Xcode Version 16.3 (16E140) App developed in Flutter Flutter 3.29.3 Test iPhone device: iPhone 16 Pro running iOS 18.5 I have an app that requires Camera access. This used to work before with iOS 18.4.x. I have dumbed down my app to just get Camera permission. Even then it fails flutter: Camera permission: PermissionStatus.denied flutter: Photos permission: PermissionStatus.denied flutter: Microphone permission: PermissionStatus.denied flutter: --- End Debug Info --- flutter: Loaded translations from asset for en_US container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled flutter: CAMERA PERMISSION STATUS: PermissionStatus.permanentlyDenied Camera permissions don't show up in my App settings or under "Settings -> Privacy and Security -> Camera" and I am at loss to understand why this is happening.

Title: Sporadical - Permissions Not Cleared After App Uninstallation on iOS18 I install and launch my private MAUI App I ask for example Bluetooth permissions (can be any other permission) I tap Allow button on native settings (or Don't Allow) I unistall app from real phone (we can wait for a while) I install and launch My Private MAUI App I ask for example Bluetooth permissions <- here is an issue. Bluetooth is already granted, so I cannot ask for it again. Occurrence: This issue occurs inconsistently: On iOS 18.5: approximately 5 out of 10 times On iOS 17: approximately 1 out of 50 times Tested using my automated system using Appium latest. After each scenario I unistall app using: "mobile: removeApp" with bundleId

Hello, Can anyone help me with the below? I've been sent the below bolded, italicized message three time in a row now with no further explanation. _**Please note that links are required to be included in both of the metadata and the binary. We noticed that your app binary is still missing: A functional link to your privacy policy A functional link to your Terms of Use This information is required for apps which include auto-renewable subscriptions.**_ My reviewer initially instructed me to include my terms of use link in my app description (as my privacy policy was already displayed). I followed that instruction and that subsequently started the persistence of the bolded, italicized message. For full context, the links are in my app description and on my paywall inside of the app itself. I need help and clarity on what I'm missing so I can get the app approved. Also, if anyone knows any alternative ways of allowing users to purchase a subscription within the app that Apple allows - I would appreciate that information, as it seems this process is too complicated for me.

Hi, I had a few questions regarding the multicast networking entitlement. What are the criteria for approval? Do ad-hoc multicast protocols fall under the approval criteria? How long do approvals for multicasting generally take?

Hello, I'm trying to handle the following use case right after app installation: Display a microphone permission modal on the lock screen before answering an incoming call notification However, I've been searching for a way to show permission modals while the screen is locked, but I couldn't find any solution in other forums or documentation. I've also checked several calling apps, and it appears that none of them display permission modals either. Is this an OS specification/limitation? Are there any workarounds available?

https://developer.apple.com/documentation/apptrackingtransparency/attrackingmanager/authorizationstatus/notdetermined Note: Discussion If you call ATTrackingManager.trackingAuthorizationStatus in macOS, the result is always ATTrackingManager.AuthorizationStatus.notDetermined. So, does macOS support getting ATT?

I'm using a Mac Studio in a homelab context and use Homebrew to manage the installed services. The services include things that access the local network, for example Prometheus which monitors some other servers, a reverse proxy which fronts other web services on the network, and a DNS server which can use another as upstream. Local Network Access permissions make it impossible to reliably perform unattended updates of services because an updated binary requires a GUI login to grant local network permissions (again). I use brew services to manage the services as launchd agents, i.e. they run in a non-root GUI context. I know that I can also use sudo brew services which instead installs the services as launchd daemons, but running services as root has negative security implication and generally doesn't look like a good idea to me. If only there was a way to disable local network access checks altogether…

Trying to apply 'always trust' to certificate added to keychain using both SecItemAdd() and SecPKCS12Import() with SecTrustSettingsSetTrustSettings(). I created a launchdaemon for this purpose. AuthorizationDB is modified so that any process running in root can apply trust to certificate. let option = SecTrustSettingsResult.trustRoot.rawValue // SecTrustSettingsResult.trustAsRoot.rawValue for non-root certificates let status = SecTrustSettingsSetTrustSettings(secCertificate, SecTrustSettingsDomain.admin, [kSecTrustSettingsResult: NSNumber(value: option.rawValue)] as CFTypeRef). Above code is used to trust certificates and it was working on os upto 14.7.4. In 14.7.5 SecTrustSettingsSetTrustSettings() returns errAuthorizationInteractionNotAllowed. In 15.5 modifying authorization db with AuthorizationRightSet() itself is returning errAuthorizationDenied.Tried manually editing authorization db via terminal and same error occurred. Did apple update anything on Security framework? Any other way to trust certificates?

I've recently updated one of our CI mac mini's to Sequoia in preparation for the transition to Tahoe later this year. Most things seemed to work just fine, however I see this dialog whenever the UI Tests try to run. This application BoostBrowerUITest-Runner is auto-generated by Xcode to launch your application and then run your UI Tests. We do not have any control over it, which is why this is most surprising. I've checked the codesigning identity with codesign -d -vvvv as well as looked at it's Info.plist and indeed the usage descriptions for everything are present (again, this is autogenerated, so I'm not surprised, but just wanted to confirm the string from the dialog was coming from this app) <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>BuildMachineOSBuild</key> <string>22A380021</string> <key>CFBundleAllowMixedLocalizations</key> <true/> <key>CFBundleDevelopmentRegion</key> <string>en</string> <key>CFBundleExecutable</key> <string>BoostBrowserUITests-Runner</string> <key>CFBundleIdentifier</key> <string>company.thebrowser.Browser2UITests.xctrunner</string> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleName</key> <string>BoostBrowserUITests-Runner</string> <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> <string>1.0</string> <key>CFBundleSignature</key> <string>????</string> <key>CFBundleSupportedPlatforms</key> <array> <string>MacOSX</string> </array> <key>CFBundleVersion</key> <string>1</string> <key>DTCompiler</key> <string>com.apple.compilers.llvm.clang.1_0</string> <key>DTPlatformBuild</key> <string>24A324</string> <key>DTPlatformName</key> <string>macosx</string> <key>DTPlatformVersion</key> <string>15.0</string> <key>DTSDKBuild</key> <string>24A324</string> <key>DTSDKName</key> <string>macosx15.0.internal</string> <key>DTXcode</key> <string>1620</string> <key>DTXcodeBuild</key> <string>16C5031c</string> <key>LSBackgroundOnly</key> <true/> <key>LSMinimumSystemVersion</key> <string>13.0</string> <key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict> <key>NSAppleEventsUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSBluetoothAlwaysUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSCalendarsUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSCameraUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSContactsUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSDesktopFolderUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSDocumentsFolderUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSDownloadsFolderUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSFileProviderDomainUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSFileProviderPresenceUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSLocalNetworkUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSLocationUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSMicrophoneUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSMotionUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSNetworkVolumesUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSPhotoLibraryUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSRemindersUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSRemovableVolumesUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSSpeechRecognitionUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSSystemAdministrationUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSSystemExtensionUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>OSBundleUsageDescription</key> <string>Access is necessary for automated testing.</string> </dict> </plist> Additionally, spctl --assess --type execute BoostBrowserUITests-Runner.app return an exit code of 0 so I assume that means it can launch just fine, and applications are allowed to be run from "anywhere" in System Settings. I've found the XCUIProtectedResource.localNetwork value, but it seems to only be accessible on iOS for some reason (FB17829325). I'm trying to figure out why this is happening on this machine so I can either fix our code or fix the machine. I have an Apple script that will allow it, but it's fiddly and I'd prefer to fix this the correct way either with the machine or with fixing our testing code.

Can someone please guide me on the entire process of integrating ads in an IOS application using google's admob sdk? Not related to code but things related to Apple's privacy policy. Which options do need to select or specify in my app profile's privacy policy (identifier) section?

Either processInfo.hostName should return the same info as UIDevice.name ("iPhone") or it should require the same entitlement that UIDevice.name does to return the actual result. If processInfo.hostName is intended to return the local Bonjour name, why does it need 'local network' permission? Why isn't the 'local network' permission documented for processInfo.hostName as this is hard to track down? Tested on iOS 18.5

Recently, my application was having trouble connecting socket using TCP protocol after it was reinstalled. The cause of the problem was initially that I did not grant local network permissions when I reinstalled, I was aware of the problem, so socket connect interface worked fine after I granted permissions. However, the next time I repeat the previous operation, I also do not grant local network permissions, and then turn it back on in the Settings, and socket connect interfcae does not work properly (connect interface return errno 65, the system version and code have not changed). Fortunately, socket connect success after rebooting the phone, and more importantly, I was able to repeat the problem many times. So I want to know if the process between when I re-uninstall the app and deny local network permissions, and when I turn it back on in Settings, is that permissions have been granted normally, and not fake, and not required a reboot to reset something for socket coonnect to take effect.

I've a iOT companion app, in which I'll connect to iOT's Wi-Fi and then communicate the device with APIs, for the above functionality we needed local network permission So we enabled neccessary keys in info.plist and at the time of App Launch we trigger local network permission using the following code info.plist <string>This app needs local network access permission to connect with your iOT device and customize its settings</string> <key>NSBonjourServices</key> <array> <string>_network-perm._tcp</string> <string>_network-perm._udp</string> </array> Network Permission Trigger Methods import Foundation import MultipeerConnectivity class NetworkPermissionManager: NSObject { static let shared = NetworkPermissionManager() private var session: MCSession? private var advertiser: MCNearbyServiceAdvertiser? private var browser: MCNearbyServiceBrowser? private var permissionCallback: ((String) -> Void)? func requestPermission(callback: @escaping (String) -> Void) { self.permissionCallback = callback do { let peerId = MCPeerID(displayName: UUID().uuidString) session = MCSession(peer: peerId, securityIdentity: nil, encryptionPreference: .required) session?.delegate = self advertiser = MCNearbyServiceAdvertiser( peer: peerId, discoveryInfo: nil, serviceType: "network-perm" ) advertiser?.delegate = self browser = MCNearbyServiceBrowser( peer: peerId, serviceType: "network-perm" ) browser?.delegate = self advertiser?.startAdvertisingPeer() browser?.startBrowsingForPeers() // Stop after delay DispatchQueue.main.asyncAfter(deadline: .now() + 1.0) { [weak self] in self?.stopAll() // If no error occurred until now, consider permission triggered self?.permissionCallback?("granted") self?.permissionCallback = nil } } catch { permissionCallback?("error: \(error.localizedDescription)") permissionCallback = nil } } func stopAll() { advertiser?.stopAdvertisingPeer() browser?.stopBrowsingForPeers() session?.disconnect() } } extension NetworkPermissionManager: MCSessionDelegate { func session(_: MCSession, peer _: MCPeerID, didChange _: MCSessionState) {} func session(_: MCSession, didReceive _: Data, fromPeer _: MCPeerID) {} func session(_: MCSession, didReceive _: InputStream, withName _: String, fromPeer _: MCPeerID) {} func session(_: MCSession, didStartReceivingResourceWithName _: String, fromPeer _: MCPeerID, with _: Progress) {} func session(_: MCSession, didFinishReceivingResourceWithName _: String, fromPeer _: MCPeerID, at _: URL?, withError _: Error?) {} } extension NetworkPermissionManager: MCNearbyServiceAdvertiserDelegate { func advertiser(_: MCNearbyServiceAdvertiser, didReceiveInvitationFromPeer _: MCPeerID, withContext _: Data?, invitationHandler: @escaping (Bool, MCSession?) -> Void) { invitationHandler(false, nil) } func advertiser(_: MCNearbyServiceAdvertiser, didNotStartAdvertisingPeer error: Error) { print("❌ Advertising failed: \(error)") if let nsError = error as NSError?, nsError.domain == NetService.errorDomain, nsError.code == -72008 { permissionCallback?("denied") } else { permissionCallback?("error: \(error.localizedDescription)") } permissionCallback = nil stopAll() } } extension NetworkPermissionManager: MCNearbyServiceBrowserDelegate { func browser(_: MCNearbyServiceBrowser, foundPeer _: MCPeerID, withDiscoveryInfo _: [String: String]?) {} func browser(_: MCNearbyServiceBrowser, lostPeer _: MCPeerID) {} func browser(_: MCNearbyServiceBrowser, didNotStartBrowsingForPeers error: Error) { print("❌ Browsing failed: \(error)") if let nsError = error as NSError?, nsError.domain == NetService.errorDomain, nsError.code == -72008 { permissionCallback?("denied") } else { permissionCallback?("error: \(error.localizedDescription)") } permissionCallback = nil stopAll() } }``` I want to satisfy this following cases but it's not working as expected # Case1 Working App launches --> trigger permission using above code --> user granted permission --> connect to iOT's Wi-Fi using app --> Communicate via Local API ---> should return success response # Case2 Not working App launches --> trigger permission using above code --> user denied permission --> connect to iOT's Wi-Fi using app --> Communicate via Local API ---> should throw an error I double checked the permission status in the app settings there also showing disabled state In my case case 2 is also return success, even though user denied the permission I got success response. I wonder why this happens the same above 2 cases working as expected in iOS 17.x versions

Hello Experts, I am in need of your help with this feedback from the App Reviewer. Issue Description: One or more purpose strings in the app do not sufficiently explain the use of protected resources. Purpose strings must clearly and completely describe the app's use of data and, in most cases, provide an example of how the data will be used. Next Steps: Update the location purpose string to explain how the app will use the requested information and provide a specific example of how the data will be used. See the attached screenshot. Resources: Purpose strings must clearly describe how an app uses the ability, data, or resource. The following are hypothetical examples of unclear purpose strings that would not pass review: "App would like to access your Contacts" "App needs microphone access" Feedback #2 "Regarding 5.1.1, we understand why your app needs access to location. However, the permission request alert does not sufficiently explain this to your users before accessing the location. To resolve this issue, it would be appropriate to revise the location permission request, specify why your app needs access, and provide an example of how your app will use the user's data. To learn more about purpose string requirements, watch a video from App Review with tips for writing clear purpose strings. We look forward to reviewing your app once the appropriate changes have been made." May I know how can I update my purpose string? I appealed on the first feedback by explaining what is the purpose of it but got the Feedback #2. TYIA!!

Issue Description One or more purpose strings in the app do not sufficiently explain the use of protected resources. Purpose strings must clearly and completely describe the app's use of data and, in most cases, provide an example of how the data will be used. Next Steps Update the camera and photo library purpose string to explain how the app will use the requested information and provide a specific example of how the data will be used. See the attached screenshot. Resources Purpose strings must clearly describe how an app uses the ability, data, or resource. The following are hypothetical examples of unclear purpose strings that would not pass review: "App would like to access your Contacts" "App needs microphone access" See examples of helpful, informative purpose strings. I submitted my app to review, and got this review message. When you clcik on you profile picture, you can view it, or change it. When you decide to change it, the app need permission for camera or galler (depending on which one you select) For camera the request message is: ,, In order to take a picture or video, this app requires permission to access the camera" For gallery the request message is: ,, In order to upload data, this app requires permission to access the photo library." I was looking at the guidlines in here: https://developer.apple.com/design/human-interface-guidelines/privacy#Requesting-permission especially the ,,Example 2" unde the Requestion permission section. It seems to me, like I've got basically the same thing as is stated in the example, but the reviewers don't seem to like it. Any idea how I can make my permission requests compliant?

What Has Been Implemented Replaced the default loginwindow:login with a custom authorization plugin. The plugin: Performs primary OTP authentication. Displays a custom password prompt. Validates the password using Open Directory (OD) APIs. Next Scenario was handling password change Password change is simulated via: sudo pwpolicy -u robo -setpolicy "newPasswordRequired=1" On next login: Plugin retrieves the old password. OD API returns kODErrorCredentialsPasswordChangeRequired. Triggers a custom change password window to collect and set new password. Issue Observed : After changing password: The user’s login keychain resets. Custom entries under the login keychain are removed. We have tried few solutions Using API, SecKeychainChangePassword(...) Using CLI, security set-keychain-password -o oldpwd -p newpwd ~/Library/Keychains/login.keychain-db These approaches appear to successfully change the keychain password, but: On launching Keychain Access, two password prompts appear, after authentication, Keychain Access window doesn't appear (no app visibility). Question: Is there a reliable way (API or CLI) to reset or update the user’s login keychain password from within the custom authorization plugin, so: The keychain is not reset or lost. Keychain Access works normally post-login. The password update experience is seamless. Thank you for your help and I appreciate your time and consideration

Hi, I am developing an app that checks if Bluetooth is available on the device or not (does not actually use any Bluetooth capabilities). The only CoreBluetooth API's that I use are: CBCentralManager the state property of the CBCentralManager centralManagerDidUpdateState When I am testing, I experience different behaviors on my test devices. On an iPhone 15 iOS 18.5, the app works fine. However, on an iPhone 13 iOS 18.3.2, the app crashes with the following error: This app has crashed because it attempted to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSBluetoothAlwaysUsageDescription key with a string value explaining to the user how the app uses this data. Why is this permission required on my iPhone 13 iOS 18.3.2, but not my iPhone 15 iOS 18.5? Why do I experience different behavior on different iPhone configurations?

We are developing an IoT companion app that connects to the IoT device's Wi-Fi network and communicates with it through local network APIs. To support this functionality, we have: Added the necessary keys in the Info.plist. NSLocalNetworkUsageDescription , NSBonjourServices Used a Bonjour service at app launch to trigger the local network permission prompt. Problem on iOS 18.x (including 18.6 beta) Even when the user explicitly denies the local network permission, our API communication still works. This is unexpected behavior, as we assume denying permission should restrict access to local network communication. We tested this with the latest iOS 18.6 beta (as per Thread 789461021), but the issue still persists. This behavior raises concerns about inconsistent permission enforcement in iOS 18.x. Problem on iOS 17.x In iOS 17.x, if the user accidentally denies the local network permission and later enables it manually via Settings, the change does not take effect immediately. The app cannot access the local network unless the device is restarted, which results in a confusing and poor user experience. Expected Behavior If local network permission is denied, local API communication should be strictly blocked. If the permission is later enabled via Settings, the app should regain access without requiring a device restart. Request We request clarification and resolution on: Why local network APIs are accessible even when permission is denied on iOS 18.x. Whether the delayed permission update (requiring restart) in iOS 17.x is expected or a known issue. Best practices to ensure consistent and predictable permission handling across iOS versions.

Hi, I am developing an app that checks if biometric authentication capabilities (Face ID and Touch ID) are available on a device. I have a few questions: Do I need to include a privacy string in my app to use the LAContext's canEvaluatePolicy function? This function checks if biometric authentication is available on the device, but does not actually trigger the authentication. From my testing, it seems like a privacy declaration is only required when using LAContext's evaluatePolicy function, which would trigger the biometric authentication. Can you confirm if this is the expected behavior across all iOS versions and iPhone models? When exactly does the biometric authentication permission pop-up appear for users - is it when calling canEvaluatePolicy or evaluatePolicy? I want to ensure my users have a seamless experience. Please let me know if you have any insights on these questions. I want to make sure I'm handling the biometric authentication functionality correctly in my app. Thank you!

Hi everyone, My iOS app performs only a GET request to an external server to receive a JSON with configuration data (e.g., app settings). It does not send any personal data — it's a read-only request used only to adjust app behavior. Since the app only performs a GET request to the server and does not send any data from the user, no data is collected or stored. In App Store Connect > App Privacy, is it correct to select: "No, we do not collect data from this app"? Just want to confirm this is acceptable before submitting. Thanks!