Discuss how to secure user data, respect user data preferences, support iCloud Private Relay and Mail Privacy Protection, replace CAPTCHAs with Private Access Tokens, and more. Ask about Privacy nutrition labels, Privacy manifests, and more.

Posts under Privacy tag

200 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

TCC_CRASHING_DUE_TO_PRIVACY_VIOLATION
Hello, we have received a crash report from AppStore connect / Xcode, TCC_CRASHING_DUE_TO_PRIVACY_VIOLATION on an iPhone 12 Pro running iOS 18.1 (unfortunately, we don't know the user and how did they get the crash) The log mentions NSPhotoLibraryAddUsageDescription, but we are not using photo library in any shape or form, do we still need to include this key in Into.plist? And what do we put there? Thanks! Full log will not fit here, but here is a about half of it, with parts that mention crash (Thread 7), PhotoLibraryServicesCore, PHPerformChangesRequest determineAuthorizationStatusForChanges (Thread 4) and Binary Images, including /System/Library/Frameworks/Photos.framework/Photos /System/Library/PrivateFrameworks/PhotoLibraryServicesCore.framework/PhotoLibraryServicesCore (not sure why are they there) Incident Identifier: 5AFB7CCF-ECEC-40E1-AF71-02799924BC8C Distributor ID: com.apple.AppStore Hardware Model: iPhone13,3 Process: Polynomials [8291] Path: /private/var/containers/Bundle/Application/168A2A15-821B-414A-84B6-43C5184E5B59/Polynomials.app/Polynomials Identifier: com.graphmath.PolynomialsSbS Version: 5.1 (16) AppStoreTools: 16C5031b AppVariant: 1:iPhone13,3:18 Code Type: ARM-64 (Native) Role: Foreground Parent Process: launchd [1] Coalition: com.graphmath.PolynomialsSbS [2383] Date/Time: 2024-12-10 05:23:26.6944 +0200 Launch Time: 2024-12-10 05:16:45.7989 +0200 OS Version: iPhone OS 18.1 (22B5069a) Release Type: Beta Baseband Version: 5.10.01 Report Version: 104 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: TCC 0 This app has crashed because it attempted to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSPhotoLibraryAddUsageDescription key with a string value explaining to the user how the app uses this data. Triggered by Thread: 7 ... Thread 3: ... 9 UIKitCore 0x000000018dac114c closure #2 in InProcessAnimationManager.startAdvancing(_:) + 156 (InProcessAnimationManager.swift:900) 10 UIKitCore 0x000000018d5cd118 thunk for @escaping @callee_guaranteed @Sendable () -> () + 36 (:0) 11 Foundation 0x00000001898296c8 NSThread__start + 724 (NSThread.m:991) 12 libsystem_pthread.dylib 0x000000021304937c _pthread_start + 136 (pthread.c:931) 13 libsystem_pthread.dylib 0x0000000213044494 thread_start + 8 Thread 4 name: Thread 4: 0 libsystem_kernel.dylib 0x00000001daf24604 semaphore_wait_trap + 8 1 libdispatch.dylib 0x000000019288466c _dispatch_sema4_wait + 28 (lock.c:139) 2 libdispatch.dylib 0x0000000192884d20 _dispatch_semaphore_wait_slow + 132 (semaphore.c:132) 3 PhotoLibraryServicesCore 0x00000001a37cde70 -[PLPrivacy _checkAuthStatusForPhotosAccessScope:preflightStatus:promptIfUnknown:resultHandler:] + 532 (PLPrivacy.m:554) 4 PhotoLibraryServicesCore 0x00000001a37cd9e0 __87-[PLPrivacy _isPhotosAccessAllowedWithScope:promptIfUnknown:synchronous:resultHandler:]_block_invoke + 240 (PLPrivacy.m:587) 5 libdispatch.dylib 0x00000001928840d0 _dispatch_client_callout + 20 (object.m:576) 6 libdispatch.dylib 0x0000000192893750 _dispatch_lane_barrier_sync_invoke_and_complete + 56 (queue.c:1104) 7 PhotoLibraryServicesCore 0x00000001a37c2c44 -[PLPrivacy _isPhotosAccessAllowedWithScope:promptIfUnknown:synchronous:resultHandler:] + 156 (PLPrivacy.m:582) 8 PhotoLibraryServicesCore 0x00000001a385af74 -[PLPrivacy checkPhotosAccessAllowedWithScope:] + 136 (PLPrivacy.m:608) 9 Photos 0x00000001a2b99854 -[PHPerformChangesRequest determineAuthorizationStatusForChanges] + 52 (PHPerformChangesRequest.m:417) 10 Photos 0x00000001a2c59a78 __102-[PHPhotoLibrary _performCancellableChanges:withInstrumentation:onExecutionContext:completionHandler:]_block_invoke + 80 (PHPhotoLibrary.m:2044) ... Thread 7 Crashed: 0 libsystem_kernel.dylib 0x00000001daf36ec4 __abort_with_payload + 8 1 libsystem_kernel.dylib 0x00000001daf56bec abort_with_payload_wrapper_internal + 104 (terminate_with_reason.c:102) 2 libsystem_kernel.dylib 0x00000001daf56c20 abort_with_payload + 16 (terminate_with_reason.c:124) 3 TCC 0x00000001ada4eb10 TCC_CRASHING_DUE_TO_PRIVACY_VIOLATION + 172 (TCC.c:579) 4 TCC 0x00000001ada4a210 ___tcc_server_send_request_authorization_block_invoke_3 + 124 (tcc_server.c:322) 5 TCC 0x00000001ada4e230 __tccd_send_message_block_invoke + 624 (TCC.c:0) 6 libxpc.dylib 0x00000002130adc40 _xpc_connection_reply_callout + 116 (serializer.c:119) 7 libxpc.dylib 0x00000002130a0390 _xpc_connection_call_reply_async + 80 (connection.c:894) 8 libdispatch.dylib 0x0000000192884150 _dispatch_client_callout3 + 20 (object.m:602) 9 libdispatch.dylib 0x00000001928a1b2c _dispatch_mach_msg_async_reply_invoke + 340 (mach.c:3102) 10 libdispatch.dylib 0x0000000192896f98 _dispatch_root_queue_drain_deferred_item + 336 (queue.c:7291) 11 libdispatch.dylib 0x00000001928967cc _dispatch_kevent_worker_thread + 500 (queue.c:6764) 12 libsystem_pthread.dylib 0x0000000213047cb4 _pthread_wqthread + 344 (pthread.c:2702) 13 libsystem_pthread.dylib 0x0000000213044488 start_wqthread + 8 Binary Images: ... 0x1a2b1e000 - 0x1a2e98fff Photos arm64e <286e53b489dc3526809cde731d193edd> /System/Library/Frameworks/Photos.framework/Photos 0x1a37bf000 - 0x1a38d8fff PhotoLibraryServicesCore arm64e <2ef5261171363f638de0424b4a0ad257> /System/Library/PrivateFrameworks/PhotoLibraryServicesCore.framework/PhotoLibraryServicesCore 0x1ada46000 - 0x1ada5dff0 TCC arm64e <8d07479816c73b24a7cc13b7e3f6f361> /System/Library/PrivateFrameworks/TCC.framework/TCC 0x1d6b63000 - 0x1d6b6bfff GraphicsServices arm64e /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices ...
2
0
166
6d
First update to NWBrowser is always ready, irrespective of Local Networking privacy status
I'm trying to detect the state of Local Network privacy on macOS Sequoia via NWBrowser, as recommended in https://developer.apple.com/documentation/technotes/tn3179-understanding-local-network-privacy Regardless of the state of Local Network privacy - undetermined, allowed or denied, NWBrowser receives an update indicating that its in the ready state. Scanning does not seem to trigger the Local Network privacy alert for me - I have to use the other recommended method to trigger the prompt. Enabling or disabling Local Network privacy does not seem to send any updates for NWBrowser. https://developer.apple.com/forums/thread/666431 seems related, and implies that they did receive further updates to NWBrowser. Filed as FB16077972
10
1
219
1w
Collecting effective permissions for ScreenCaptureKit in xCode
I am a complete newbie when it comes to Swift and MacOS development. So apologies, I don't even know what is the right thing to search for. I have an app which uses ScreenCaptureKit. I had a preview working which showed the different windows available, it initially required me to give my app permissions for screen and system audio recording which I did. However now whenever I rebuild the app it asks for permission again and fails - despite the permission already being given.
2
0
142
1w
Add "local network access" permission for macOS 15 runners
Hi, We have an issue (https://github.com/actions/runner-images/issues/10924) raised by a user requesting to add 'local network access' permission for macOS 15 and macOS 15-arm64 image runners. Apple introduced a new LNP policy with macOS Sequoia that is not controlled by TCC or MDM. Could you please guide us on how to add 'local network access' permission for macOS 15 and macOS 15-arm64 image runners? Thanks.
3
0
198
1w
Publishing an app with the correct privacy settings
I am a new developer working to publish an app that includes a location tracker but does not collect user location data. I lam developing my app using Thunkable. My initial submission was rejected because opening the app triggered the error message: "This app is missing "NUserTrackingDescription so tracking transparency will fail. Ensure that this key exists in app's info.plist" However when I add in the NUserTrackingDescription it triggers a process by which I have to notify users that their location data is being collected, which is not the case. I am looking for advice on how to re-submit my app with the correct privacy settings that do not trigger the error message received previously.
0
1
165
1w
How does the Reddit app detect Safari’s Private Browsing mode when opening a Universal Link?
I’m trying to understand how the Reddit app knows to open in its anonymous mode when a link is opened from Safari’s Private Browsing mode. Does Safari explicitly pass any flag or metadata indicating the request originated from Private Browsing? Or is it inferred by the absence of shared cookies, session tokens, or other stateful data? If the detection is based on the absence of cookies, could this logic misidentify other stateless scenarios as ‘private’?
1
0
191
2w
Which type should I use in manifest?
I use activeInputModes in my app. I require the users to use English keyboard on one view controller in my app. At that page, I access the activeInputModes and return the English system keyboard. I don't customize the keyboard. Which one should I choose? In your NSPrivacyAccessedAPITypeReasons array, supply the relevant values from the list below. 3EC4.1 Declare this reason if your app is a custom keyboard app, and you access this API category to determine the keyboards that are active on the device. Providing a systemwide custom keyboard to the user must be the primary functionality of the app. Information accessed for this reason, or any derived information, may not be sent off-device. 54BD.1 Declare this reason to access active keyboard information to present the correct customized user interface to the person using the device. The app must have text fields for entering or editing text and must behave differently based on active keyboards in a way that is observable to users.
0
0
131
2w
Wake On LAN Broadcasting Issue
I am trying to create an app that lets the user send Wake On LAN calls to computers in the local network. I created a small package that uses BSD sockets (https://github.com/pultar/WakeOnLAN/blob/main/Sources/CWakeOnLAN/wol.c) to send the magic packet. For now, I select "en0" manually as the interface. The app works in the simulator but fails on a real device. I also noticed that I can test the package when I only use the terminal and Swift Package Manager but not from a CLI within XCode. In either case, I observe: "No route to host" Following previous post in the forum (see below), I figured I require the multicast entitlement, which I was granted and could add in the Xcode project settings and on Apple Developer together with my App Bundle ID. However, even after activating the entitlement for my app, I observe the same error.
3
0
173
2w
Sequoia 15.1 new screen recording (purple) indicator in Control Center
Hello, AFAIU, a new purple dot indicator was added within the Control Center in Sequoia 15.1. Up until now it was used to indicate audio recording. My question is where would I get detailed documentation on this new indicator? I did find the following link https://support.apple.com/en-ca/guide/mac-help/mchl50f94f8f/15.1/mac/15.1 although it seems out of date, i.e. still noting only audio recording and nothing regarding screen recording. Also, can this indicator be suppressed in any way? e.g. via MDM or other means. Thanks, Doron.
1
0
204
2w
Privacy-impacting third-party SDK in a Flutter app
Hi all, I received the following email from Apple: ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/share_plus.framework/share_plus”, which includes share_plus, an SDK that was identified in the documentation as a privacy-impacting third-party SDK. Starting February 12, 2025, if a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests I use Share Plus version 7.2.2 which does not have privacy manifest file yet but I am currently unable to upgrade it to a newer version since it would then bring a restriction that I should start using Dart version 3 where I am not there yet considering my other dependencies! So I am wondering what options I have... Will Apple accept my app's new submission if I add this manifest file to my project itself rather than it is being presented in the third-party SDK? Or what else can I do, please?
2
2
292
1w
Local network privacy dialogue not triggered for bash script inside agent
Hi, I'm trying to set up automated backups on my machine using a combination of restic, a wrapper script, and a launchd agent, but I think I'm hitting a problem with the local network privacy dialogue. Basically, the script sets up the environment variables for Restic, which then tries to backup to a local REST server. Problem is, when trying to do that, I get the following error: Fatal: unable to open config file: Head "https://X:X@X.X.X.network:8000/X/X.X.X.network/config": dial tcp 192.168.50.229:8000: connect: no route to host So it resolves DNS just fine, but can't connect to the local server. I tried a couple of things, tools such as ping work and can ping the local server, but nothing I do fixes the issue with restic itself. After reading about the network privacy feature, which I loved by the way, I believe it's the culprit here. This is the .plist file I'm using, which lives in ~/Library/LaunchAgents/com.james.local-backup.plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.james.local-backup</string> <key>ProgramArguments</key> <array> <string>/Users/james/.local/bin/replicator</string> <string>--backup</string> <string>rest:https://X.X.X.network:8000/X/X.X.X.network</string> </array> <key>EnvironmentVariables</key> <dict> <key>PATH</key> <string>/opt/homebrew/opt/coreutils/libexec/gnubin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string> <key>XDG_CONFIG_HOME</key> <string>/Users/james/.config</string> </dict> <key>StartCalendarInterval</key> <dict> <key>Hour</key> <integer>13</integer> <key>Minute</key> <integer>0</integer> </dict> <key>StandardErrorPath</key> <string>/tmp/com.user.backup.err</string> <key>StandardOutPath</key> <string>/tmp/com.user.backup.out</string> <key>ProcessType</key> <string>Background</string> </dict> </plist> The local network dialogue never shows up, so I can't give the wrapper script or restic access to the local network, which I assume is why it can't connect to the local server. Any way I can solve this? I could build a proper Swift CLI that calls restic, but I assume I'd hit the same issue. Plus, it seems overkill for my needs.
4
0
276
2w
Declare user data tracking if it's disabled completely in third-party SDK
I have an app where I'm integrating the Branch.io SDK for deeplinks. I plan to use it just for deeplinks and that's it. The SDK provides it's own privacy manifest file with privacy tracking domains defined and some collected data types with "Used for Tracking" set to YES. Does anyone know if I can keep tracking disabled in the App Store Connect - App Privacy section in case if I'll configure the SDK to disable tracking completely without asking users with the ATT permission request?
0
0
172
3w
Statistical Data Collection in an SMS Filter Extension.
I am currently developing an SMS filter extension and would like to clarify certain aspects of App Store policies and Apple's privacy guidelines regarding data collection. In my extension, SMS messages are filtered using the deferQueryRequestToNetwork method to perform server-based filtering. While I understand and respect Apple’s prohibition on transmitting or storing sensitive data such as message content or sender information, I am considering collecting non-personally identifiable statistical data related to the filtering process, such as: The total number of messages filtered via the extension. Hourly statistics of filtered messages. Category-based statistics (e.g., promotion, phishing, transaction). This statistical data would be: Fully anonymized, ensuring no personally identifiable information (PII) is collected or stored. Used exclusively for providing users with aggregated insights, such as daily or weekly filtering statistics, and improving the filtering process. Given that the filtering occurs via the deferQueryRequestToNetwork mechanism, the data collection would involve the server but would remain strictly limited to anonymized statistics. Furthermore: Users would be fully informed about this data collection via a transparent privacy policy and in-app notification. Explicit user consent would be obtained before collecting or transmitting any data. Data transmission would be secured, and no raw message content or sender details would ever be stored or transmitted. Could you confirm if this practice complies with Apple’s policies? Are there any additional requirements or recommendations for handling anonymized statistical data collected via server-based filtering in an SMS filter extension?
0
0
202
3w
How to integrate keychain in the authorization plugin
Hello, I'm currently working on an authorization plugin for macOS. I have a custom UI implemented using SFAuthorizationPluginView (NameAndPassword), which prompts the user to input their password. The plugin is running in non-privileged mode, and I want to store the password securely in the system keychain. However, I came across this article that states the system keychain can only be accessed in privileged mode. At the same time, I read that custom UIs, like mine, cannot be displayed in privileged mode. This presents a dilemma: In non-privileged mode: I can show my custom UI but can't access the system keychain. In privileged mode: I can access the system keychain but can't display my custom UI. Is there any workaround to achieve both? Can I securely store the password in the system keychain while still using my custom UI, or am I missing something here? Any advice or suggestions are highly appreciated! Thanks in advance!
1
0
245
2w
Collecting device model which box do we check in App Privacy?
If we record the user's Device Model (ie. iPhone 15), what checkbox do we need to select under Data Collection in App Privacy? Device model is not a unique identifier, we do not use it for tracking. We use it to know in aggregate which phone models are using our app the most so we can prioritize our QA to focus on the top devices. Please note: we DO NOT access Device ID, as we DO NOT use it.
0
0
177
3w
Not authorized to send Apple events to Microsoft Excel
I have created swift command line project and i have added logic to executing apple script using NSAppleScript. That will launch Microsoft Excel file I am launching this swift command line executable from java using process launch. 3)This is not prompting me. It is throwing exception "Not authorized to send Apple events to Microsoft Excel." I have already tried out this option Added info.plist with NSAppleEventsUsageDescription Added entitlement with com.apple.security.automation.apple-events to true In packages i have selected this entitlement i have select the bundle identifier , team and signing certificate "Development" and automatically manage signing. can you please suggest what could i missed ?
1
0
189
2w
Bundling two apps Together
We have special use case, We have two apps, App A (Electron) and App B (Swift). App B when run independently works completely fine but when bundles with App A and shipped as dmg, App B doesn't prompt for microphone permission anymore. What can be issue? What's right way to ship both app together such that App B is hidden and launched through App A only? How can I figure out what changes after App B is bundled and comes with App A. Even if I produce dmg of App A and install it on same system, App B doesn't ask for microphone permission anymore.
1
0
174
2w