Network privacy permission check

Agree. Without the authorization status API, my customer will complain about the hardware device connectivity issue, reply negative comment at online store, or sales return. We will never know the actual issue is the customer disable the local network access, by mistake, or forgot, or on purpose.

If you have a case where you'd like to know if your app doesn't have permission, can you describe it? Is this for using Bonjour, or a direct connection use case?

Hi Frameworks engineer! I have an app in the store which is used to control Sony's line of mirrorless and point and shoot cameras. The whole app requires this permission:

1. We need to send UDP messages on the local network (rather, the camera's network) and receive them from the camera for device discovery.

2. Once the device is discovered to control it we need to setup a socket connection (PTP/IP control) or communicate with a http API on the camera's network.

All of this is an absolute nightmare if we have to factor in this new permission, especially as lots of these APIs send errors in different ways, and in some cases URLSession errors which don't even explicitly say that the issue is local network permissions as others have pointed out!

If you have a case where you'd like to know if your app doesn't have permission, can you describe it? Is this for using Bonjour, or a direct connection use case?

I have an app that should connect to device AP to provision it via HTTP/HTTPS.
While iOS reconnects from home to device AP NSURLErrorNotConnectedToInternet error are quite expected. With existing API there is no way to distinguish "still connecting" and "no permission" state.

• 1... I am also in need for a permissions API. I have an app that controls Hue lights, and if the user revoked permission or never granted it, the app needs to be able to communicate this to the user. The absence of such an API is not only not in line with other permission APIs existing, it also means that we cannot inform our users about the actual issue nor give him information about how to work around it!

Generic errors like having no internet connections are not sufficient! A blocked local network access is a third state and must be indicated.

I agree that certain bad behaving apps need to get treated properly, but this is again a new API (background geofencing was the other) that is missing proper handling for certain valid cases. If you choose to add limited permissions, please work through all possible cases, and more importantly, please add and modify necessary functions BEFORE the golden master. That would be really helpful!

• 1... I am also in need for a permissions API. I have an app that controls Hue lights, and if the user revoked permission or never granted it, the app needs to be able to communicate this to the user. The absence of such an API is not only not in line with other permission APIs existing, it also means that we cannot inform our users about the actual issue nor give him information about how to work around it!

Generic errors like having no internet connections are not sufficient! A blocked local network access is a third state and must be indicated.

I agree that certain bad behaving apps need to get treated properly, but this is again a new API (background geofencing was the other) that is missing proper handling for certain valid cases. If you choose to add limited permissions, please work through all possible cases, and more importantly, please add and modify necessary functions BEFORE the golden master. That would be really helpful!

In my opinion, you REALLY need to add an API where developers can query the status of the Local Network permission. Otherwise it is near impossible to make a good user experience, particularly considering that the access can be revoked at a later time. NSURLSession only returns the error code -1009 "The Internet connection appears to be offline.”, and if that occurs, how should we handle that?

Also, your logic now assumes that permission should be granted at the time the request is sent, but what if you need to ask for permission in advance? For example, let’s say an app needs to send a WakeOnLan packet to a LAN device, not now, but at a later time, how should the app handle that?

As an example, our application uses Bluetooth LE to communicate with sensors and when those sensors are triggered the app is then woken up (In the background) to forwards commands to Smart Home devices on the LAN (such as Philips Hue lights). Since this happens in the background iOS will not display a permission dialog, so the user will not be able to allow permission. The app will not know, at this time, if the request failed due to lack of permission or if the iOS device is not connected to the LAN.

We can not be expected to always display an error notification saying “You either have no internet connection or you don’t have Local Network permission.”. That would be a terrible user experience!

Lastly, the fact that you do have the option to both ask for, and check, permissions on other API’s clearly shows that Apple knows that it is needed. Just look at AVCaptureSession and CLLocationManager.

If you can find places where this isn’t the case, we’d love to know about it!

When we need to discover another service, to get the domain name and port to use rest API. We haven't error from

Code Block 
NetServiceBrowser.searchForServices

Only no service found, while we are on the local network.
In this case we can't know if we haven't services or permission and an API is needed to know the state of the local network permission.

Especially that this access is critical to our app.

Yes, what is an app supposed to do if its entire functionality is dependent upon local network access, and the user inadvertently turned off the access permission? All other access permissions (Photos, Notifications, etc.) have API that allow an app to query the permission status.

@Frameworks Engineer We have apps that configure household appliances through local calls, if the user does not approve they will never be able to configure the appliance.
without an API that tells us that the user hasn't approved how do we block the user and tell him he can't continue?

I think the (current) "best" answer is that we need to move to NWBrowser:

https://developer.apple.com/forums/thread/658103

To Frameworks Engineer:
Without an api telling me the user doesn't want the app to use local calls how do we give an alternative or block the flow?
Our app enroll appliances connecting to hotspot and send an http request to local webserver,
and the app get machine status with local calls.

Thank you

Another heavy +1. We need an API to check the authorization as well. To demonstrate the importance, the problem can be seen with Apple’s own Remote application. If the user refuses the authorization, then the Apple Remote app does not work either.

A question to Apple: How are you going to handle this in your own Remote application?

To Frameworks Engineer:
Without an api telling me the user doesn't want the app to use local calls how do we give an alternative or block the flow?
Our app enroll appliances connecting to hotspot and send an http request to local webserver,
and the app get machine status with local calls.

Thank you

To Frameworks Engineer:

• 1 to add API to get local network permission status otherwise there is no way to distinguish the NSURLSession not connect to internet error is caused by user authorization or real network issue!

1. +1 for an authorization status request.

2. Also need a method to trigger the system request to the user (i.e. don't rely on an access attempt to trigger the user request alert). MPMediaLibrary, CLLocationManager and EKEventStore all provide this.