When a user with iCloud+ has private relay enabled (at least on iPhones), they have a warning before visiting my web application, that "This website does not support secure connections and iCloud Private Relay cannot hide your connection from this website. If you continue and open "...", your IP address will be visible" (this is a translation from german, as I don't speak it). What should I do for my website to support Private Relay? It is an Angular application, that makes requests to Java Spring Boot backend.

Hi everyone, I work on a third-party SDK and am creating the privacy manifest and seek advice on how to fill out the "Describing data use in privacy manifests" section. NSPrivacyCollectedDataTypeLinked: Whether a data type is linked to user identity depends on how the SDK consumer is using it. The SDK supports identified users so data would be linked, but it also allows the use case for all users to be completely anonymous. NSPrivacyCollectedDataTypePurposes: For each data type, the reasons we collect the data also depends on how the SDK consumer is using it. For example, we collect product interaction, and this data could be used by SDK consumers for analytics or advertising or some other reason. The SDK has the ability to collect additional data, for example, emails and phone numbers, but only if the SDK consumer chooses to share this data. I assume we do not need to include this type of data in the privacy manifest since many SDK consumers will not be using this feature?

Xcode 15.0 iPhone15 iOS17.0 Simulator I created demo app with Privacy manifest defined NSPrivacyTracking to YES, and NSPrivacyTrackingDomains with specific domain (used CDTFA Tax Rate API as example and string value is ca.gov). However, after selecting Ask App not to Track on ATT dialog, URLSession was successed and got response from the domain. Is there any wrong on my implementation? or is this feature has not released yet?

Hi I have built framework that I distribute to other organization and they use it in their App. Since I ship the Fat framework (.framework) and not the .xcframework, does Fat framework(from Xcode 15) containing privacy manifest file will be supported? Or do I have to convert the fat framework to the xcframework in order to use privacy manifest file and also code signing? Thanks in the advance.

I'm developing a macOS app and I'm trying to access the microphone without directly triggering the default permission dialog. Instead, I've managed to programmatically open the System Settings, specifically the Privacy & Security -> Microphone section, allowing users to manually grant permission. However, there's an issue. Even after the user manually toggles on the microphone permission for my app in System Settings, the AVCaptureDevice.authorizationStatus(for: .audio) still returns .notDetermined. To clarify, I'm avoiding the use of AVCaptureDevice.requestAccess(for: .audio) because it prompts the default permission dialog. But when I do use it, the app correctly recognizes changes in permission status. The problem arises only when trying to detect permission changes made directly from the System Settings. Here is my code struct SystemSettingsHandler { static func openSystemSetting(for type: String) { guard type == "microphone" || type == "screen" else { return } let microphoneURL = "x-apple.systempreferences:com.apple.preference.security?Privacy_Microphone" let screenURL = "x-apple.systempreferences:com.apple.preference.security?Privacy_ScreenCapture" let urlString = type == "microphone" ? microphoneURL : screenURL if let url = URL(string: urlString) { NSWorkspace.shared.open(url) } } } private func requestMicrophonePermission(completion: @escaping (Bool) -> Void) { switch AVCaptureDevice.authorizationStatus(for: .audio) { case .authorized: print("authorized") completion(true) case .notDetermined: print("notDetermined") AVCaptureDevice.requestAccess(for: .audio) { granted in if granted { completion(granted) } else { completion(granted) } } case .denied, .restricted: print("denied") SystemSettingsHandler.openSystemSetting(for: "microphone") completion(false) @unknown default: print("unknown") completion(false) } } Thank you for reading this post!

Is it possible to add privacy manifests to SDKs which are built using older versions of Xcode? For our customers, we are required to build on and for older platforms. Most builds are done using Xcode 14.1 but some customer requests for maintenance may go back to Xcode 12 for compatibility reasons. Is there any documentation if privacy manifests can be added in a post-build step using Xcode 15 after building frameworks in older versions? Thanks, Nick

From this post, it is clear there was API as such to know if the FDA was granted or not. https://developer.apple.com/forums/thread/114452 But this post is 4 years old. I tried to find one that would ease my work, but to my surprise we are still there. So how an Application decide to know if FDA given then proceed, otherwise show a custom message/screen etc? Apple should expose and API in Terminal, Plist, Cocoa.

Hi everyone, I'm studying the changes in App Privacy. I'm interested in new rules for the SDKs. From the WWDC videos and Apple tutorials, I see that the privacy-impacting SDKs must have a code signature: A lot of aspects of how code signature works and how to make it are described in Verify app dependencies with digital signatures tutorial. However, I didn't understand how to implement code signatures for open-source SDK that are shipped in the form of the source files but not a prebuild framework. So, the app developers build the SDK in their environment. Please help to understand this aspect. Thanks!

Hello. We provide our software in the form of static libraries (.a) wrapped in xcframework. Therefore, the final app will not include the embed framework. In such a case, should the manifest content required for the library be written as part of the application's xcprivacy file? Or can I provide xcprivacy as part of the xcframework?

Hello, I am trying to simulate a keystroke inside a macOS application. Here is what i've done: let src = CGEventSource(stateID: CGEventSourceStateID.hidSystemState) let cmd_down = CGEvent(keyboardEventSource: src, virtualKey: 0x38, keyDown: true) let cmd_up = CGEvent(keyboardEventSource: src, virtualKey: 0x38, keyDown: false) cmd_down?.post(tap: .cghidEventTap) cmd_up?.post(tap: .cghidEventTap) macOS is asking me to allow my application on TCC accessibility. This is a global privilege and needs admin rights. And i want to avoid that. Is there an alternative to simulate a key stroke inside my application ? Thanks

Hi , I would like to know the data and its privacy details when a third party App uses APNS . What are the data required/stored on APNS Server from 3rd party App and user devices. How long the data resides in server ?. Are there any eviction/delete mechanism ?. Does the data encrypted at rest?.

Hello, It is possible to restrict access to Desktop or Documents folder with TCC for a given application in macOS Preferences. For example Terminal is not allowed to access Documents folder. But i have see it is possible to write files or to create directory from Terminal ! I don't understand this behaviour. Is there a particular reason ? Thanks

I am following the instructions at : https://developer.apple.com/documentation/xcode/installing-additional-simulator-runtimes. When I run sudo xcrun simctl runtime add "/Users/<user_name>/Downloads/iOS_17.0.1_Simulator_Runtime.dmg" I get an error : (1) Operation not permitted Accessing '/Users/<user_name>/Downloads/iOS_17.0.1_Simulator_Runtime.dmg' requires Security & Privacy approval. I get the same error even if Xcode in the Applications folder or the Downloads folder. If the .dmg is mounted or not. How can grant access to the .dmg ?

Hello everyone, I'm looking for guidance on creating a custom detection pattern for UIPasteboard. I've come across the init(rawValue: String) method in the UIPasteboard class documentation, which seems related to this, but I'm unsure about its usage. [https://developer.apple.com/documentation/uikit/uipasteboard/detectionpattern] Specifically, I want to implement a custom detection pattern using a regex. Can someone please provide insights or examples on how to achieve this? Thank you in advance for your help! :)

I have an app that installs an endpoint system extension, and I have the app notarized. I can install the endpoint system extension and enable Full Disk Access fine on Ventura, Apple Silicon Sonoma, Apple Silicon But I cannot enable Full Disk Access on Ventura, Intel In System Settings, when I try to slide toggle switch on to enable full disk access, the toggle slides right back to off. In previous development versions, I could enable Full Disk Access on the Intel machine. Any idea why I cannot enable Full Disk Access on Ventura/Intel for my endpoint system extension in my notarized app? One additional observation, the name displayed in the Full Disk Access section is different between the Apple Silicon and Intel Macs. On Apple Silicon, only the final part of the Bundle ID is shown in Full Disk Access: endpointagent On Intel, the full Bundle ID is shown: com.MyCompany.MyApp.endpointagent Don't know if it matters, but I thought I'd point that out.

Hi! After over a year published in the App Store and with all 5-star ratings, my free, ad-free and open source app has been rejected this week during a routine bugfix update (literally a 1-line change in the code). The reviewer claims my app breaks this rule: (ix) Apps that provide services in highly regulated fields (such as banking and financial services, healthcare, gambling, legal cannabis use, and air travel) or that require sensitive user information should be submitted by a legal entity that provides the services, and not by an individual developer. Apps that facilitate the legal sale of cannabis must be geo-restricted to the corresponding legal jurisdiction. All my app does is use an open, public and free API offered by an investment firm in my country that allows their customers to access their account data programatically. This allows them to integrate things like their account balance or history in spreadsheets, websites, widgets, etc. For instance, people are already using Scriptable to create homescreen widgets that show their live balance in the homescreen. You just log in to the official firm's website, generate a personal token, and then input that token in whichever app/spreadsheet you want in order to make the corresponding HTTP requests. Now, my app does NOT collect any data whatsoever. When you open it, the app fetches your account data from these GET (read-only) endpoints and shows it to you with a nice presentation, including pleasant interactive charts that users really like. But the data only lives in memory, and as soon as you exit the app, it's all gone. No account creation, no data collection, no data storage, nothing. Zero. It's like sending a Postman request, but having the response plotted in nice charts for you. That's all. The ONLY thing that can (optionally) be stored locally in your device is your access token, so you don't have to copy and paste it every time you open the app. And it is securely encrypted in your iPhone and protected biometrically. That's it. The reviewer claims that, because my app presents sensitive financial information to the user, it must be published directly through the official company account of the investment firm, not by me. But isn't that what hundreds of popular banking/brokerage aggregators do? They just use read-only, open APIs to consolidate all your positions across banks/broker accounts, then present it to you in a single place. I understand these apps are not breaking any rules, right? So how is my app different? Am I missing something? To add to this, the investment firm is well aware of the existence of my app, and they not only approve of it, but are highly supportive and have encouraged me to continue improving it, as it shows the kind of things that are possible with their API. They've repeatedly helped me solve technical doubts whenever I've had any issues. So this is really a win-win for everyone and there's zero conflicts here. Do you think the reviewer is right? Or is he misinterpreting the policy? My impression is that the policy is aimed at apps that COLLECT sensitive data, not those who just PRESENT it to the user. But even though I've tried to explain this to him, he won't budge. What options do I have? Just to be clear, my app doesn't offer "financial services" of any kind on top of this. It simply shows you the same information you can see in the raw JSON that the API returns, or in the official app/website, but in a nicer format. It's clean, aseptic, unadulterated data, without any commercial business behind it. No offering or soliciting of any other products, just a pure and clean presentation of the data. Any advice would be greatly appreciated, as I'd like to get a second opinion before sending a FOURTH reply to the reviewer. I'd hate having to make my app an Android exclusive because of a simple policy misinterpretation :(

Hello, There is something i do not understand about TCC: I have allowed Terminal app to Full Disk Access. I was able to open my current user's TCC.db file with sqlite3 from terminal. I was able to delete entries in access table with sqlite3. I had no errors, but these changes haven't been applied. My question is why was I able to modify TCC.db file ? Is there a specific thing to do to flush privileges ? I have a second question: When an application fires an NSOPenDialog on a cocoa application, the selected file access rule bypasses TCC. This is normal because this is an intent from user. But this file access seems to be stored somewhere because if i reboot computer, my cocoa application can read this file again, without NSOpenDialog opening. I have tried to look in current user's TCC.db file but i did not found anything. My question is: where is this information stored ? Thanks

According to upcoming privacy manifest document, NSUserDefaults is only allowed for a use for the app itself. It is serious for developers who makes App Extensions. https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api CA92.1 Declare this reason to access user defaults to read and write information that is only accessible to the app itself. This reason does not permit reading information that was written by other apps or the system, or writing information that can be accessed by other apps. Developers, please submit a request to add the permission of App Group. https://developer.apple.com/contact/request/privacy-manifest-reason/

stat() is in the "Required Reason API" list. https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api I do not use stat() in my app, but I use assembler instruction to invoke stat system call. And for a security purpose, I use its return value to check existence of some files and directories outside the app container. I use system call instead of API for a security reason. Q. Do I have to declare that my app uses "Required Reason API"?

My app iterates over all folders on disk and queries metadata of each folder. After Sonoma was released, a bunch of users (but not all) complained that the app has become very slow or stalls indefinitely while performing the scan. I have narrowed down that the delay occurs in POSIX open() function, and the folders it stalls on are folders inside ~/Library/Containers and ~/Library/Group Containers, which store data of sandboxed apps. My app is not sandboxed itself, and the problem doesn't happen on all Macs, only on a subset of Macs. I read it in WWDC transcripts that in macOS Sonoma, Apple has introduced additional privacy access control to these particular folders, and my guess is that the delays and stalling are related to this new macOS feature. Is anyone else is experiencing this problem? Can I do something to work around this problem? Or is this a bug of macOS Sonoma and I should report it to Apple?