I want to use the Apple Healthkit data to recommend personalised insurance. Is this allowed? As I have read in the documentation that the Apple Healthkit data can only be used for fitness and health purposes. Anyone knows what is meant / scope of "fitness and health purposes"? Will personalised insurance as per health data be allowed under this category?

I'm trying to detect the state of Local Network privacy on macOS Sequoia via NWBrowser, as recommended in https://developer.apple.com/documentation/technotes/tn3179-understanding-local-network-privacy Regardless of the state of Local Network privacy - undetermined, allowed or denied, NWBrowser receives an update indicating that its in the ready state. Scanning does not seem to trigger the Local Network privacy alert for me - I have to use the other recommended method to trigger the prompt. Enabling or disabling Local Network privacy does not seem to send any updates for NWBrowser. https://developer.apple.com/forums/thread/666431 seems related, and implies that they did receive further updates to NWBrowser. Filed as FB16077972

On macOS 15, if a program installed in /Applications is allowed to connect to a PostgreSQL server on another machine on the local network, a program launched in debug mode from Xcode is not allowed to connect to the local network, and no prompt appears. Although it is possible to turn off registered programs in Local Network Privacy in Beta 2, permissions for programs launched from Xcode cannot be obtained at all. Does anyone know how to solve this problem?

AFAIU a new screen capture notification was added within the Control Center in Sequoia 15.2, see attached examples: My question is whether there is some way to suppress this notification preferably via an MDM configuration profile. See also https://discussions.apple.com/thread/255886645?sortBy=rank for more information. Thanks, Doron.

hey everyone.!! In one of my macOS projects I am trying to fetch the files and folders available on "Desktop" and "Document" folder and trying to showing it on collection view inside the my project, but when I try to fetch the files and folder of desktop and document, I am not able to fetch it. But if i try it by setting the entitlements False, I am able to fetch it. If any have face the similar issue, or have an alternative it please suggest. NOTE:- I have tried implementing it using NSOpenPanel and it works, but it lowers the user experience.

Hello, in Appstore Connect, it is expected to declare the collected data types. However, there is something that is pretty confusing, namely the definition of "Data Collection". According to the form: Data Collection Thanks for helping users understand your app's privacy practices. Remember that you're responsible for any third-party code that is added to your app, so if your third-party partners collect data from your app, you must represent that in your responses. “Collect” refers to transmitting data off the device in a way that allows you and/or your third-party partners to access it for a period longer than necessary to service the transmitted request in real time. ..... What does the point "longer than necessary" refer to? Obviously, my app is storing data of user to "function". My understanding is, storing data for functionality doesn't mean collecting data. Is this correct? Thank you.

I am in need of assistance with sandboxing the riot games client and game league of legends. I originally played on a vm from linux but after the change to the incredibly intrusive rootkit malware vanguard. I cannot play from a vm or at least it would be difficult, if this route of containerizing it on mac proves to be more difficult (which wouldn't make sense) then I will go back to spoofing the a vm to not look like a vm. This is even more infuriating because I almost exclusively play Team Fight Tactics in which there is zero cheating and cheating would give a player zero advantage. I decided I would try the Mac version of the game but apple does not sandbox applications at all like flatpak and flatseal from linux. The game has access to my entire system and can read and write to my home directory. This is a massive security risk. I originally tried checking the system settings privacy and security section but the application was not listed anywhere nor was it given access on any of the sections listed. I checked both user local and global tcc.dbs and neither had records that gave the game or client any privileges. This was concerning because tcc.db appears to be the only user facing way of managing permissions that you would think would be a bare minimum baseline and yet the game and client have full access to my system and those permissions are listed nowhere and are given no where. Ie. the default is just to let it do as it pleases even though its a game that only thing it needs to render to the screen. MacOS should properly fix this and implement proper sandboxing of applications like flatpak. I then began building a configuration scheme for sandbox-exec seeing as it was the last opportunity to correctly contain the application to only have the permissions it needs. I carefully crafted the config but it fails just as simply allowing all with allow default... (version 1) (allow default) I run the application with the following command: sandbox-exec -f ~/config.sb "/Users/Shared/Riot Games/Riot Client.app/Contents/MacOS/RiotClientServices" Below are some of the errors produced from running the client sandboxed. 00:44:09.819 (SplashScreenManager) Displaying splash screen from default-splash.html for 2000ms 00:44:09.825 app.isPackaged true 00:44:09.842 Loading page from http://127.0.0.1:51563/index.html sandbox initialization failed: Operation not permitted Failed to initialize sandbox.[0102/004409.953876:ERROR:exception_snapshot_mac.cc(139)] exception_thread not found in task [0102/004409.954838:ERROR:process_reader_mac.cc(309)] thread_get_state(4): (os/kern) invalid argument (4) [0102/004409.954852:ERROR:process_reader_mac.cc(309)] thread_get_state(4): (os/kern) invalid argument (4) [0102/004409.955178:WARNING:process_reader_mac.cc(532)] multiple MH_EXECUTE modules (/usr/libexec/rosetta/runtime, /Library/Apple/usr/libexec/oah/libRosettaRuntime) [0102/004409.955364:WARNING:process_reader_mac.cc(532)] multiple MH_EXECUTE modules (/usr/libexec/rosetta/runtime, /Users/Shared/Riot Games/Riot Client.app/Contents/Frameworks/Riot Client.app/Contents/Frameworks/Riot Client Helper (Renderer).app/Contents/MacOS/Riot Client Helper (Renderer)) [0102/004410.111422:ERROR:exception_snapshot_mac.cc(139)] exception_thread not found in task [4607:0102/004415.168524:ERROR:gpu_process_host.cc(991)] GPU process exited unexpectedly: exit_code=6 [4607:0102/004415.187770:ERROR:network_service_instance_impl.cc(521)] Network service crashed, restarting service. 00:44:15.215 Renderer process has unexpectedly crashed or was killed: crashed (6) { reason: 'crashed', exitCode: 6 }

I am currently developing a macOS application that listens for system-wide mouse clicks to simulate typing with user-provided text. The app requires Accessibility permissions to function properly, and I want to ensure compliance with Apple’s latest privacy and security guidelines. The app listens to global mouse clicks. It simulates keyboard input with user-provided text I would like detailed guidance on the following aspects: What specific entitlements are required to allow system-wide mouse click monitoring and simulating user input ? App Sandbox enable or disable? what keys required to explain global mouse click monitoring and keyboard input simulation in the info.plist What will be the configuration of Privacy Manifest

I am developing apps using NWJS framework, which access devices on the local network. I am doing this on Sequoia on Macos (Desktop). I have developed other apps using NWJS before, but on earlier versions of Macos. My issue is, I am unable to give my app permission to app to access devices on local network on one of the apps. Some background: Other apps which I have used which access devices on the local network, on first-time launching, have given a prompt asking me if I want to allow or deny access to local device for the app. However, on first-time launching (and many others after that), It simply says the device cannot be reached, and I never get a prompt asking me if I want to allow or deny access to local device for my app. In its barebones proof-of-concept stage of my app, I have an iframe who's src attribute is the IP address of a device known on the network with that address. I have tried the protocol https://192.168.1.99 and http://192.168.1.99 in the src attribute. This protocol works in another app I have built where upon first-time launch, I was able to get a prompt and give it the needed permission. If I check in System Settings > Privacy and Security > Network, the app doesn't appear where I can toggle a setting. I also am unable to explicitly add my app to the list. ** This worked for one app, but not another: In researching this issue, it was recommended that I add the following keys in info.plist: com.apple.developer.networking.multicast - boolean true NSLocalNetworkUsageDescription - string description NSNearbyInteractionUsageDescription - string description This worked for one of my apps, but not another, which has a nearly identical structure. In fact, other than CFBundleIdentifier, CFBundleDisplayName and CFBundleName, info.plist is identical. Why did this work one time, and how can I get my app to prompt for permission for local network access?

I'm referring to the use of a "settings bundle" plist to cause the main Settings app to display your app's preferences which the app can then read via NSUserDefaults, as described here: https://developer.apple.com/library/archive/documentation/Cocoa/Conceptual/UserDefaults/Preferences/Preferences.html#//apple_ref/doc/uid/10000059i-CH6 I am wondering if this is actually deprecated, or something. I ask because, (1), it still has the high-quality old-style documentation, and (2) there doesn't seem to be a "required reason API" code for using it. Specifically, the NSUserDefaults required reason API codes are CA92.1 : "This reason does not permit reading information that was written by other apps or the system" 1C8F.1 : "This reason does not permit reading information that was written by apps, app extensions, or App Clips outside the same App Group or by the system." C56D.1: "...third-party SDK..." - nope. AC6B.1: "... com.apple.configuration.managed ..." - nope. None of the codes permit reading preferences that have been set by the Settings app using this method.

I've made a simple command line app that requires Screen recording permission. When I ran it from Xcode, it prompts for a permission and once I allowed it from the settings, it runs well. #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <CoreGraphics/CGDisplayStream.h> int main() { printf("# Start #\n"); if (CGPreflightScreenCaptureAccess()) { printf("# Permitted.\n"); } else { printf("# Not permitted.\n"); if (CGRequestScreenCaptureAccess() == false) { printf("# CGRequestScreenCaptureAccess() returning false\n"); } } size_t output_width = 1280; size_t output_height = 720; dispatch_queue_t dq = dispatch_queue_create("com.domain.screengrabber", DISPATCH_QUEUE_SERIAL); CGError err; CGDisplayStreamRef sref = CGDisplayStreamCreateWithDispatchQueue( 1, output_width, output_height, 'BGRA', NULL, dq, ^( CGDisplayStreamFrameStatus status, uint64_t time, IOSurfaceRef frame, CGDisplayStreamUpdateRef ref ) { printf("Got frame: %llu, FrameStatus:%d \n", time, status); } ); err = CGDisplayStreamStart(sref); if (kCGErrorSuccess != err) { printf("Error: failed to start streaming the display. %d\n", err); exit(EXIT_FAILURE); } while (true) { usleep(1e5); } CGDisplayStreamStop(sref); printf("\n\n"); return 0; } Now I want to execute this from terminal, so I went to the build folder and typed the app name. cd /Users/klee/Library/Developer/Xcode/DerivedData/ScreenStreamTest-ezddqbkzhndhakadslymnvpowtig/Build/Products/Debug ./ScreenStreamTest But I am getting following output without any prompt for permission. # Start # # Not permitted. # CGRequestScreenCaptureAccess() returning false Error: failed to start streaming the display. 1001 Is there a something I need to consider for this type of command line app?

Hello Developers, I have ran into a problem while sending mail to apple private relay email. We have built a mobile application where user can sign up through apple and they can sign up using hide-my-email feature. Which provides private relay address for us. Now we want to communicate with them using private relay mail address. The technology we are using to send emails are amazon SES, have done SPF, DMIK, DMARC and added domains in apple identity services for mail communication, passed an SPF check as well. But still mail is not getting delivered what am i doing wrong or apple doesn't support third party apps for sending emails to private relay? Is there any other way to achieve this please let me know Using the same body as attached in image is working fine for rest emails.

Hello, we have received a crash report from AppStore connect / Xcode, TCC_CRASHING_DUE_TO_PRIVACY_VIOLATION on an iPhone 12 Pro running iOS 18.1 (unfortunately, we don't know the user and how did they get the crash) The log mentions NSPhotoLibraryAddUsageDescription, but we are not using photo library in any shape or form, do we still need to include this key in Into.plist? And what do we put there? Thanks! Full log will not fit here, but here is a about half of it, with parts that mention crash (Thread 7), PhotoLibraryServicesCore, PHPerformChangesRequest determineAuthorizationStatusForChanges (Thread 4) and Binary Images, including /System/Library/Frameworks/Photos.framework/Photos /System/Library/PrivateFrameworks/PhotoLibraryServicesCore.framework/PhotoLibraryServicesCore (not sure why are they there) Incident Identifier: 5AFB7CCF-ECEC-40E1-AF71-02799924BC8C Distributor ID: com.apple.AppStore Hardware Model: iPhone13,3 Process: Polynomials [8291] Path: /private/var/containers/Bundle/Application/168A2A15-821B-414A-84B6-43C5184E5B59/Polynomials.app/Polynomials Identifier: com.graphmath.PolynomialsSbS Version: 5.1 (16) AppStoreTools: 16C5031b AppVariant: 1:iPhone13,3:18 Code Type: ARM-64 (Native) Role: Foreground Parent Process: launchd [1] Coalition: com.graphmath.PolynomialsSbS [2383] Date/Time: 2024-12-10 05:23:26.6944 +0200 Launch Time: 2024-12-10 05:16:45.7989 +0200 OS Version: iPhone OS 18.1 (22B5069a) Release Type: Beta Baseband Version: 5.10.01 Report Version: 104 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: TCC 0 This app has crashed because it attempted to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSPhotoLibraryAddUsageDescription key with a string value explaining to the user how the app uses this data. Triggered by Thread: 7 ... Thread 3: ... 9 UIKitCore 0x000000018dac114c closure #2 in InProcessAnimationManager.startAdvancing(_:) + 156 (InProcessAnimationManager.swift:900) 10 UIKitCore 0x000000018d5cd118 thunk for @escaping @callee_guaranteed @Sendable () -> () + 36 (:0) 11 Foundation 0x00000001898296c8 NSThread__start + 724 (NSThread.m:991) 12 libsystem_pthread.dylib 0x000000021304937c _pthread_start + 136 (pthread.c:931) 13 libsystem_pthread.dylib 0x0000000213044494 thread_start + 8 Thread 4 name: Thread 4: 0 libsystem_kernel.dylib 0x00000001daf24604 semaphore_wait_trap + 8 1 libdispatch.dylib 0x000000019288466c _dispatch_sema4_wait + 28 (lock.c:139) 2 libdispatch.dylib 0x0000000192884d20 _dispatch_semaphore_wait_slow + 132 (semaphore.c:132) 3 PhotoLibraryServicesCore 0x00000001a37cde70 -[PLPrivacy _checkAuthStatusForPhotosAccessScope:preflightStatus:promptIfUnknown:resultHandler:] + 532 (PLPrivacy.m:554) 4 PhotoLibraryServicesCore 0x00000001a37cd9e0 __87-[PLPrivacy _isPhotosAccessAllowedWithScope:promptIfUnknown:synchronous:resultHandler:]_block_invoke + 240 (PLPrivacy.m:587) 5 libdispatch.dylib 0x00000001928840d0 _dispatch_client_callout + 20 (object.m:576) 6 libdispatch.dylib 0x0000000192893750 _dispatch_lane_barrier_sync_invoke_and_complete + 56 (queue.c:1104) 7 PhotoLibraryServicesCore 0x00000001a37c2c44 -[PLPrivacy _isPhotosAccessAllowedWithScope:promptIfUnknown:synchronous:resultHandler:] + 156 (PLPrivacy.m:582) 8 PhotoLibraryServicesCore 0x00000001a385af74 -[PLPrivacy checkPhotosAccessAllowedWithScope:] + 136 (PLPrivacy.m:608) 9 Photos 0x00000001a2b99854 -[PHPerformChangesRequest determineAuthorizationStatusForChanges] + 52 (PHPerformChangesRequest.m:417) 10 Photos 0x00000001a2c59a78 __102-[PHPhotoLibrary _performCancellableChanges:withInstrumentation:onExecutionContext:completionHandler:]_block_invoke + 80 (PHPhotoLibrary.m:2044) ... Thread 7 Crashed: 0 libsystem_kernel.dylib 0x00000001daf36ec4 __abort_with_payload + 8 1 libsystem_kernel.dylib 0x00000001daf56bec abort_with_payload_wrapper_internal + 104 (terminate_with_reason.c:102) 2 libsystem_kernel.dylib 0x00000001daf56c20 abort_with_payload + 16 (terminate_with_reason.c:124) 3 TCC 0x00000001ada4eb10 TCC_CRASHING_DUE_TO_PRIVACY_VIOLATION + 172 (TCC.c:579) 4 TCC 0x00000001ada4a210 ___tcc_server_send_request_authorization_block_invoke_3 + 124 (tcc_server.c:322) 5 TCC 0x00000001ada4e230 __tccd_send_message_block_invoke + 624 (TCC.c:0) 6 libxpc.dylib 0x00000002130adc40 _xpc_connection_reply_callout + 116 (serializer.c:119) 7 libxpc.dylib 0x00000002130a0390 _xpc_connection_call_reply_async + 80 (connection.c:894) 8 libdispatch.dylib 0x0000000192884150 _dispatch_client_callout3 + 20 (object.m:602) 9 libdispatch.dylib 0x00000001928a1b2c _dispatch_mach_msg_async_reply_invoke + 340 (mach.c:3102) 10 libdispatch.dylib 0x0000000192896f98 _dispatch_root_queue_drain_deferred_item + 336 (queue.c:7291) 11 libdispatch.dylib 0x00000001928967cc _dispatch_kevent_worker_thread + 500 (queue.c:6764) 12 libsystem_pthread.dylib 0x0000000213047cb4 _pthread_wqthread + 344 (pthread.c:2702) 13 libsystem_pthread.dylib 0x0000000213044488 start_wqthread + 8 Binary Images: ... 0x1a2b1e000 - 0x1a2e98fff Photos arm64e <286e53b489dc3526809cde731d193edd> /System/Library/Frameworks/Photos.framework/Photos 0x1a37bf000 - 0x1a38d8fff PhotoLibraryServicesCore arm64e <2ef5261171363f638de0424b4a0ad257> /System/Library/PrivateFrameworks/PhotoLibraryServicesCore.framework/PhotoLibraryServicesCore 0x1ada46000 - 0x1ada5dff0 TCC arm64e <8d07479816c73b24a7cc13b7e3f6f361> /System/Library/PrivateFrameworks/TCC.framework/TCC 0x1d6b63000 - 0x1d6b6bfff GraphicsServices arm64e /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices ...

Hey Devs, Do we have any possibility to make the apps hidden or move them to hidden folder(in iOS 18) programmatically?

Hi all, I received the following email from Apple: ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/share_plus.framework/share_plus”, which includes share_plus, an SDK that was identified in the documentation as a privacy-impacting third-party SDK. Starting February 12, 2025, if a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests I use Share Plus version 7.2.2 which does not have privacy manifest file yet but I am currently unable to upgrade it to a newer version since it would then bring a restriction that I should start using Dart version 3 where I am not there yet considering my other dependencies! So I am wondering what options I have... Will Apple accept my app's new submission if I add this manifest file to my project itself rather than it is being presented in the third-party SDK? Or what else can I do, please?

I cannot find anything documentation re: isPrivacySensitiveAlbum. I've granted my app access to all photos. Not sure what else to try Code that triggers the crash: let options = PHFetchOptions() options.fetchLimit = 1 let assetColl = PHAssetCollection.fetchAssetCollections(withLocalIdentifiers: [localId], options: options) if assetColl.count > 0 { if let asset = PHAsset.fetchKeyAssets(in: assetColl.firstObject!, options: options) stack trace from here on `2023-04-15 06:34:41.628537-0700 DPF[33615:6484880] -[PHCollectionList isPrivacySensitiveAlbum]: unrecognized selector sent to instance 0x7ff09232aec0 2023-04-15 06:34:41.632378-0700 DPF[33615:6484880] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[PHCollectionList isPrivacySensitiveAlbum]: unrecognized selector sent to instance 0x7ff09232aec0' *** First throw call stack: ( 0 CoreFoundation 0x00007ff80045478b __exceptionPreprocess + 242 1 libobjc.A.dylib 0x00007ff80004db73 objc_exception_throw + 48 2 CoreFoundation 0x00007ff8004638c4 +[NSObject(NSObject) instanceMethodSignatureForSelector:] + 0 3 CoreFoundation 0x00007ff800458c66 ___forwarding___ + 1443 4 CoreFoundation 0x00007ff80045ae08 _CF_forwarding_prep_0 + 120 5 Photos 0x00007ff80b8480e1 +[PHAsset fetchKeyAssetsInAssetCollection:options:] + 86 6 DPF 0x0000000100791029 $s3DPF16AlbumListFetcherV22loadKeyImageForLocalIdySo7UIImageCSgSSYaFTY0_ + 569`

I am a complete newbie when it comes to Swift and MacOS development. So apologies, I don't even know what is the right thing to search for. I have an app which uses ScreenCaptureKit. I had a preview working which showed the different windows available, it initially required me to give my app permissions for screen and system audio recording which I did. However now whenever I rebuild the app it asks for permission again and fails - despite the permission already being given.

I am a new developer working to publish an app that includes a location tracker but does not collect user location data. I lam developing my app using Thunkable. My initial submission was rejected because opening the app triggered the error message: "This app is missing "NUserTrackingDescription so tracking transparency will fail. Ensure that this key exists in app's info.plist" However when I add in the NUserTrackingDescription it triggers a process by which I have to notify users that their location data is being collected, which is not the case. I am looking for advice on how to re-submit my app with the correct privacy settings that do not trigger the error message received previously.

Hi, I'm trying to set up automated backups on my machine using a combination of restic, a wrapper script, and a launchd agent, but I think I'm hitting a problem with the local network privacy dialogue. Basically, the script sets up the environment variables for Restic, which then tries to backup to a local REST server. Problem is, when trying to do that, I get the following error: Fatal: unable to open config file: Head "https://X:X@X.X.X.network:8000/X/X.X.X.network/config": dial tcp 192.168.50.229:8000: connect: no route to host So it resolves DNS just fine, but can't connect to the local server. I tried a couple of things, tools such as ping work and can ping the local server, but nothing I do fixes the issue with restic itself. After reading about the network privacy feature, which I loved by the way, I believe it's the culprit here. This is the .plist file I'm using, which lives in ~/Library/LaunchAgents/com.james.local-backup.plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.james.local-backup</string> <key>ProgramArguments</key> <array> <string>/Users/james/.local/bin/replicator</string> <string>--backup</string> <string>rest:https://X.X.X.network:8000/X/X.X.X.network</string> </array> <key>EnvironmentVariables</key> <dict> <key>PATH</key> <string>/opt/homebrew/opt/coreutils/libexec/gnubin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string> <key>XDG_CONFIG_HOME</key> <string>/Users/james/.config</string> </dict> <key>StartCalendarInterval</key> <dict> <key>Hour</key> <integer>13</integer> <key>Minute</key> <integer>0</integer> </dict> <key>StandardErrorPath</key> <string>/tmp/com.user.backup.err</string> <key>StandardOutPath</key> <string>/tmp/com.user.backup.out</string> <key>ProcessType</key> <string>Background</string> </dict> </plist> The local network dialogue never shows up, so I can't give the wrapper script or restic access to the local network, which I assume is why it can't connect to the local server. Any way I can solve this? I could build a proper Swift CLI that calls restic, but I assume I'd hit the same issue. Plus, it seems overkill for my needs.

I have a command line app under active development in XCode. It is based on receiving multicast traffic and processing it. I generate this traffic with another app, and generally just leave it running. When I do a build and run in XCode, I get a message asking me for Local Access. If I click yes, no network traffic will be received. I need to restart the command line tool multiple times until I get access. I'm also getting a ton of repeated entries in my Setting-&gt;Privacy-&gt;Local Access. If I configure xcode to launch with terminal, it does work, but that's not a great solution because of the external window (and the fact that I have terminal set "close if exit cleanly", so I lose my data. I can change that setting, but it is fairly inconvenient, and I don't get the console history in XCode. Is there a way to allow my apps to run from xcode without the pop-up or with the delay in activating the network and creating new entries in the Settings? Thanks!