I think I remember that requesting certain types of information / privacy-related access requires that the phone have a pin? Maybe location services? Anyway, is there a way for an app to require that a phone have a pin for the app to work?

Yesterday, OpenSSH disclosed a critical RCE vulnerability that affects all instances of OpenSSH and released a patch to fix this vulnerability. As a result, do we have any official word from Apple as to when this vulnerability will be fixed? This weakness exposes every macOS device without a strict firewall configured. Reading Link: https://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html

Title: Loss of Internet Connectivity on iOS Device When Packet Tunnel Crashes Feedback ticket: https://feedbackassistant.apple.com/feedback/14162605 Product: iPhone 12 Version: iOS - 17.5.1 Configuration: NETunnelProviderManager Configuration Description: We are developing an iOS VPN client and have configured our packet tunnel provider according to Apple's guidelines. The configuration is as follows: includeAllNetworks = YES excludeLocalNetworks = NO enforceRoutes = NO This setup works as expected when the VPN successfully connects. However, we encounter a blocker issue where the device loses internet connectivity if the packet tunnel crashes. Steps to Reproduce: Configure the NETunnelProviderManager with the above settings. Connect the VPN, which successfully establishes a connection. Verify that resources are accessible and internet connectivity is functional. Packet tunnel to crash unexpectedly.Observe that the NE process (Packet Tunnel) restarts automatically, as expected and attempts to reconnect the VPN; however, the device now lacks internet connectivity, preventing VPN reconnection. Try accessing resources using Safari or any other internet-dependent app, resulting in an error indicating the device is not connected to the internet. Actual Results: The device loses internet connectivity after the packet tunnel crashes and fails to regain it automatically, preventing the VPN from reconnecting. Expected Results: The device should maintain internet connectivity or recover connectivity to allow the VPN to reconnect successfully after the packet tunnel process restarts. Workaround - iPhone device needs a restart to regain internet connectivity .

I have two Mac Catalyst C# MAUI apps. First is main application, second is updater. My updater works like that: it downloads ZIP-archive of .app of main application from server, and extracts it to directory where app is placed(folder in user directory, with two .apps of updater and main one), overwriting files. When I want launch application, I have error "App” is damaged and can’t be opened. You should move it to the Bin." . Although I can permit app opening in Settings, it occurs after every update, so it can be annoying to user. Also, both apps are signed, and there is app identifier of updater in NSUpdateSecurePolicy in Info.plist of main app. What can I do with this? How can I update my app without any warnings? Thanks a lot in advance for answer!

stacks

I'm developing a macOS application called Blurt, which aims to provide enhanced notification management in MacOS. The core functionality I'm trying to implement is the ability to intercept and display notifications from various applications in a custom interface. Current implementation: Using AppDelegate to handle application lifecycle Implemented UNUserNotificationCenterDelegate for handling notifications Created a custom NotificationService extension Challenges: Unable to intercept notifications from other applications System notifications are not being captured by our app What I've tried: Using DistributedNotificationCenter to observe system-wide notifications Implementing a Notification Service Extension Exploring NSWorkspace notifications Current roadblocks: Apple's sandboxing and security model seems to prevent direct access to other apps' notifications Unable to find a sanctioned API for system-wide notification interception Questions: Is there a recommended approach to creating a centralized notification management system within Apple's guidelines? Are there any specific system notifications or events we can legally subscribe to that might help achieve similar functionality? How do other notification management apps (if any exist) handle this limitation? Are there any upcoming APIs or features in macOS that might address this use case? I'm open to alternative approaches or pivoting the app's functionality if necessary. Any insights, suggestions, or resources would be greatly appreciated. Thank you in advance for your help!

Hi, I’ve identified an issue with the “hidden” feature that was added to IOS 18.0. The issue causes the stuff you would like to hide, to become not so hidden anymore. This due to the fact that the apps you are trying to hide are still visible in other parts of the phone. Examples are: Battery consumption location services (and A number of other features in privacy & securit) -Siri -> Apps. I kindly ask the development team to go through the actual feature and identify the possible locations the apps you try to huse could be visible. thanks jorn

I have an app (currently not released on App Store) which runs on both iOS and macOS. The app has widgets for both iOS and macOS which uses user preference (set in app) into account while showing data. Before upgrading to macOS 15 (until Sonoma) widgets were working fine and app was launching correctly, but after upgrading to macOS 15 Sequoia, every time I launch the app it give popup saying '“Kontest” would like to access data from other apps. Keeping app data separate makes it easier to manage your privacy and security.' and also widgets do not get user preferences and throw the same type of error on Console application when using logging. My App group for both iOS and macOS is 'group.com.xxxxxx.yyyyy'. I am calling it as 'UserDefaults(suiteName: Constants.userDefaultsGroupID)!.bool(forKey: "shouldFetchAllEventsFromCalendar")'. Can anyone tell, what am I doing wrong here?

Below is the GitHub link for the FMDB.framework contains privacyinfo.xcprivacy file provided as per the apple documentation were used in our App https://github.com/ccgus/fmdb I have reviewed the feedback, but I need additional clarification to fully understand the issue. Could you please provide more specific details or examples regarding the following points: We are using FMDB framework version 2.7.11 in our app available at https://github.com/ccgus/fmdb/ The version 4.0.0 submitted had the privacy file packaged as part of SQLCipher.bundle which resides under the FMDB framework. This was rejection with the same reason mentioned above. As a result, as part of Version 5.0.0 we have copied the privacy from the said bundle and placed it directly under the FMDB framework folder. This is rejected as well with the same reason again. Is there a concern because of empty values for the privacy keys? The GitHub source at https://github.com/ccgus/fmdb/ with the said version 2.7.11 does not use any APIs of concern listed at https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. As a result, the provider may not have provided the values for the keys.

Hello - I am trying to add a more descriptive Location Purpose String for submitting my app to the store. I previously had a placeholder, generic string for testing. I have updated my info.plist file, but the old string is still appearing. I have 1) deleted the app from simulator device and rebuilt 2) tried pushing the version to TestFlight 3) Deleted and replaced the values in the info.plist, none of which have resolved this issue. What am I missing here?

Hello, I am writing a macOS CLI application that holds cryptocurrency funds and uses Secure Enclave for security. I intend to create APIs so that other applications can create transactions from user's wallet in a secure way for the user. I am using P256 curve and authenticating a transaction involves making a signature for a hash of transaction data. Currently, this is how the authentication box looks like: However, this does not display any information about the transaction. If user is using my application, then I could display the information in the terminal. However, if some other CLI app wants to create transactions for the user, printing information in the terminal is insecure since a malicious app could override what is being printed. I see a rich authentication UI in apple apps. I wonder if there is a way to write UI for such applications. I would like to display some transaction information in the box instead of just "myapp needs to authenticate to continue". It would be great if there is a way to customize that text / add more text to it.

How do I delete or edit codes in the iOS Beta Passwords app?

I am using the CryptoTokenKit functionality to be able to perform validations on web pages that use digital certificates to ensure the user's identity, using the digital certificates included in the Spanish national electronic identity document. I manage to use it correctly in most cases, but sometimes I get an error when trying to retrieve the previously created token. This error is fixed by restarting the phone. I had create the Feedback Assistant with number FB14095789.

FMDB framework already contains the privacy file, which is part of SQLCipher.bundle file. But still apple rejects, not sure why? Can any one help me with this.

Hello, Is it correct that right now when any passkey-provider prepares the passkey registration ceremony response with attestation, iOS strips off the attestation before handing over response-assertion to the client. Does this stripping off of attestation have to do anything with the BS and BE flags that are populated by passkey-provider ? Meaning, is it correct statement that iOS removes the attestation blob from the response if the BE and BS flags are set to zero ??

We are using the Network framework to open TLS listener on the network and set options this way: configure_tls = ^(nw_protocol_options_t tls_options) { sec_protocol_options_t sec_options = nw_tls_copy_sec_protocol_options(tls_options); sec_identity_t sec_identity=sec_identity_create(identity); sec_protocol_options_set_local_identity(sec_options, sec_identity); sec_protocol_options_set_min_tls_protocol_version(sec_options, tls_protocol_version_TLSv12); sec_options=nil; }; This works fine; however, the listener's TLS negotiation only returns the certificate, not the trust chain. We have a requirement from a government agency to return the trust chain: "In addition to the certificate itself, you should provide a “chain” of intermediate certificates that give the connecting browser or client enough information to connect the certificate to a trusted root certificate. Failing to provide intermediates could prevent various browsers and clients from successfully connecting to your service, especially mobile browsers and non-browser clients (such as cURL, and tools based on libcurl). Some browsers will cache intermediates from a previous connection or attempt to automatically download missing intermediates that are presented in a certificate’s Authority Information Access (https://tools.ietf.org/html/rfc5280#section-4.2.2.1) extension, and so it can be easy to miss this problem during initial configuration. Though most browsers have an option to inspect the certificates on a site, they vary in whether they show the exact certificates the server presented or a chain as reconstructed through the fetching of an intermediate listed in the AIA extension. In general: You do not need to serve the trusted root that the certificate chains to. The client will compare the chain to a local root store, so serving the root will only waste bytes and slow the connection. You do need to serve any intermediate certificates that connect your web server certificate to the trusted root. Doing so removes the potential for problems caused by the variation in how clients facilitate trust verification." Is there a way to provide the chain of trust in the TLS options? I could not find any way to do this.

I cant reset screen time password form icloud

If "send and receive" on imessages has my Microsoft work email address, can my imessage content be synched with Microsoft ? Because I recently logged into our big data system through SSH client using my work email address, on a Console I saw one of my imessage thread printed. I reached Microsoft and their reply was to get advise reaching out to Apple support as their knowledge of iMessage is limited. Based on general knowledge about data protection the messages are most likely not synced unless there is a setting that you can allow from my side. PLEASE HELP ! This is a Mystery !!

I want to introduce client certificate authentication for communication between the iPad and the server. Since it is not possible to install a client certificate on the iPad using a p12 file, I am considering another method. I would like to know how to install the client certificate and private key issued by the certificate authority on the iPad without converting it to a p12 file. What are the different ways to do this?

I am trying to enable developer mode on my iPhone 12 mini, yet I cannot find the option in settings. I cannot use Xcode to enable it as I do not have a Mac device, so I was wondering if there is a way to enable it using windows.