API for more on that.

Regarding, Core Bluetooth and peer-to-peer Wi-Fi, these are very different technologies and have different privacy models. Prior to macOS 15, the system imposed no privacy constraints on local network access [1]. That’s changing in macOS 15, and it’s likely that this change will prevent your authorisation plug-in from using peer-to-peer Wi-Fi as well.

I think you’ll be able to work around that by moving your networking code into a daemon, because LNP on macOS has a blanket exception for code running as root. However, I haven’t tested that myself, and I’ve seen reports from others who are bumping into weird problems with it.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Unlike iOS, which has had local network privacy for a while now.

Accepted Answer

Your post is the epitome of a why question, which isn’t something I tackle in general. See tip 3 in Quinn’s Top Ten DevForums Tips. If you want to use Core Bluetooth from an authorisation plug-in, I recommend that you file an enhancement request explaining your rationale. Please post your bug number, just for the record.

However, there is some technical stuff I can talk about…

First up, I want to be clear that there’s nothing special about Multipeer Connectivity here. It’s a Bonjour client with peer-to-peer Wi-Fi enabled, and you can access the same technology yourself via Network framework and other APIs. See TN3151 Choosing the right networking API for more on that.

Regarding, Core Bluetooth and peer-to-peer Wi-Fi, these are very different technologies and have different privacy models. Prior to macOS 15, the system imposed no privacy constraints on local network access [1]. That’s changing in macOS 15, and it’s likely that this change will prevent your authorisation plug-in from using peer-to-peer Wi-Fi as well.

I think you’ll be able to work around that by moving your networking code into a daemon, because LNP on macOS has a blanket exception for code running as root. However, I haven’t tested that myself, and I’ve seen reports from others who are bumping into weird problems with it.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Unlike iOS, which has had local network privacy for a while now.

Core Bluetooth and Authorization Plugin: Why is Core Bluetooth Not Allowed While Multipeer Framework Works?
 
 
Q