hello. I am using the app with webview. When I log in to Apple, a typeerror appears. How can I solve this? TypeError: this.attr(...).serialize is not a function at u.get (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:691:77511) at t.getValueAndBind (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:145:1485) at e.Compute._on (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:311:3608) at e.Compute.<anonymous> (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:311:2378) at e.Compute._bindsetup (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:145:3277) at e.bindAndSetup [as bind] (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:131:200) at e.Compute.temporarilyBind (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:311:3888) at e.Compute.get (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:311:2827) at Object.u [as compute] (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:117:194) at u.___get (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:59:1930) TypeError: Cannot read properties of undefined (reading 'serialize') at u.inserted (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:691:116897) at HTMLElement.<anonymous> (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:187:673) at HTMLElement.dispatch (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:248:39204) at v.handle (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:248:37199) at Object.trigger (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:248:67752) at Object.trigger (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:224:258) at e.inserted (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:290:412) at t.each.e.fn.<computed> [as append] (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:224:2129) at O.fn.init.<anonymous> (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:248:46985) at W (https://appleid.cdn-apple.com/appleauth/static/jsj/N1506946403/profile/app.js:248:28565)

It appears that for a successful registration of a passkey to a relying party using passkey autofill provider, the BE BS bits/flags in the attestation response need to be set to true. Please refer FLAGS byte of authData field part of attestationObject mentioned here - https://www.w3.org/TR/webauthn-2/#sctn-attestation. If those flags are set to false, the RP rejects saying - "The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client." What are the implications of having those flags set to true? Does it make the generated passkey syncable across devices using same apple id? If yes, is there at all anyway possible by which a generated passkey can be made device bound, basically can be generated and used only on a single iPhone/iOS device? Also, is there a plan to ever make those flags to be set to false in a future iOS release? Also, what does it mean in the credential provider popup where it says - "Available where is installed." in the below screenshot?

I just raised the iOS version to 17, but the login with face id doesn't appear in the react native webview. The login with face id doesn't appear, and the website loads. If the user is on iOS 16 in the same app, the login with face id appears. Is there something I'm missing?

Hello Apple Developer Community, I am reaching out to seek some assistance with an issue I've encountered related to user privacy settings in my app. Despite configuring the PrivacyInfo.xcprivacy file to disallow tracking and including specific domains within the Privacy Tracking Domains, I am observing that URLs containing these restricted domains are still being displayed within a webView in my app. Here are some specifics of the issue: The behavior occurs in both the iOS 17.1.1 simulator and on physical devices. I've double-checked the setup to ensure it aligns with the official documentation and expected privacy restrictions. I'm hopeful that someone in the community or from the Apple team can shed light on the matter. Why might the specified domains not be blocked as per the privacy settings? Any insights or guidance on resolving this would be greatly appreciated as it's crucial for maintaining the privacy standards of our app. Thank you for your time and help. Best regards,

Hi! Is there any way to automate passkey testcases for safari? Does safari provide any emulated authenticator? The way we have virtual authenticator in chrome in developer tools. If no, can you please suggest a way to automate passkey testing using safari? Thank you!

Hi everyone, I'm working on the verification of the PassKey signature for the integration of PassKey into our product. I've implemented the verification of P256 signature and it's correctly verifying the passkey signature. However, I want to know if Apple's Passkey signature is doing a malleability check (if the signature's S value is <= N / 2). If this is the case for Apple's passkey, I'm planning to also include this in the service for the signature verification to ensure a higher security level from the Passkey. Can anyone please help to answer this question? I checked documentation and many articles but this wasn't stated in the documents. Thank you for your answer in advance.

I would like to develop a macOS application in Swift. This application will consist of 2 programs: a main program to be run by the user (standard account) and another one that will run with root privileges. The second program will only be invoked to perform privileged tasks. Running the main program under root permanently would be too risky. XPC will be used to trigger calls from the main program to the privileged program. How can I secure the privileged program to ensure that the calling program is indeed my main program and not another unauthorized program?

I have implemented an app to monitor computer events according to ESF framework, but a crash will appear, and the crash content is Time Awake Since Boot: 800000 seconds Time Since Wake: 2594 seconds System Integrity Protection: enabled Crashed Thread: 0 Exception Type: EXC_CRASH (SIGKILL) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace ENDPOINTSECURITY, Code 2 I can't find it. Why is this happening. Can you tell me under what circumstances such a crash would occur.

Hi, I am preparing privacy info manifest for my application. I am using stat to read not timestamp data from file. I wonder how in this case should I specify this info in the API usage? Should it be specified at all(since stat() is listed only in File Timestamp API)? Or maybe you can add stat to Disk space APIs and add one more reason there? Here is similar thread about this and nothing emerged so creating this to increase visibility of the problem: https://developer.apple.com/forums/thread/734750 Best regards, Konrad

Buongiorno, che tipo di accesso sicuro e che testimonia l'autenticità di un utente, è possibile usare ? E' possibile far inviare dall'utente che si vuol registrare, una foto di un suo documento di identità ed anche con la face authentication ? E' possibile usare lo SPID ? Grazie molto. Firenze Web Division.

Hello, I've come across information regarding macOS endpoint protection software: It seems Apple no longer allows them to create kernel extensions. It seems that endpoint software should now function with MACF by implementing hooks from userland. Does this mean the Endpoint Security Framework will soon become deprecated? I'm currently searching for a sample source code for MACF hooks, but I haven't found anything in the Apple developer documentation. Thanks

Hello, I have created a Swift app which has Apple Sign In integrated with it. We now want to add Apple Sign In to a web app but can't seem to find enough documentation on how to do this. We have followed the instructions at https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple and have ended up with a script like so: <head> <meta name="appleid-signin-client-id" content="colourworker.SPAD"> <meta name="appleid-signin-scope" content="name email"> <meta name="appleid-signin-redirect-uri" content="https://colourworker.com/apps/photofolia/applesignedin.html"> <meta name="appleid-signin-state" content="init"> <meta name="appleid-signin-nonce" content="NONCE"> <meta name="appleid-signin-use-popup" content="true"> </head> <body> <h1>Sign in with Apple</h1> <div id="appleid-signin" data-color="black" data-border="true" data-type="sign in"></div> <script type="text/javascript" src="https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js"></script> </head> </html> But have we populated the client-id, state, and NONCE correctly? When clicking on the Sign In with Apple button we get the error in this screenshot: I look forward to hearing from someone. Kind regards, Miguel

Hello community, In our application, we've implemented Apple ID for user authentication. Unfortunately, we forgot to register the associated domains and communication email addresses. This oversight has led to complications in email delivery via the private relay service. We've taken steps to fix the issue by reconfiguring the domains and communication email addresses. Post-adjustment, new user registrations are functioning properly. However, for users who registered before this fix, the problem persists. We followed the instructions provided on https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/communicating_using_the_private_email_relay_service, and we also have SPF configured, which has passed validation in our administration. Has anyone encountered a similar issue, and if so, how did you resolve it? Any insights or guidance would be greatly appreciated.

As the new requirement for Privacy manifests is coming this Spring 2024 (https://developer.apple.com/news/?id=r1henawx), Apple released a list of SDK's that need to comply with this requirement and provide a privacy manifest file: https://developer.apple.com/support/third-party-SDK-requirements/ I have some questions: Do i need to declare a privacy manifest file for the SDKs if i'm updating an old app that already includes one of these SDKs? Apple states "when you submit an app update that adds one of the listed SDKs as part of the update" which in my understanding applies only when an app adds an SDK for the first time in an app update. What happens with SDK's that are not in this list? Should every single SDK an app uses to include the privacy manifest file?

I am creating a Privacy manifest file and have a question about adding to NSPrivacyTrackingDomains. For example, if I am using Firebase for two purposes, analytics and crashes, if I specify the Firebase domain as NSPrivacyTrackingDomains and the user rejects the tracking, will the crash information etc. also stop being sent?

In the ESF framework, if I set up a process through audit token mute. Will the creation and corresponding child processes of this process also be mute mute. mute process A. process A creates a child process B. Whether the child process B is mute？

I'm looking over data use categories for the privacy manifest here https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests My app retrieves information such as OS Version, OS Name, locale info for the reason analytics. It also retrieves cellular infomation and device information for the reason app functionality. For this, I think it falls under "Other Data types" and the value "NSPrivacyCollectedDataTypeOtherDataTypes" in the privacy manifest. Do we need to specify further what that "other" data type is? How do I add "OS Information" or "Device Information" as part of the entry for "NSPrivacyCollectedDataTypeOtherDataTypes" in the manifest? Thanks

I refer to Google's ESF project code to handle NOTIFY events, but after my notifyQueue is set to QOS_CLASS_BACKGROUND, the process memory gets larger when a lot of events occur. Is there any way to fix this without affecting performance The code is as follows： notifyQueue = dispatch_queue_create("notify",dispatch_queue_attr_make_with_qos_class(DISPATCH_QUEUE_CONCURRENT_WITH_AUTORELEASE_POOL,QOS_CLASS_BACKGROUND, 0)); if (msg->action_type == ES_ACTION_TYPE_NOTIFY) { es_message_t *copied_msg = [self copy_message:msg]; if (!copied_msg) { return; } dispatch_async(self->_notifyQueue, ^{ @autoreleasepool { [self handle:copied_msg]; [self free_message:copied_msg]; } }); }

I'm developing a mental wellness app, and I need to get user's screentime and app usage data and send it to my flask backend for analytics. Is it possible on iphone right now? I've looked into ScreenTime and DeviceActivity frameworks, but they're really poor in terms of examples and documentation, so I'm not sure if this is actually possible or not.

I wanted to delete the old data of the device by how do i do /var/Keychains/keychain-2.db DELETE FROM genp WHERE agrp<>'apple' which I tried many times but always got errors. I don't know what to do. Can you help me?