Hi All, We have Endpoint Security System Extension. We are facing an issue in macOS Sonoma only where we have found that open() API is not returning any response when we try to open the files and OS killing/crashing the extension. We have found in log streaming below lines for our extension: error 12:50:51.093673+0530 tccd Failed to create LSApplicationRecord for file:///Library/SystemExtensions/3378971F-D41D-4230-A887-E0DC0F61E98D/com.*.sysextcontainer.onlineext.systemextension/: 'The operation couldn’t be completed. (OSStatus error -10811.)' It seems internally some access is removed by apple on booting however we can still see our extension has Full Disk Access in System Settings. We have installed new macOS Sequoia Public beta 24A5289h and above issue is not observed and also issue not seen in previous OS(Big Sur, Monterey, Ventura) and seen only in Sonoma. We already have filed a Feedback : FB13806349 ... Thanks & Regards, Mohmad Vasim

Hi all, I am developing new things on my existing .Net core application. I want to create a new page and with this page, the users will create a new app and write important informations. But I cant create a new app with sending post request with connect API. Here is my Postman requests and body. Sending request to : https://api.appstoreconnect.apple.com/v1/apps Body : { "data": { "type": "apps", "attributes": { "bundleId": "com.test.testtest", "name": "Test Test", "primaryLocale": "en-US", "sku": "test2024", "platform": "IOS" } } } Also I am using a bearer token, and this token has a admin role. When I send a post request, I am getting below error. { "errors": [ { "id": "35f9631f-b8d8-408c-8dfd-adaef043d062", "status": "403", "code": "FORBIDDEN_ERROR", "title": "The given operation is not allowed", "detail": "The resource 'apps' does not allow 'CREATE'. Allowed operations are: GET_COLLECTION, GET_INSTANCE, UPDATE" } ] } How can I fix this. Pls help. Thanks.

I have delivery app for customer, driver and we collected location data from user. With the app for driver, we collected location data for provide direction to deliver, tracking location on Admin to support and send nearest order request. With the app for customer, we collect location data to show nearest restaurant in 1 km and send current location on Admin for support. So, I still concern that the app for driver or customer should have request App Tracking Transparency permission?

We develop an SDK that requires sharing a device-specific identifier with our web API, in order to guarantee that certain artifacts are only used on the correct device. For the device-specific identifier, we use UIDevice.currentDevice.identifierForVendor which should not be restricted under ATT. In production, many developers are getting back to us with complaints of web requests being blocked: nw_endpoint_handler_path_change [C1 [our url]:443 waiting parent-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, uses wifi)] blocked tracker Connection 1: received failure notification Connection 1: failed to connect 1:50, reason -1 Connection 1: encountered error(1:50) Task <FA03088C-DDFC-437E-A06F-E05CC930E3E0>.<1> HTTP load failed, 0/0 bytes (error code: -1009 [1:50]) Task <FA03088C-DDFC-437E-A06F-E05CC930E3E0>.<1> finished with error [-1009] Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." UserInfo={_kCFStreamErrorCodeKey=50, NSUnderlyingError=0x3031118f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1009 "(null)" UserInfo={_NSURLErrorBlockedTrackerFailureKey=true, _kCFStreamErrorDomainKey=1, _kCFStreamErrorCodeKey=50, _NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, uses wifi}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <FA03088C-DDFC-437E-A06F-E05CC930E3E0>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <FA03088C-DDFC-437E-A06F-E05CC930E3E0>.<1>" ), NSLocalizedDescription=The Internet connection appears to be offline., NSErrorFailingURLStringKey=..., NSErrorFailingURLKey=..., _kCFStreamErrorDomainKey=1} Interestingly, I've made a few observations: The blacklist seems to be persistent, across devices. The blacklist stays in place regardless of whether we send no identifiable data in the web request (in fact, an empty ping request to our URL still gets blocked) The only way to get past the block is to use ATT, and request from the user that we track them across websites. This is false, because we don't track any user data whatsoever; and iOS disables ATT by default (in the settings app, users have to opt-in). Our iOS SDK already has an xcprivacy manifest mentioning the fact that we use a device-specific identifier, and that we send it to our web API URL. Still, we get blocked. How can we fix this? We can standup a proxy URL but I'd imagine it's only a matter of time before that also gets blocked. Apple has not provided any guidance on the specifics of how domains get blocked, and how they can be unblocked.

In order to have ads on Meta that link to the App Store directly (instead of to a website) Meta requires that I install the FB SDK. Now: Apple requires an ATT permission popup if a user is being tracked. I've installed the SDK but turned all tracking off by default (so it behaves as though the user said "no" to the ATT popup) and it's still not passing review. Any ideas as to what I could try next?

Apple is continuously replying this to my app The app appears to manipulate users into enabling tracking across different apps and websites. Specifically: The app requires users to enable tracking in order to access the app's content and functionality. Users should have control over how their personal information is used and should not be forced or manipulated into enabling tracking. Next Steps Take the following step(s) to resolve this issue: Revise the app so that users are not required to enable tracking in order to access the app's content and functionality. Resources Learn more about these requirements in guideline 5.1.2. iOS App 1.0App Version Rejection Reasons: 5.1.2 Legal: Privacy - Data Use and Sharing My login function is dependent on advertising id and advertising id can be achieved through tracking, what to do for my case? We aren’t taking advertising id for ads purpose or unlawful acts. Advertising id is solely taken to get us know that user is using same older device he used for last successful login. We need two unique identifier: keychain uuid used advertising id how to get this thing approved from Apple? I tried to reply the message and requested phone call but no response.

Hi, I have an issue with App submission. My flow is: show third party cookie consent banner (is an external SDK) show ATT Apple with this message "Allowing tracking will enable more personalized ads for you." Apple says this: You collect data to track after the user selects "Ask App Not to Track" on the App Tracking Transparency permission request. Specifically, we noticed the app accesses web content you own and collects cookies for tracking after the user asked you not to track them. Next Steps To resolve this issue, please revise the app so that you do not collect data for tracking purposes if the user does not give permission for tracking. Alternatively, if you do not collect cookies for tracking purposes, revise the cookie prompts that appear in the app to clarify you do not track users. in the rejection they put the ATT alert and the third party banner as the screen Do you have any input on this as Apple never says things clearly about what the problem is. Thank you

I created an app that implements Google AdMob banner ads. I have implemented App Tracking Transparency, but I don't see permission requests on devices running the latest operating system (iOS17.4). We have already taken the following measures. AdMob banner ads are displayed instead of permission requests. Setting Info.plist NSUserTrackingUsageDescription Used to display relevant ads to the user. App initialization timing I call it in ContentView's onAppear so that it is called immediately when the app starts. Check the settings of the actual machine In the iOS device settings, go to "Settings" > "Privacy" > "Tracking" and enable tracking. We apologize for the inconvenience and appreciate your guidance.

Hi, Can someone confirm if the "NSPrivacyTrackingDomains" key for the Privacy Manifest supports wildcard domains such as "*.example.com" or do domain string have to be explicitly defined like "test.example.com"? Thanks.

Hello everyone, I'm currently working on implementing a vaccine tracker and reminder feature for an application. As part of this feature, I plan to collect basic information about babies from their parents, such as name, gender, and date of birth, in order to create personalized profile cards and assist in tracking vaccinations. My question is regarding the gender field: Is it acceptable to ask for only 'male' or 'female' as options, or should I include other gender options as well to ensure inclusivity? Additionally, considering that I'll be asking for gender and date of birth, I'm concerned about potential rejection of the app build by Apple. Can anyone provide insight into whether this could be an issue? Thank you for your help and guidance!

We are developing a mobile app for our financial institution using React Native. As part of our fraud prevention measures, we need to determine the country a user is located in. However, we have noticed that the permission requests seem excessive for our requirements, especially since we only need this information if a user changes countries. Also, is there a way to only be notified when a user changes countries? Our primary goal is to identify the user's country without requesting unnecessary permissions or compromising the user experience. We want to avoid requesting location permissions if possible, as it may raise concerns among our users. What are the best practices and recommended approaches for financial institutions to determine a user's country in a React Native app, while minimizing the use of sensitive permissions? Are there any iOS-specific APIs, frameworks, or third-party libraries that can help us achieve this in a privacy-friendly manner? We would greatly appreciate any guidance, insights, or examples from the developer community to help us strike the right balance between security and user privacy. Thank you in advance for your assistance!

・Xcode 15.1 ・The app is also compatible with Watch. In the privacy manifest, we defined NSPrivacyTracking to YES and NSPrivacyTrackingDomains to specific domains. Furthermore, to avoid warnings when uploading to Testflight, we have implemented a privacy manifest file in the app with the following configuration. ・Place the .xcprivacy files for the app itself and WatchExtension under their respective Target directories. ・Settings related to tracking domains are listed in .xcprivacy of the app itself. ・In .xcprivacy of WatchExtension, only describe the reason for UserDefault of NSPrivacyAccessedAPIType However, these implementations do not block network connections, "Fault" still occurs on "Point of Intereset instruments". Is there something wrong with my implementation?

Hello community, This is my first application that I try to publish, however my app has been rejected several times due to issues with the "purpose strings". I have already made several modifications to the texts but even so the app continues to be rejected, add the permissions in the infoPlist and texts, but they keep rejecting me, could someone advise me to comply with this requirement and publish my app. Apple sends me these comments Issue Description One or more purpose strings in the app do not sufficiently explain the use of protected resources. Purpose strings must clearly and completely describe the app's use of data and, in most cases, provide an example of how the data will be used. Examples of unclear purpose strings: "App would like to access your Contacts" "App needs microphone access" Next Steps Update the location and AppTrackingTransparency framework purpose string to explain how the app will use the requested information and provide an example of how the data will be used. See the attached screenshot. Thanks !!!

We have a question about tracking domains: If we found a tracking domain in our app（eg."example.tracking.com"）, but not put it into the PrivacyInfo.xcprivacy -> tracking domain list (refer to https://developer.apple.com/documentation/bundleresources/privacy_manifest_files), will iOS auto block the connection of this domain even when the tracking permission is granted? At the current time, the answer seems to be NO, but we are not sure about the situation in the future. Add this is the test result: tracking domains added + tracking permission granted -> not blocked tracking domains added + tracking permission not granted -> blocked tracking domains not added + tracking permission granted -> not blocked tracking domains not added + tracking permission not granted -> not blocked So it there any suggestion about the question? Thanks!

Hello, we have noticed a change in the last few weeks in how Mail Privacy Protection (MPP) is operating. Specifically, MPP pre-caches images within email newsletters that are protected via Private Relay. The end result of the pre-cacheing is that every image in the newsletter is retrieved from our servers even if the user does not open the newsletter. This has been in place since '21. What we've noticed in the last month or so, is that the amount of pre-cacheing has dropped significantly, on the order of 20-25%. We can compare this with newsletters opened in non-MPP environments to know that email sends are consistent, it is only that pre-cached events seem to have changed. Does anyone know of any changes to the logic of Private Relay / MPP that would impact how it is pre-caching data from email newsletters? Thank you.

ISSUE: In our code we are using the ImageTrackingProvider and ARKit similarly with the code provided from Apple documentation: https://developer.apple.com/documentation/visionos/tracking-images-in-3d-space However, when the application runs and we move the image in real space, the Image Tracking Provider send updates with a very low rate (about one frame per sec!) on the real Vision Pro device (please see the attached video). According to WWDC2023 (https://developer.apple.com/videos/play/wwdc2023/10091) the image anchors are updated as soon as they are available automatically by the system and they are not depended from camera frame rates. Therefore, why this is happening? We tried also to create an ImageAnchor by using the Reality Composer Pro in order to build a scene with it and check if we could have better tracking speed and updates. However, we found that Reality Composer Pro does not support image anchors like its predecessor Reality Composer! We also created the ImageAnchor on a Reality Composer Project and we tried to import the reality project / scene to out visionOS app. However, when the app builds we take an incompatibility message: “RealityKitContent - Tool terminated by signal 'Bus error: 10’ ” Other Reality Composer Projects that do not have image anchors are imported without any problems! We also tried to find if there is a frame rate setting on the real Vision Pro device (for reasons of battery saver), but we couldn’t find any. Finally, we tried to change asynchronous Tasks to synchronous in our code, but this couldn’t solve the problem. As the image detection and tracking in our code runs perfectly on iOS devices, and we want to build our apps to pure immersive space visionOS projects, what else can we do to have the same efficiency and performance like iOS?

Hi Everybody, I would like to see the feature, that allows us to limit the access for selected apps to get access to our Contacts. Especially apps like WhatsApp cannot be trusted, in my opinion, so I would love to see the possibility to prevent, that they just analyse our full Contact book and sell the data. With a limited access feature, we can at least decide, which information we wanna share with suspicious companys. What do you think and how could we reach the developers attention to get this with the next major update. Greetings from Europe

In my device (iOS 17.4.1) settings, allowing apps to request tracking is enabled. Here is my request code: if (@available(iOS 14, *)) { ATTrackingManagerAuthorizationStatus attStatus = [ATTrackingManager trackingAuthorizationStatus]; if(attStatus == ATTrackingManagerAuthorizationStatusNotDetermined){ [ATTrackingManager requestTrackingAuthorizationWithCompletionHandler:^(ATTrackingManagerAuthorizationStatus status) { if (status == ATTrackingManagerAuthorizationStatusAuthorized) { NSLog(@"iOS14, ATT enabled"); [FBAdSettings setAdvertiserTrackingEnabled:YES]; NSLog(@"iOS14, ATT enabled, FBAdSettings setAdvertiserTrackingEnabled:YES successed"); } else if (status == ATTrackingManagerAuthorizationStatusDenied) { NSLog(@"iOS14, ATT disabled"); [FBAdSettings setAdvertiserTrackingEnabled:NO]; NSLog(@"iOS14, ATT disabled, FBAdSettings setAdvertiserTrackingEnabled:NO successed"); } UnitySendMessage("StoreKitListener", "OnRequestATTPermissionFinished", [[NSString stringWithFormat:@"%d", (int)status] cStringUsingEncoding:NSUTF8StringEncoding]); }]; } } else { UnitySendMessage("StoreKitListener", "OnRequestATTPermissionFinished", [[NSString stringWithFormat:@"%d", 3] cStringUsingEncoding:NSUTF8StringEncoding]); } When attStatus == ATTrackingManagerAuthorizationStatusNotDetermined, requestTrackingAuthorizationWithCompletionHandler will be called. Afterwards, status == ATTrackingManagerAuthorizationStatusDenied is received, and at the same time, I can see the permission request popup.

`import UIKit import AppTrackingTransparency func requestDFA(){ if #available(iOS 14, *){ ATTrackingManager.requestTrackingAuthorization { status in switch status { case .authorized: // 用户已授权跟踪 print("Tracking authorization status: authorized") case .denied: // 用户拒绝跟踪 print("Tracking authorization status: denied") case .notDetermined: // 用户尚未做出选择 print("Tracking authorization status: not determined") case .restricted: // 跟踪受限，例如在家长控制设置下 print("Tracking authorization status: restricted") default: print("Tracking authorization status: unknown") } } } } @main class AppDelegate: UIResponder, UIApplicationDelegate { func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool { // Override point for customization after application launch. requestDFA() return true } // MARK: UISceneSession Lifecyclez func application(_ application: UIApplication, configurationForConnecting connectingSceneSession: UISceneSession, options: UIScene.ConnectionOptions) -> UISceneConfiguration { // Called when a new scene session is being created. // Use this method to select a configuration to create the new scene with. return UISceneConfiguration(name: "Default Configuration", sessionRole: connectingSceneSession.role) } func application(_ application: UIApplication, didDiscardSceneSessions sceneSessions: Set) { // Called when the user discards a scene session. // If any sessions were discarded while the application was not running, this will be called shortly after application:didFinishLaunchingWithOptions. // Use this method to release any resources that were specific to the discarded scenes, as they will not return. } }`

As title, i tried to get tracking domain by Network instruments, but it shows Call os_log APIs on a logging handle network instruments. Anyone know how can i log the domain. Thanks