I am trying to create an app that lets the user send Wake On LAN calls to computers in the local network. I created a small package that uses BSD sockets (https://github.com/pultar/WakeOnLAN/blob/main/Sources/CWakeOnLAN/wol.c) to send the magic packet. For now, I select "en0" manually as the interface. The app works in the simulator but fails on a real device. I also noticed that I can test the package when I only use the terminal and Swift Package Manager but not from a CLI within XCode. In either case, I observe: "No route to host" Following previous post in the forum (see below), I figured I require the multicast entitlement, which I was granted and could add in the Xcode project settings and on Apple Developer together with my App Bundle ID. However, even after activating the entitlement for my app, I observe the same error.

Hi all, I’m trying to find a documentation about the supported encryption algorithms for p12 files to be imported in iOS. I can see in iOS 18 changelog that AES-256-CBC is now supported, but cannot find a detailed view on which list of algorithms are supported. Would appreciate it if you could point me in the right direction! Thanks in advance

Hello, AFAIU, a new purple dot indicator was added within the Control Center in Sequoia 15.1. Up until now it was used to indicate audio recording. My question is where would I get detailed documentation on this new indicator? I did find the following link https://support.apple.com/en-ca/guide/mac-help/mchl50f94f8f/15.1/mac/15.1 although it seems out of date, i.e. still noting only audio recording and nothing regarding screen recording. Also, can this indicator be suppressed in any way? e.g. via MDM or other means. Thanks, Doron.

Hi all, I received the following email from Apple: ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/share_plus.framework/share_plus”, which includes share_plus, an SDK that was identified in the documentation as a privacy-impacting third-party SDK. Starting February 12, 2025, if a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests I use Share Plus version 7.2.2 which does not have privacy manifest file yet but I am currently unable to upgrade it to a newer version since it would then bring a restriction that I should start using Dart version 3 where I am not there yet considering my other dependencies! So I am wondering what options I have... Will Apple accept my app's new submission if I add this manifest file to my project itself rather than it is being presented in the third-party SDK? Or what else can I do, please?

Here's information on Craig Federighi, one of Apple's top men:- https://www.google.com/search?client=safari&rls=en&q=Federighi+&ie=UTF-8&oe=UTF-8 There is a software facility called EtreCheck, supposedly developed and marketed by a Mr John Daniel of a company called Etresoft, Inc, Canada. Can anyone reading here provide confirmation that he is just as genuine a figure as Mr Federighi? Thanks if you can.

I have an app where I'm integrating the Branch.io SDK for deeplinks. I plan to use it just for deeplinks and that's it. The SDK provides it's own privacy manifest file with privacy tracking domains defined and some collected data types with "Used for Tracking" set to YES. Does anyone know if I can keep tracking disabled in the App Store Connect - App Privacy section in case if I'll configure the SDK to disable tracking completely without asking users with the ATT permission request?

I am currently developing an SMS filter extension and would like to clarify certain aspects of App Store policies and Apple's privacy guidelines regarding data collection. In my extension, SMS messages are filtered using the deferQueryRequestToNetwork method to perform server-based filtering. While I understand and respect Apple’s prohibition on transmitting or storing sensitive data such as message content or sender information, I am considering collecting non-personally identifiable statistical data related to the filtering process, such as: The total number of messages filtered via the extension. Hourly statistics of filtered messages. Category-based statistics (e.g., promotion, phishing, transaction). This statistical data would be: Fully anonymized, ensuring no personally identifiable information (PII) is collected or stored. Used exclusively for providing users with aggregated insights, such as daily or weekly filtering statistics, and improving the filtering process. Given that the filtering occurs via the deferQueryRequestToNetwork mechanism, the data collection would involve the server but would remain strictly limited to anonymized statistics. Furthermore: Users would be fully informed about this data collection via a transparent privacy policy and in-app notification. Explicit user consent would be obtained before collecting or transmitting any data. Data transmission would be secured, and no raw message content or sender details would ever be stored or transmitted. Could you confirm if this practice complies with Apple’s policies? Are there any additional requirements or recommendations for handling anonymized statistical data collected via server-based filtering in an SMS filter extension?

Hello, I'm currently working on an authorization plugin for macOS. I have a custom UI implemented using SFAuthorizationPluginView (NameAndPassword), which prompts the user to input their password. The plugin is running in non-privileged mode, and I want to store the password securely in the system keychain. However, I came across this article that states the system keychain can only be accessed in privileged mode. At the same time, I read that custom UIs, like mine, cannot be displayed in privileged mode. This presents a dilemma: In non-privileged mode: I can show my custom UI but can't access the system keychain. In privileged mode: I can access the system keychain but can't display my custom UI. Is there any workaround to achieve both? Can I securely store the password in the system keychain while still using my custom UI, or am I missing something here? Any advice or suggestions are highly appreciated! Thanks in advance!

If we record the user's Device Model (ie. iPhone 15), what checkbox do we need to select under Data Collection in App Privacy? Device model is not a unique identifier, we do not use it for tracking. We use it to know in aggregate which phone models are using our app the most so we can prioritize our QA to focus on the top devices. Please note: we DO NOT access Device ID, as we DO NOT use it.

I made this strange discover yesterday. MacOS 15.2 beta 3, Macbook Pro 2020 One one member and one device, no family sharing or more devices included. Ideas?

Hi there, I'm continuing to build up the API on keychain, I'm trying to implement the ability to create an own certificate chain for validation purposes, similar to ssl. To this extent I need to retrieve the certificates from the System's stores but I can't seem to find a way to do this in code? Creating a query with kSecMatchTrustedOnly only returns certificates which are seemingly manually marked as trusted or otherwise just skips over the System roots keychain. As far as I understand using kSecUseKeychain doesn't work either, since (besides SecKeychain being deprecated) it only works with SecItemAdd.

Has anyone launched a game for kids using Unity Analytics? I am not understanding if Unity Analytics is considered a "third party". And has anyone successfully shipped a game for kids with Unity Analytics? And if not, has anyone solved the issue Apple rejecting submission?

Hi, i'm working on an endpoint security extension loader and implement several callbacks from delegate object OSSystemExtensionRequestDelegate the callback i'm interested in is : public func request(_ request: OSSystemExtensionRequest, didFinishWithResult result: OSSystemExtensionRequest.Result); public func requestNeedsUserApproval(_ request: OSSystemExtensionRequest); I've noticed that if I manually approve the extension long time after it was activated, the extension process goes up, but the callback isn't being called. The requestNeedUserApproval callback always gets called. I see in the unified logs that when the extension goes from activated_waiting_for_user -> activated_enabling -> activated_enabled Than the request callback doesn't get called. But whenever the extension goes activated_waiting_for_user -> activated_disabled The request callback gets called. (this is counter intuitive since we expected the state activated_disabled may hint that the extension failed to be activated somehow) Any Idea why my callback doesn't gets called if the extension gets approved long after it was activated ?

I am using the Secure Enclave to generate private keys with kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly and SecAccessControlCreateFlags.biometryCurrentSet. The public key is derived from the Secure Enclave private key at creation and stored in the Keychain for later retrieval. During testing, I observed the following: When the device's passcode is removed, the public key stored in the Keychain is deleted as expected. However, the private key in the Secure Enclave can still be fetched using SecItemCopyMatching, despite being tied to the passcode for protection. My questions are: Is this behavior expected? How does the Secure Enclave manage private keys in scenarios where the passcode is removed? Is there a way to ensure that the Secure Enclave private key is deleted entirely (not just rendered inaccessible) when the passcode is removed? Any clarification or relevant documentation references would be very helpful. Thank you!

Hi everyone, I am trying to use ASWebAuthenticationSession to authorize user using OAuth2. Service Webcredentials is set. /.well-known/apple-app-site-association file is set. When using API for iOS > 17.4 using new init with callback: .https(...) everything works as expected, however i cannot make .init(url: ,callbackURLScheme: ....) to work. How can i intercept callback using iOS <17.4? Do I really need to use universal links? callbackURL = https://mydomain.com/auth/callback

I'm trying to make an app that is able to quietly run in the background. It needs to detect other apps' or the system's incoming video and/or audio, using only on-device resources to determine if it might be a scam caller. It will tap into an escalating cascade of resources to do so. For video/image scam detection, it uses OpenCV to detect faces, then refers to a known database of reported scam imagery. For audio scam calls, we defer to known techniques of voice modulation in frequency and/or amplitude. Each video and/or audio result will be relayed via notification banner as well as recorded in-app. Crucially, if the results are uncertain, users have the option to submit it to a global collaborative cloud database for investigative teams; 60 second audio snippets or series of images where faces were detected (60 second equivalent). In the end, we expect to deploy this app across most parts of Asia and Africa, thereby protecting generations of iPhone and iPad users. However, we have not been able to find a method that does this, and there is no known correspondance able to provide such technical guidance. Please assist.

iOS18.1.1 macOS15.1.1 xcode16.1 Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1004 "Unable to verify webcredentials association of ********** with domain ******************. Please try again in a few seconds." Our domain must query with VPN, so I set webcredentials:qa.ejeokvv.com?mode=developer following: "If you use a private web server, which is unreachable from the public internet, while developing your app, enable the alternate mode feature to bypass the CDN and connect directly to your server. To do this, add a query string to your associated domains entitlement, as shown in the following example: :?mode= " but it still not working, even after I set mode=developer. Please help!!!!

I have created swift command line project and i have added logic to executing apple script using NSAppleScript. That will launch Microsoft Excel file I am launching this swift command line executable from java using process launch. 3)This is not prompting me. It is throwing exception "Not authorized to send Apple events to Microsoft Excel." I have already tried out this option Added info.plist with NSAppleEventsUsageDescription Added entitlement with com.apple.security.automation.apple-events to true In packages i have selected this entitlement i have select the bundle identifier , team and signing certificate "Development" and automatically manage signing. can you please suggest what could i missed ?

Hello developers, I'm currently working on an authorization plugin for macOS. I have a custom UI implemented using SFAuthorizationPluginView, which prompts the user to input their password. The plugin is running in non-privileged mode, and I want to store the password securely in the system keychain. However, I came across an article that states the system keychain can only be accessed in privileged mode. At the same time, I read that custom UIs, like mine, cannot be displayed in privileged mode. This presents a dilemma: In non-privileged mode: I can show my custom UI but can't access the system keychain. In privileged mode: I can access the system keychain but can't display my custom UI. Is there any workaround to achieve both? Can I securely store the password in the system keychain while still using my custom UI, or am I missing something here? Any advice or suggestions are highly appreciated! Thanks in advance! 😊

When an app is trying to access identities put in the keychain by cryptotokenkit extension, the user gets asked a permission pop-up which reads 'Token Access Request" would like access a token provided by: " with 2 options 'Don't allow' and 'OK' I accidently clicked "Don't allow" and now can't access identities put in crypto token kit. How can I reset the preference?