Prioritize user privacy and data security in your app. Discuss best practices for data handling, user consent, and security measures to protect user information.

Post

Replies

Boosts

Views

Activity

Unlocking TouchID after LAErrorBiometryLockout error
Hi, I'm looking for best practices for unlocking TouchID in a Mac app when using canEvaluatePolicy. Documentation says: Biometric authentication will get locked after 5 unsuccessful attempts. After that, users have to unlock it by entering their account password. The password can be entered either at login window or in the preference sheets or even in application by the means of LAPolicyDeviceOwnerAuthentication. The system unlock is preferred user experience because we generaly don't want users to enter their account password at application's request. So if we shouldn't manage Mac's password in the app, how to invite user to unlock ? Explaining he must lock/unlock the session or open any preference panel isn't a fluent experience and would definitely seems weird. I tried adding an 'Unlock' button in an alert and locking the screen automatically but this raises extras complexities: pmset can put the screen to sleep but won't lock in case of grace period sending an cmd-ctl-Q AppleEvent to System Events could fit but it depends on user acceptance for AEs and fails when System Events isn't running. Any ideas ?
1
0
713
Feb ’24
endpoint security framework in multithread applications
Hello, I am going to use endpoint security framework in my application. Unfortunately, I have not found any clear cut explanation about how to use endpoint security in multithread applications. Can we say the handler block (es_handler_block_t), which is the parameter of es_new_client(), is running in separate thread? Does es_new_client() create new thread? Should I synchronize a handler block and the code which calls es_delete_client()? Should I protect the handler block by mutex? Thank you in advance.
5
0
971
Feb ’24
Browser Access to Keychain Private Key
Hi everyone, We are building an application on macOS (and iOS) that can install client certificates for mTLS handshake. This part is working great and the certificates are imported into login keychain. The problem comes when a user tries to use those certificates from the browser. Then he is presented with the Keychain access dialog to be able to use the private key from the installed certificate. We would like to hide this dialog so that the user flow is as streamlined as possible. We succeeded in hiding the Keychain dialog in Safari by importing the private key with a flag that allows all applications access to it. This is enough for Safari since Apple applications are part of the key's partition list by default. This, however, doesn't work for, e.g., Chrome. We've experimented with calling the security set-key-partition-list command, but that still requires the Keychain password (shows the dialog) and it seems impossible to select just our private key with it. So my question is, how can we hide the Keychain dialog when using our certificate from Chrome? Would maybe working with the Objective-C methods SecKeychainItemSetAccess or the newer SecItemUpdate allow us to set the partition-list without a Keychain dialog window? Is there another option that doesn't set the key partition list? Best regards, Marek Vinkler
2
0
573
Feb ’24
ScreenCaptureKit: new approval dialogs appearing in macOS 14.4 betas, also repeats every time an app launches
If someone in Apple WWDR sees this, please take the feedback to heart and report it up the chain: When you announce that a technology is being deprecated — such as CGDisplayStream — and also publish WWDC sessions about the intended replacement — ScreenCaptureKit — then you also need to give third-party developers a clear deadline by which this technology will be deprecated so that they can plan engineering efforts around implementing the new feature, and have ample time to communicate this to their customers. If it's important for third-party developers to get on board with this change, you should use every available means to communicate this to them, including multiple email alerts to their registered email address. Additionally, if you plan to make a BREAKING change in a framework that results in a wildly different user experience, you should probably hold that off until the summer release for the next major OS. What you should definitely NOT do is roll out a new privacy prompt in a mid-year release of macOS; or give your developers, customers, and AppleSeed program participants zero advance notice that this alert is coming, ignore your own Human Interface Guidelines when designing said prompt, and perform no user experience design testing (aka "putting on your customer hat") during a presumed internal alpha testing cycle to refine the experience and still find the most effective and least annoying way to present this additional prompt and spur change with your third-party developers. Oh, wait, you've done exactly all those things the wrong way with respect to ScreenCaptureKit. Right now, a host of Apple device administrators and client platform engineers are sending mountains of feedback to you, and they're also scrambling to contact third-party developers to let them know this is coming. Most of the vendors being discussed in private forums are said to be caught off guard by this change. We anticipate that users are not going to like this, and there is no way we can manage it with MDM or configuration profiles. In short, the current experience is a ghastly mess. WE, the administrators, will get blamed for this, not the third-party developers. WE will have to explain to our leadership why this experience is terrible and cannot be managed. Engineers need deadlines to help plan their work and prioritize tasks. In this case, vendors have had no firm deadline for this effort. There's already precedence for Apple announcing estimated deadlines for deprecations and feature removals. You do your developers and customers a great disservice by not communicating schedules to them. Please do better. P.S.: Feedback filed as FB13619326.
1
1
973
Feb ’24
Configured Apple Sign Relay but not receiving emails
I'm following the steps outlined to be able to email users that have used Apple Sign-in that is listed here and I have a green check for SPF status. I used my email <my_email_here>@gmail.com, but when I try to send an email from the email address configured to the private relay email I don't see my test email coming through. I also tried sending an email from a non configured email and I don't back any sort of error message, not sure if I should though. Is there a delay in how quickly the email is received?
1
0
521
Feb ’24
How to reset a smart card in CTK?
I have verified a PIN in a smart card and I'd like to delete this internal state of the card. Unfortunately, the card doesn't support this with a dedicated command, which is why I'd like to reset the card (cold/warm reset as described in PC/SC, for example). The CryptoTokenKit documentation doesn't seem to have an API for that. Does anyone have an idea how to implement this? Note, that if the smart card is not reset and does not support logout, then the card is permanently in an authenticated state so that related keys can be misused by any other CTK session or even via the PC/SC interface.
0
0
638
Feb ’24
Keychain private key signing error
When performing biometric authentication, some times we are getting these kind of errors when i try to sign the data with private key that we get it from keychain. I was searching for document related to this but i could not.Can someone help me on this? Error message and error code Remote alert invalidated -4 UI canceled by system -4 unable to sign digest -3 Canceled by another authentication -4 Caller is not running foreground -1004 Caller moved to background -4 No identities are enrolled  -7 User has denied the use of biometry for this app -1018 Application retry limit exceeded -1 Face ID interlocked -8 Biometry lost -4 match failed -1 // To get signed data using private key SecKeyRef privateKeyReferences = [self getPrivateKey:keyNames]; if(!privateKeyReferences) { NSLog(@"Error retrieving private key"); return nil; } NSError *error; NSData *signature = CFBridgingRelease(SecKeyCreateSignature(privateKeyReferences, kSecKeyAlgorithmECDSASignatureMessageX962SHA256, (CFDataRef) data, (void *)&error)); if(!signature) { NSString *errorMessage = [NSString stringWithFormat:@"Error signing data %@.", error]; NSLog(@"%@", errorMessage); return nil; } return signature;
2
0
461
Feb ’24
Even when calling the Apple Login Revoke API, the app still remains in the user's account.
Problem Situation User membership withdrawal request → revoke API call It always returns status code 200, but once out of 5~10, it remains an app linked to the user's Apple ID. Re-request user Apple login → Email is returned as null Currently, the only solution is for users to manually delete apps linked to their Apple ID. Email sent when re-requesting Apple login When the above problem occurs, even if the Revoke API is called multiple times, the app linked to the user's Apple ID is not deleted, and when requesting Refresh Token validation, it has already expired. Releated Issues https://forums.developer.apple.com/forums/thread/707181
1
0
697
Feb ’24
Can't grant the permission in Flutter.
Hi, I encounter a problem about the permission using Flutter. I already add the following items in iOS/Runner/Info.plist <key>NSCameraUsageDescription</key> <string>We need access to your camera to take photos.</string> <key>NSLocationAlwaysAndWhenInUseUsageDescription</key> <string>We need to access your current location for manage the dispatching routing.</string> <key>NSLocationWhenInUseUsageDescription</key> <string>We need to access your current location for manage the dispatching routing.</string> <key>NSMicrophoneUsageDescription</key> <string>We need access your microphone to talk to driver.</string> <key>NSPhotoLibraryUsageDescription</key> <string>For uploading driver's report including dispatch and clock in/out</string> And call this in my code: Map<Permission, PermissionStatus> statuses = await [ Permission.camera, Permission.locationWhenInUse, Permission.locationAlways, Permission.microphone, ].request(); But why there is no any dialog asking for permission and when going to settings-> "App name", and there are no items in "Allow {App Name} to Access" for setting permission manually. Can anyone help me? Thanks a lot. Here is the information of flutter doctor ``[✓] Flutter (Channel stable, 3.10.6, on macOS 13.6.4 22G513 darwin-x64, locale zh-Hant-TW) [✗] Android toolchain - develop for Android devices ✗ Unable to locate Android SDK. Install Android Studio from: https://developer.android.com/studio/index.html On first launch it will assist you in installing the Android SDK components. (or visit https://flutter.dev/docs/get-started/install/macos#android-setup for detailed instructions). If the Android SDK has been installed to a custom location, please use `flutter config --android-sdk` to update to that location. [✓] Xcode - develop for iOS and macOS (Xcode 15.2) [✗] Chrome - develop for the web (Cannot find Chrome executable at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome) ! Cannot find Chrome. Try setting CHROME_EXECUTABLE to a Chrome executable. [!] Android Studio (not installed) [✓] VS Code (version 1.62.0) [✓] VS Code (version 1.86.1) [✓] Connected device (2 available) [✓] Network resources``
1
1
768
Feb ’24
Bundle structure and its repercussions
I recently inherited a project to port an app bundle to arm64, and some of the design decisions in the app bundle are undocumented. I'd like to structure the bundle as canonically as possible, to minimize future problems as much as possible. In particular, there are two areas where I would like some clarification. I have read all of eskimo's guides (what a godsend!), but have not been able to find an explanation for these yet. We have some helper executables that allow us to run jobs in the background, etc... Historically, these have always been in Contents/Resources, for some reason; that seems to be a bad idea. I have seen conflicting advice suggesting to use Helpers or just MacOS. What are the advantages or disadvantages of using each folder? Would dumping all the executables in MacOS be an adequate solution and, if not, why should I use Helpers? Our app contains "compiled extensions" in Contents/SharedSupport, which consist of small intel-based apps (with their own app bundle) that our app can interact with. They are supposed to be a demo of extensions that the users could code and compile themselves, thus justifying their location. Should these be signed in any special way? Our app used to employ the --deep flag for code signing, but following eskimo's guidelines I have removed that, and it is not clear to me how these should be signed. Thank you.
1
0
514
Feb ’24
Why don't my Apps receive unconditional access to Keychain Items specified with -T parameter during creation?
Hi! I am trying to make a UI Testing target in Xcode for my Application (Client). It works with Keychain items that are created during installation, so in order to mock this installation behavior I am creating the items like this: security add-generic-password -U -D "[item_kind]" -a "[account]" -l "[label]" -s [service] -w "[value]" -T path/to/UITest-runner.app -T path/to/Client-app.app However, during UI Testing, the application is still prompted to access or modify the Keychain Items as seen in the bottom half of this screenshot: These application paths have been obtained by the find terminal command inside DerivedData/.../Build/Products/... so they are the correct paths (which is also proven I guess by the fact that the apps are correctly listed in the ACL window of Keychain Access as seen on the top half of the screenshot). I also tried using the -A option instead of -T but the result is exactly the same. Why doesn't this approach work during UI Testing? I am using the same approach in my installation script for the real application installation process with the -T parameters and there is no issue in that case. This issue kills my UI Tests because I am constantly prompted when I want to read of modify the contents of these Keychain Items.
2
0
576
Feb ’24
privacy manifest for static library framework
i have a code only static library framework and added PrivacyInfo.xcprivacy file inside. because there are no resources required in runtime, app using that framework can build without embedding. finally there are no PrivacyInfo.xcprivacy file in app bundle. is this correct intended operation? some steps to propagate and merge static framework's privacy manifest to app's privacy manifest not needed?
8
0
2.5k
Feb ’24
Apple Privacy Manifest - Instruments Debug Tracking Domain
Hi, I've implemented the Privacy Manifest in my app and specified my tracking domain as required, setting NSPrivacyTracking to true and listing my domain under NSPrivacyTrackingDomains However, on iOS17 when I decline the App Tracking Transparency (ATT) request, the specified tracking domain isn't blocked by iOS, contrary to my expectations. Shouldn't Apple's framework automatically block the domain and indicate this action in Instruments, allowing developers to verify the domain is indeed blocked when tracking is denied? <key>NSPrivacyTracking</key> <true/> <key>NSPrivacyTrackingDomains</key> <array> <string>traking.example.com</string> </array>
0
0
1.4k
Feb ’24