[tags:privacy,security]

106 results found

Post not yet marked as solved
1 Replies
Can an app with the default privacy context … override the selected System Wide DNS set by another app? No. WWDC 2020 Session 10047 Enable encrypted DNS - https://developer.apple.com/videos/play/wwdc2020/10047/ is pretty clear about this: When you require encryption, you can provide a DNS server configuration to use as a fallback. That means that any system-wide DNS configuration will take precedence, but your app's fallback will kick in otherwise. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @apple.com
Post not yet marked as solved
1 Replies
Sorry, I have asked in a wrong forum. Please disregard.
Post not yet marked as solved
5 Replies
I'm trying to run a Java app Define app in this context? It is a bundle with the .app extension and an Info.plist file that points to the main executable in Contents/MacOS? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @apple.com
Post not yet marked as solved
5 Replies
In fact, there is some difference between Java runtimes. I managed to get 'Files and Folders' popup only for JDK 8u181. All other Java 8 versions (latest Azul, latest Adopt, latest Oracle) just can't do that. In cases not requiring access to external drive all versions work just fine.
Post not yet marked as solved
5 Replies
1.7k Views
I'm trying to run a Java app (Jenkins agent) on macOS Catalina. I've noticed a strange difference in behaviour when I run different JDKs. The app uses an external volume and that requires 'Files and Folders' or 'Full Disk Access' to be given over TCC mechanism. When I run Oracle JDK 8u181 it works perfectly: a dialog popped up and when consent was given it run as expected. However, when I run the latest Oracle JDK 8u281, it did NOT show the confirmation dialog and the Java process got stuck. I tried to add Full Disk Access (FDA) permission manually over System Preferences / Privacy form, but it didn't help whatsoever. If it makes any difference, the java process is run through the following sequence: launchd - bash - pwsh - java I tried to look through the log using log stream --info --debug --signpost --predicate 'eventMessage contains[c] tcc'/tmp/tcc.log but didn't spot anything apart from the fact of disk access denial. See one of the log entries below: Binary Images: 0x10107f000 - 0x10108dfff java (0) 978
Posted
by
Post not yet marked as solved
8 Replies
platform binaries running in background session is not owned by any user since they're running as root, are there any general guidelines on how TCC should work with system process. It's fairly clear now that user involvement is needed for TCC, but how does TCC work with system process? Anybody have an idea?
Post not yet marked as solved
1 Replies
Is that … documented anywhere? AFAIK it’s not documented anywhere. In the absence of documentation it’s hard to answer your other questions. If you want a definitive answer, I encourage you to open a DTS tech support incident - https://developer.apple.com/support/technical/ so that I can allocate time to look into this. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com
Post not yet marked as solved
1 Replies
1.3k Views
I tried following the setup described in the WWDC21-10105 video, but the autofill suggestion does not appear above the keyboard as shown at 6:17 in video. With the same account, password autofill works. I was able to create a setup button to add a TOTP entry to the account. It bounces me to the Password area of Settings, and I can associate the TOTP with my account. But the verification code auto-suggestion does not appear in my app despite adding the UITextContentType.oneTimeCode attribute to my UITextField. Btw, I was hoping that the setup experience would happen in-app instead of getting bounced to Settings. I'm noticing also that the video has a text input keyboard, instead of numeric, which is odd because the TOTP input is actually restricted to 6 or 8 digits anyway.
Posted
by
Post not yet marked as solved
2 Replies
How can an app prove that it is, in fact, encrypting data? It can’t. Even if the developer could mathematically prove that their code encrypts correctly, such a proof would depend on the underlying platform being proved secure and Apple offers no such proofs for our platforms. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com
Post not yet marked as solved
5 Replies
One of the operations my helper is doing that needs Full Disk Access is downloading a pkg and checking it is signed. I don’t really understand this. If your helper is downloading the file, it should put it in a place that doesn’t require Full Disk Access. Did I miss something in the security api, should I be able to look at a pkg's validity? Installer packages use their own unique signing machinery. AFAIK there’s no API to check package signatures. The only good option I can see is to invoke pkgutil. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com
Post not yet marked as solved
3 Replies
Thanks for the reply, I had a few questions, if my app does not have this entitlement, will the default data protection still be present? Secondly, as you mentioned, how can I explicitly add data protection to my files? can you share an example?
Post not yet marked as solved
8 Replies
It seems to be an issue with allowing Bluetooth systemwide. This isn’t really my field but I can confirm that there’s a known issue in TCC when you try to use Bluetooth from a daemon context (r. 52528727). I’m not aware of any way to work around it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com
Post not yet marked as solved
2 Replies
Passkeys are WebAuthn. The change is that your Apple account is the authenticator, rather than one piece of hardware.