I'm developing a (XC) 3rd party framework, but the framework doesn't use any privacy access API as listed in listed in this document. Do I still need to include the PrivacyManifest.xcprivacy file which will have empty content into the framework?

Per my understanding of the DispatchQueue docs, and various WWDC videos on the matter, if one creates a queue in the following manner: let q = DisqpatchQueue( label: "my-q", qos: .utility, target: .global(qos: .userInteractive) ) then one should expect work items submitted via async() to effectively run at userInteractive QoS, as the target queue should provide a 'floor' on the effective QoS value (assuming no additional rules are in play, e.g. higher priority items have been enqueued, submitted work items enforce QoS, etc). In practice, however, this particular formulation does not appear to function that way, and the 'resolved' QoS value seems to be utility, contrary to what the potentially relevant documentation suggests. This behavior appears to be inconsistent with other permutations of queue construction, which makes it even more surprising. Here's some sample code I was experimenting with to check the behavior of queues created in various ways that I would expect to function analogously (in regards to the derived QoS value for the threads executing their work items): func test_qos_permutations() { // q1 let utilTargetingGlobalUIQ = DispatchQueue( label: "qos:util tgt:globalUI", qos: .utility, target: .global(qos: .userInitiated) ) let customUITargetQ = DispatchQueue( label: "custom tgt, qos: unspec, tgt:globalUI", target: .global(qos: .userInitiated) ) // q2 let utilTargetingCustomSerialUIQ = DispatchQueue( label: "qos:util tgt:customSerialUI", qos: .utility, target: customUITargetQ ) // q3 let utilDelayedTargetingGlobalUIQ = DispatchQueue( label: "qos:util tgt:globalUI-delayed", qos: .utility, attributes: .initiallyInactive ) utilDelayedTargetingGlobalUIQ.setTarget(queue: .global(qos: .userInitiated)) utilDelayedTargetingGlobalUIQ.activate() let queues = [ utilTargetingGlobalUIQ, utilTargetingCustomSerialUIQ, utilDelayedTargetingGlobalUIQ, ] for q in queues { q.async { Thread.current.name = q.label let threadQos = qos_class_self() print(""" q: \(q.label) orig qosClass: \(q.qos.qosClass) thread qosClass: \(DispatchQoS.QoSClass(rawValue: threadQos)!) """) } } } Running this, I get the following output: q: qos:util tgt:customSerialUI orig qosClass: utility thread qosClass: userInitiated q: qos:util tgt:globalUI-delayed orig qosClass: utility thread qosClass: userInitiated q: qos:util tgt:globalUI orig qosClass: utility thread qosClass: utility This test suggests that constructing a queue with an explicit qos parameter and targeting a global queue of nominally 'higher' QoS does not result in a queue that runs its items at the target's QoS. Perhaps most surprisingly is that if the target queue is set after the queue was initialized, you do get the expected 'QoS floor' behavior. Is this behavior expected, or possibly a bug?

Hello, Which API can be used to programatically fetch the ID of user who installed/paid the app? This is useful if an app has to create a path hierarchy for different users who have installed/paid the app, for instance, /AppName//user_files, how to get the uniqueUserID, and also, to get the information about which user these files belong to based on this uniqueUserID. App is using Swift, SwiftUI. Thanks.

Please help me understand the phrasing from Apple's articles about this topic. Of course, I am referring to the SDKs from the official list, as only those are affected by the new regulations. 1, https://developer.apple.com/support/third-party-SDK-requirements/ Starting in spring 2024, you must include the privacy manifest for any SDK listed below when you submit new apps in App Store Connect that include those SDKs, or when you submit an app update that adds one of the listed SDKs as part of the update. That states 2 cases in which fresh SDK versions are needed, containing privacy information: If you submit a completely new app If your app update contains a framework which was not present in the previous version of the app So, according to my understanding, if I create an app update, which does not contain any new SDKs, only the ones that I have been using for a while now, I can keep using these older SKD versions. And it is not mandatory to update them to newer versions. Does Apple state anywhere that we have to update every SDK from the list this spring in every case? Because that would contradict what I quoted from the article. 2, https://developer.apple.com/news/?id=3d8a9yyh And if you add a new third-party SDK that’s on the list of commonly used third-party SDKs, these API, privacy manifest, and signature requirements will apply to that SDK. Again, this states that you have to use a fresh version of an SDK in case you add it newly to your app. This seems to reinforce my point that if a 3rd party SDK was already used in previous app versions, the new requirements do not apply to that SDK and I can keep using its older release which does not have its own privacy manifest file. My main concern here is that there are many 3rd party SDKs from the list that we already use in our projects, and it would be a huge effort if my team had to update all those SDKs in every project by May. But if I'm right, it is not mandatory for us. (Of course, it would be wise to update the SDKs every now and then, but that's not the point here.) Can anybody confirm whether my understanding is correct? Maybe link some proof if I'm not right? It would be nice to have a reply from someone working at Apple, to have a reliable answer.

Hi there, I'm working on an app that contains a mini system monitoring utility. I would like to list the top CPU-using processes. As Quinn “The Eskimo!” has repeatedly cautioned, relying on private frameworks is just begging for maintenance effort in the future. Ideally, I want to go through public headers/frameworks. I've gone to great lengths to try to find this information myself, and at this point I'm just struggling. I detail my research below. Any pointers in the right direction would be much appreciated! Attempts Libproc First I looked at libproc. Using proc_pidinfo with PROC_PIDTHREADINFO, I'm able to get each thread of an app, with its associated CPU usage percentage. Summing these, I could get the total for an app. Unfortunately, this has two downsides: Listing a table of processes now takes O(proces_count) rather than just O(process_count), and causes way more syscalls to be made It doesn't work for processes owned by other users. Perhaps running as root could alleviate that, but that would involve making a priviliedged helper akin to the existing sysmond that Activity Monitor.app uses. I'm a little scared of that, because I don't want to put my users at risk. Sysctl Using the keys [CTL_KERN, KERN_PROC, KERN_PROC_PID, someProcessID], I'm able to get a kinfo_proc - https://github.com/apple-opensource/xnu/blob/24525736ba5b8a67ce3a8a017ced469abe101ad5/bsd/sys/sysctl.h#L750-L776 instance. Accessing its .kp_proc - https://github.com/apple-opensource/xnu/blob/24525736ba5b8a67ce3a8a017ced469abe101ad5/bsd/sys/proc.h#L96-L150.p_pctcpu - https://github.com/apple-opensource/xnu/blob/24525736ba5b8a67ce3a8a017ced469abe101ad5/bsd/sys/proc.h#L123 looked really promising, but that value is always zero. Digging deeper, I found the kernel code that fills this struct in (fill_user64_externproc - https://github.com/apple-opensource/xnu/blob/c76cff20e09b8d61688d1c3dfb8cc855cccb93ad/bsd/kern/kern_sysctl.c#L1121-L1168). The assignment of p_pctcpu - https://github.com/apple-opensource/xnu/blob/c76cff20e09b8d61688d1c3dfb8cc855cccb93ad/bsd/kern/kern_sysctl.c#L1149 is in a conditional region, relying on the _PROC_HAS_SCHEDINFO_ flag. Disassembling the kernel on my mac, I could confirm that the assignment of that field never happens (thus _PROC_HAS_SCHEDINFO_ wasn't set during compilation, and the value will always stay zero) Reverse engineering Activity Monitor.app Activity Monitor.app makes proc_info and sysctl system calls, but from looking at the disassembly, it doesn't look like that's where its CPU figures come from. From what I can tell, it's using private functions from /usr/lib/libsysmon.dylib. That's a user library which wraps an XPC connection to sysmond (/usr/libexec/sysmond), allowing you to create requests (sysmon_request_create), add specific attributes you want to retrieve (sysmon_request_add_attribute), and then functions to query that data out (sysmon_row_get_value). Getting the data "striaght from the horses mouth" like this sounds ideal. But unfortunately, the only documentation/usage I can find of sysmond is from bug databases demonstrating a privilege escalation vulnerability lol. There are some partial reverse engineered header files floating around, but they're incomplete, and have the usual fragility/upkeep issues associated with using private APIs. On one hand, I don't want to depend on a private API, because that takes a lot of time to reverse engineer, keep up with changes, etc. On the other, making my own similar privileged helper would be duplicating effort, and expose a bigger attack surface. Needless to say, I have no confidence in being able to make a safer privileged helper than Apple's engineers lol Reverse engineering iStat Menus Looks like they're using proc_pid_rusage - https://github.com/apple-opensource/xnu/blob/24525736ba5b8a67ce3a8a017ced469abe101ad5/libsyscall/wrappers/libproc/libproc.h#L103-L108 . However, I don't know how to convert the cpu_*_time fields of the resulting struct rusage_info_v4 - https://github.com/apple-opensource/xnu/blob/24525736ba5b8a67ce3a8a017ced469abe101ad5/bsd/sys/resource.h#L306-L343 to compute a "simple" percentage. Even if I came up with some formula that produces plausible looking results, I have no real guarantee it's correct or equivalent to what Activity Monitor shows.

Suppose I have some third party frameworks integrated in an application. From May inwards, its mandatory to have privacy manifest for all the tracking APIs. But if the third party library doesnt have any plans to integrate the third party framework, how should we proceed to avoid rejection from the app store?

Hello, maybe anyone know anything about HCE (Host card emulation) feature on iOS? As far as I read, it's not possible to achieve this functionality on iOS, but maybe there are plans to implement that? Or maybe it's clear that it wont be allowed to be used at all? Thanks:)

Hi, we are currently implementing below method for a quick POC in iOS (Xcode 15.3/macOS Sonoma 14.0): func startQUICConnection() async { // Set the initial stream to bidirectional. options.direction = .bidirectional self.mainConn?.stateUpdateHandler = { [weak self] state in print("Main Connection State: \(state)") switch state { case .ready: print("Ready...") default: break } } // Don't forget to start the connection. self.mainConn?.start(queue: self.queue) } This is what we have in the initializer of the class: parameters = NWParameters(quic: options) mainConn = NWConnection(to: endpoint, using: parameters) These are the class's properties: let endpoint = NWEndpoint.hostPort(host: "0.0.0.0", port: .init(integerLiteral: 6667)) let options = NWProtocolQUIC.Options(alpn: ["echo"]) let queue = DispatchQueue(label: "quic", qos: .userInteractive) var mainConn: NWConnection? = nil let parameters: NWParameters! As per the logs, we never get to the .ready state for the NWConnection. Logs: nw_path_evaluator_create_flow_inner failed NECP_CLIENT_ACTION_ADD_FLOW (null) evaluator parameters: quic, attach protocol listener, attribution: developer, context: Default Network Context (private), proc: 022B7C28-0271-3628-8E5E-26B590B50E5B nw_path_evaluator_create_flow_inner NECP_CLIENT_ACTION_ADD_FLOW 8FEBF750-979D-437F-B4A8-FB71F4C5A882 [22: Invalid argument] nw_endpoint_flow_setup_channel [C2 0.0.0.0:6667 in_progress channel-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, ipv6, dns, uses wifi)] failed to request add nexus flow Main Connection State: preparing Main Connection State: waiting(POSIXErrorCode(rawValue: 22): Invalid argument) We're running a local server using proxygen on port 6667. It connects with the proxygen client though... Have tried several thing but results are the same.

When distributing a 3rd party SDK as an XCFramework in order to include the privacy manifest to the bundle you need to include the resources key in the target configuration to point to the correct file, for example: resources: [.process("Resources/PrivacyInfo.xcprivacy")] However, when distributing the xcframework as a binaryTarget resources is not available. How can I include my privacy manifest when configuring Package.swift ?

In https://developer.apple.com/support/third-party-SDK-requirements/ it says "Signatures are also required in these cases where the listed SDKs are used as binary dependencies. " As I am clueless regarding the technicalities of how sdks are added to a host app, the term binary dependency means nothing to me. For reference, our app uses Cocoapods to install all of the sdks.

Prepared archive for validation Validation failed error: Asset validation failed Missing Bundle Identifier. The application bundle contains a tool or framework [aaa.bbb.ccc.ddd.pkg/Payload/my.app/Contents/Frameworks/Abc.framework] that is missing the bundle identifier in its Info.plist file. (ID: 8d117580-6d15-4b9e-8a0c-3bd069c66c77) error: Asset validation failed Bad Bundle Executable. You must include a valid CFBundleExecutable key in the nested bundle [aaa.bbb.ccc.ddd.pkg/Payload/shudou.app/Contents/Frameworks/Abc.framework] property list file. (ID: 62894f06-c782-4d67-85df-91912d1b6609) Abc.framwork is a pre-built lib used in swift. I put following keys in Abc.xcframework's Info.plist, but no effect. <key>CFBundleIdentifier</key> <string>aaa.bbb.ccc.ddd.Libname</string> <key>CFBundleExecutable</key> <string>Libname</string>

我想用Network.framework中path_monitor来监听网络状态的变化，在Network.framework的interface.h中有一个枚举定义nw_interface_radio_type_t，我没有找到关于它的使用方法。 I want to use path_monitor in Network.framework to monitor changes in network status. There is an enumeration definition nw_interface_radio_type_t in interface.h of Network.framework. I have not found how to use it.

While building xcode is giving me the **** error Cannot load module '***' built with SDK 'iphoneos16.4' when using SDK 'iphoneos17.0': /Users/***/Library/Developer/Xcode/DerivedData/project-biopprgumksoaqgnrhztiivzzjkq/Build/Products/Debug-iphoneos/Turf.framework/Modules/Turf.swiftmodule/arm64-apple-ios.swiftmodule It's working fine on xcode 14.3 but giving error on xcode 15

We use CocoaPods to manage third-party SDKs, so how should we sign and use these third-party SDKs

I am creating a project with Flutter, but in the Runner/Frameworks folder, all files such as Pods_Runner.framework etc. are red and the file is not located in the specified folder. The same situation exists in my old projects. I don't know where I'm doing wrong, it was normal until a few days ago, but now even if I create a new project, I get the same error. Flutter Version: 3.13.9 Cocoapods Version: 1.15.2 XCode: 15.1

Why not give devs pvt file bundle, with only image and video, it's not live photo!!! I can't use the quick look framework to preview it, and I also can't share to another app as live photo example: save it back to photos or share it by iMessage 🙄 . I can't understand this design, why not any detail? Another thing is so bad, the music data type has no store ID for musickit play item, so the Apple Journal app can play the music, but other apps can't do it! The live photo is the same. What are you doing Apple?

With Xcode 15.3, iOS SDK 17.4, in a iOS App, I have this error : TestClass.swift:11:27: error: cannot find 'CLBeaconIdentityCondition' in scope let beaconCondition = CLBeaconIdentityCondition(uuid: UUID(uuidString: "12345678-1234-1234-1234-123456789012"), major: 1, minor: 2) I can reproduce with this swift code : import CoreLocation class TestClass: NSObject{ let beaconCondition = CLBeaconIdentityCondition(uuid: UUID(uuidString: "12345678-1234-1234-1234-123456789012"), major: 1, minor: 2) } And this compilation command : xcrun swiftc -target arm64-apple-ios17.4 -sdk $(xcrun --sdk iphoneos --show-sdk-path) -emit-executable TestClass.swift -o TestClassExecutable -F /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks -framework CoreLocation

0 In other frameworks, I've seen codeSignature included in dynamic cases. because dynamic frameworks have "embed and sign" option. but this time Apple said, "Signatures are so required in these cases where the listed SDKs are used as binary dependencies." Does that mean that even if the ".framework" file of the SDK you are deploying is static, you have to include codeSignature? and if a framework is not included in Privacy-Impacting SDKs list, is it okay not to sign?