Prioritize user privacy and data security in your app. Discuss best practices for data handling, user consent, and security measures to protect user information.

Post

Replies

Boosts

Views

Activity

ES sample project
I downloaded the ES sys-ext sample project. I built the 'NOTIFY' extension, and I was able to install it. However, it doesn't seem to work (or - it doesn't report anything). This is what I did: I download the project I renamed the bundle IDs I disabled SIP I tried both signing options - let 'Xcode automatically manage signing', and I also tried to use my 'Developer ID' I moved the app to the Applications folder I grant the 'Full Disk Access' permission to the extension I verified that the extension is running I did not get the needed entitlement yet, but since SIP is disabled, I don't think it's a problem I did get the message 'Successfully installed the extension ✅' At the terminal, I tried to capture relevant logs: log stream --style compact --predicate 'sender == "myBundleId"' (I tried it with the app bundleID, and with the extension's bundleId) And yet, 'ps' triggers no logs. *At the Console, I get those messages: "Unsatisfied entitlements: com.apple.developer.endpoint-security.client" Disallowing: myBundleId amfid: Restricted entitlements not validated, bailing out. Error: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=, unsatisfiedEntitlements=, NSLocalizedDescription=No matching profile found} Any idea where's the problem at?
5
0
1.7k
May ’23
How long is DeviceActivityData accessible in DeviceActivityReport?
Using the DeviceActivity framework we are able to display data based on a user's screentime and device usage. With the DeviceActivityFilter property, you can specify the date interval to collect data between. In testing, it seems that data only becomes accessible once the extension has been installed (so the extension isn't reading the screentime data already collected on device). However, once installed, I'm curious how far back you can query data from in the data interval? Opal which uses the Screentime API appears to have a lifetime Screentime metric, so hypothetically it should possible to query data as far back as collection starts. Unless they are getting around the sandbox environment and storing the data somehow. Side note on Opal -- They seem to have a community average of Screentime among people in the same age group. Does anyone know how they are collecting the data for this average? Is it actually using live Screentime data or just aggregating data from other studies?
2
1
839
May ’23
"The archive does not contain any `PrivacyInfo.xcprivacy` files." error occurred when I tapped "Generate Privacy Report" button on Xcode Organizer.
Hi, team. I tried including Privacy Manifest in my sample app and generating a privacy report. But "The archive does not contain any PrivacyInfo.xcprivacy files." error occurred when I tapped "Generate Privacy Report" button on Xcode Organizer. Is there something wrong? Could you tell me how to fix it? Here are screenshots of my Xcode and Xcode Organizer. Thank you.
2
0
6.8k
Jun ’23
New warning when updating app in macOS Sonoma
Hi, I am testing out an update for my app in macOS Sonoma. I first installed the App Store version of my app on the device running macOS Sonoma, and it ran fine. I then installed an updated version of my app through TestFlight (built with macOS Ventura SDK), but when I run this updated version, I get prompted ”MyApp differs from previously opened versions. Are you sure you want to open it?". Why is this happening? Is this warning only because the app is updated through TestFlight, or do I need to do something to prevent this warning from happening when I update my app through the App Store? I see this mentioned in an Apple security update:: App Sandbox now associates your macOS app with its sandbox container using its code signature. The operating system asks the person using your app to grant permission if it tries to access a sandbox container associated with a different app. For more information, see Accessing files from the macOS App Sandbox. My app is already sandboxed, and I'm not trying to access a different app's sandbox container, just my own. For the TestFlight build, it probably also uses the same Release configuration that the App Store build uses. I might have changed my provisioning profiles recently because they expired. Would that affect this and cause a prompt to be showed? Would love to know more about this prompt and how to avoid it. Thanks.
3
0
2.4k
Jun ’23
Privacy Manifests vs CocoaPods?
As of Xcode 15, Apple supports adding Privacy Manifests to SDKs. We develop an SDK that consists of several components (frameworks) for which we would like to add a Privacy Manifest. That works fine for our local builds, but we distribute our SDK via CocoaPods, which generates a single framework with the sources of all our components. This single framework currently does not have a Privacy Manifest. How would we be able to provide Privacy Manifests when using CocoaPods for distribution?
7
0
5.8k
Jul ’23
"Required Reason" API - stat()
I've just been looking at this list of APIs for which we will be soon be required to declare a "required reason" in the app's privacy manifest: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api One of the listed functions is stat(). The rationale seems to be that a malicious app can use stat to get the timestamps of files outside the app container, thereby "fingerprinting" the device. The allowed reasons that we can declare are : To get timestamps that are displayed to the user. To get timestamps of files that are within the app's container. To get timestamps of files that the user has granted access to. I am concerned that this does not include many of the legitimate non-timestamp uses of stat(). For example, it can be used simply to test if a file exists, or to test whether a path refers to a file or a directory, or to check if two paths refer to the same file (e.g. via different symlinks), or to get the size of a file. Some of these things can be achieved in other ways; for example, I can check if a file exists by trying to open() it and checking for an error, and I can get the file size by opening it and calling lseek(SEEK_END). Maybe I can check if two paths are equivalent by using readlink() to form canonical paths for both and comparing them. But I bet there are other things that can't be done. I could probably fix all of my code to not call stat() for non-timestamp reasons in a few hours. It would be more difficult to fix the various open-source libraries that I use. What do you think we should all be doing?: "File a bug" asking for an additional reason for using stat(), i.e. to get non-timestamp information about files in the app's container. Deliberately mis-read allowed reason C617.1, "to access the timestamps of files inside the app container", as " to access the timestamps and other metadata of files inside the app container", and declare that in the privacy manifest. Change code to not call stat(). Any other suggestions? P.S. I guess that libc++ std::filesystem calls stat(). What is the status of using that? The std::filesystem functions that access file timestamps are not listed on the page linked above. If I call std::exists() to check if a file exists, and assuming that is implemented using stat(), will that trigger the new filter?
11
1
3.2k
Jul ’23
The contents of the SDK privacy manifest file cannot be verified in the privacy report of an app that incorporates the SDK.
I've set up a privacy manifest file in my SDK, which I'm developing in Xcode 15 beta 4, and built an xcframework. I verified that PrivacyInfo.xcprivacy exists in the xcframework. In state verifying the existence of PrivacyInfo.xcprivacy in xcframework, I incorporated the built xcframework into a test app for operation check, created an archive, and outputted a report from "Generate Privacy Report". Despite having a privacy manifest file set up in the test app, when I checked the report, I was able to confirm the contents of the test app's privacy manifest file but not the contents of the privacy manifest file I configured in the SDK. I understand that the SDK's privacy manifest file is merged with and outputted from the privacy manifest file of a project that incorporates the SDK. Am I mistaken?
3
3
2.3k
Aug ’23
Privacy Manifest for main app that incorporates SDKs via CocoaPods and SPM
Hey! Reading through the documentation about Privacy Manifest I got a bit confused about the requirement about having Privacy Manifest files for both the 'main' app and for SDKs from inside the 'main' app (that uses the SDKs). Let's say I have the following scenario: MyApp includes SDKs via CocoaPods and SPM. The SDKs that I include in MyApp are using 'Required Reason APIs' and let's say that they do collect some data about the user or the device. Let's also assume that 'MyApp' also uses the same 'Required Reason APIs' (or more of them) as in the SDKs and also that MyApp collects data about the user/device. For this case: do I need to have a Privacy Manifest for both MyApp and each of the SDKs or is it enough to have just a 'main' Privacy Manifest file declared directly in MyApp's files?
6
0
2.2k
Aug ’23
Unable to retrieve keychain data intermittently.
At present, we have been receiving numerous reports from customers who integrate our SDK who have been encountering the failures (errSecItemNotFound) while trying to retrieve a key using SecItemCopyMatching. We are raising this query we are still in the midst of properly reproducing this issue though it has been reported to occur in several devices during the OS upgrade to the iOS 17 betas. This issue is still occurring in the latest iOS 17 beta 7. This issue was not present in previous iOS version. At present, we are of the conclusion that this issue is occurring randomly amongst devices that upgraded to the iOS 17 betas and it is not limited to older devices. What we believe is occurring is that: A key is created and stored into Keychain using SecItemAdd. The same key is queried at a later timepoint but encounters the error errSecItemNotFound. Our SDK then attempts to regenerate a new key for the same label and attribute to store it using SecItemAdd, but the system then reports errSecDuplicateItem at the key already exists. The workaround here includes a manual deletion of the said key. This issue seems to occur only during an OS upgrade to the iOS17 betas with the likelihood that the key was already present in Keychain prior to the upgrade. I share below the snippet relating to how this said key is generated, stored and retrieved. // Initial key is added // A random data of 32 bytes length is generated CFDataRef dataRef = <32bytes of data>; *attr = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); BREAK_IF_NULL(*attr); CFDictionarySetValue(*attr, kSecClass, kSecClassGenericPassword); CFStringRef aKey = CFStringCreateWithCString(kCFAllocatorDefault, "KEY_ACCOUNT", kCFStringEncodingUTF8); CFDictionaryAddValue(*attr, kSecAttrAccount, aKey); CFDictionarySetValue(*attr, kSecReturnData, kCFBooleanFalse); CFDictionarySetValue(*attr, kSecAttrAccessible, kSecAttrAccessibleAfterFirstUnlock); label = CFStringCreateWithFormat(NULL, NULL, CFSTR("A_LABEL")); CFDictionarySetValue(attr, kSecAttrService, label); CFDictionarySetValue(attr, kSecValueData, dataRef); SecItemAdd(attr); // Query for retrieval of key label = CFStringCreateWithFormat(NULL, NULL, CFSTR("A_LABEL")); CFDictionarySetValue(attributes, kSecAttrService, label); CFDictionarySetValue(attributes, kSecReturnData, kCFBooleanTrue); CFDictionarySetValue(attributes, kSecMatchLimit, limit); CFDictionarySetValue(attributes, kSecReturnAttributes, returnAttributes); osStatus = SecItemCopyMatching(attributes, result); if (errSecItemNotFound == osStatus) { } Please do let me know if more information could be useful. At present, we have ensured that the key generated are well-within the size limits and is stored simply as a kSecClassGenericPassword with limited access control to the key. Additionally, the query used was intended to be generalised to avoid encountering such occurrences.
18
6
4.9k
Aug ’23
Passkey AutoFill - How to get AttestationObject ?
We are trying to support Passkey Management in our app with the latest iOS 17 Passkey Autofill. During this process, we have a few doubts and queries: First, we have configured the AutoFill extension for external passkey management Next we used the 'prepareInterface(forPasskeyRegistration:' delegate for passkey generation We are facing an issue on creating the attestationObject for ‘ASPasskeyRegistrationCredential’. Here, we’re not sure if we need to create the attestationObject [if so any documentation or help regarding this] or is there any API to get the attestationObject which we are missing. override func prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest) { let request = registrationRequest as! ASPasskeyCredentialRequest let passkeyRegistration = ASPasskeyRegistrationCredential(relyingParty: request.credentialIdentity.serviceIdentifier.identifier, clientDataHash: request.clientDataHash, credentialID: Data(UUID().uuidString.utf8), attestationObject: "????") extensionContext.completeRegistrationRequest(using: passkeyRegistration) } Even we have tried passing the hardcoded attestationObject[we used the existing attestationObject received using icloud keychain] , still we got empty ‘ClientDataJSON’ on ‘authorizationController(controller:’ delegate.
2
0
961
Sep ’23
macOS Sonoma 14 RC - Full Disk Access for app bundle is disabled after reboot (kTCCServiceSystemPolicyAllFiles)
Hi guys, has anyone seen this issue? When installing an application, which requires Full Disk Access (kTCCServiceSystemPolicyAllFiles), user enables this feature, but after reboot, OS automatically turns it off. Filed feedback in case it's a new issue. Any idea how to fix it? Any workaround to keep Full Disk Access enabled? Thanks.
16
0
4.4k
Sep ’23
Endpoint Security event muting issue
Recently we've discovered an issue affecting our products in regards to using the Monterey+ provided new api calls to selectively mute events. Specifically, whenever using es_mute_process_events or es_mute_path_events, the ES_EVENT_TYPE_NOTIFY_OPEN event is ignored for muting (meaning the call will return success, but the event will keep coming). This is true only for this event as far as I can tell, its AUTH counterpart stays muted (along lots of other processes: clone, rename, close, unlink, fork etc). It fails if either the event is in a list of events or if the event is singled out in 1 sized vector of events. When using a dedicated client for this event and using the previous api, es_mute_process or es_mute_path muting works as intended. Tested on ventura 13.5 and 13.6. Is there something that can be done to prevent dedicated clients or is this a known issue?
5
0
945
Oct ’23
Performance degradation using Endpoint Security library on Sonoma
Hello community we have been using an Endpoint Security client within a system extension for quite a while now. After some users updated macOS to Sonoma, we got complaints about slower performance when using MS Office on Mac. The product features work as expected, and our system extension is loaded and delivers events. Upon inspection of the log files, we found the following (but not on all machines): [com.apple.TCC:access] Failed to create LSApplicationRecord for file:///Library/SystemExtensions/0062566E-9869-4CC4-A666-F641F5C011CD/com.sophos.endpoint.scanextension.systemextension/: 'The operation couldn’t be completed. (OSStatus error -10811.)' and [com.apple.TCC:access] -[TCCDAccessIdentity staticCode]: static code for: identifier com.sophos.endpoint.scanextension, type: 0: 0x7fb63da318c0 at /Library/SystemExtensions/0062566E-9869-4CC4-A666-F641F5C011CD/com.sophos.endpoint.scanextension.systemextension for almost each event delivered. We are using XPC from the system extension to a non-priviliged daemon process to process file content. A feedback has already been filed: FB13174804 An additional code-level support was returnd woithout any explanation. Signing checks of the system extension and the containing app (daemon) on Sonoma turn up without any errros. Any idea, whats going on here? Frank Fenn Sophos Inc.
5
0
1.4k
Nov ’23
Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage
**We noticed that your app collects information from various public sources to build individual profiles, which is not appropriate for the App Store. Next Steps To resolve this issue, please remove any feature that attempts to build individual profiles based on collected public data. ** I do not understand what information that I collect from various public sources to build individual profiles My app takes the image from user and process it to extract facial features and compare other faces in the app database also the user can create an account if he wants to post a missing report and I ask to input the name and gender and date of birth and other information of missing person and all of this I explain in app review But I still face this replay what to do ?
2
0
768
Nov ’23
Sign In with Apple for Web Page
Hello, I have integrated Sign In with Apple into my Swift App. Now I'd like to add Sign In with Apple into my website. I followed the instructions at https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple and resulted in an html page: <html> <head> <meta name="appleid-signin-client-id" content="colourworker.SPAD"> <meta name="appleid-signin-scope" content="name email"> <meta name="appleid-signin-redirect-uri" content="https://colourworker.com/apps/photofolia/applesignedin.html"> <meta name="appleid-signin-state" content="init"> <meta name="appleid-signin-nonce" content="NONCE"> <meta name="appleid-signin-use-popup" content="true"> </head> <body> <h1>Sign in with Apple</h1> <div id="appleid-signin" data-color="black" data-border="true" data-type="sign in"></div> <script type="text/javascript" src="https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js"></script> </head> </html> I have added https://colourworker.com/apps/photofolia/applesignedin.html to the list of Return URLs at https://developer.apple.com/account/resources/identifiers/serviceId/edit/ZSM7Q3SMVH. But when clicking on the Sign In With Apple button I get the following error: "invalid_request Invalid client id or web redirect url." Any ideas of what I'm doing wrong?
1
0
950
Nov ’23
apple login TypeError
hello. I am using the app with webview. When I log in to Apple, a typeerror appears. How can I solve this? TypeError: this.attr(...).serialize is not a function at u.get (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:691:77511) at t.getValueAndBind (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:145:1485) at e.Compute._on (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:311:3608) at e.Compute.<anonymous> (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:311:2378) at e.Compute._bindsetup (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:145:3277) at e.bindAndSetup [as bind] (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:131:200) at e.Compute.temporarilyBind (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:311:3888) at e.Compute.get (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:311:2827) at Object.u [as compute] (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:117:194) at u.___get (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:59:1930) TypeError: Cannot read properties of undefined (reading 'serialize') at u.inserted (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:691:116897) at HTMLElement.<anonymous> (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:187:673) at HTMLElement.dispatch (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:248:39204) at v.handle (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:248:37199) at Object.trigger (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:248:67752) at Object.trigger (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:224:258) at e.inserted (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:290:412) at t.each.e.fn.<computed> [as append] (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:224:2129) at O.fn.init.<anonymous> (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:248:46985) at W (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:248:28565)
0
0
735
Nov ’23