I have developed framework and want to use this framework in authplugin which added on same project in different target That plugin target is working fine without framework, once I am adding framework the authplugin is not working Auth-plugin I am using to change in screen-saver plist

Hello. I’m running the 18.3 beta on an 15 pro and have noticed the green camera indicator light turns on when I switch apps. I also am unable to use my flashlight until it turns off (usually a second or two). I’ve checked my privacy and access settings and nothing looks out of the norm. I’ve also closed all rubbing apps, but the issue continues.

Does macos app support passkey? Can I also use passkey's functionality if it's an internal release, not an Apple App Store release?

Hey, There are two apps, App A and App B. Both apps do not have Sign in with Apple configured currently, so there are no Sign in with Apple users to transfer. I want to configure this for both apps. App A is on developer team A. App B is on developer team B. They are not on the same developer accounts. It is my understanding that both accounts need to be on the same developer team/account to get the same unique identifiers (e.g. sub id and private relay email address) for privacy reasons. Desired Behavior: When a single user logs into either app A or app B with the newly exposed Sign in with Apple functionality, I need apple to return me the same unique identifiers (e.g. sub and email), so that I can uniquely identify the same user across app A and app B. How can I do this without ANY customer impact.

We recently transferred our app from one developer account to a new one, internally. We're trying to transfer our sign in with apple users, but have hit a snag on the first step. I'm following the instructions here to "Obtain the user access token": https://developer.apple.com/documentation/sign_in_with_apple/transferring_your_apps_and_users_to_another_team This is my request as created in postman: curl --location 'https://appleid.apple.com/auth/token/' --form 'grant_type="client_credentials"' --form 'scope="user.migration"' --form 'client_id="com.XXXXX"' --form 'client_secret="XXXXX"' No matter what I try, I always receive invalid_client. I've uploaded example JWTs in FB15648650.

We received a rejection today based on an invalid PrivacyInfo.xcprivacy file. It contained one extra space character was somehow added to a value field. Is there a tool that can check the validity of our PrivacyInfo.xcprivacy files?

Hello I am wondering how and if it even is possible to grab the amount of times a user has opened a specific app. Of course these apps will be selected for tracking by the user through the FamilyControls API, but is it possible to then list those selected apps and their amount of openings? I know Screen Time API is very strict with giving developers control of this information outside of just displaying a view so I don't know if this is possible. I saw that DeviceActivityData.ApplicationActivity has a value called "numberOfPickups" but I'm not sure how to access that value and display it in my app. Thank you

Hi, I need to make a "Sign with apple" button. I followed all the instructions and I managed to get apple's response with id_token. I have to continue testing the application but I no longer get the "user" object (name, lastname). How can I get the user object back to continue development?

Hey when I search for app that is hide. it shows the information in the app like a phone number I try everything I talk to two agents I’m not the only one who has this problem can you guy please fix up Siri suggested thank you

Hi, We're encountering an intermittent issue where certain users are unexpectedly logged out of our app and unable to log in again. We believe we've narrrowed down the issue to the Keychain due to the following reasons: We use a keychain item to determine if the member is logged in or not. Failure to retrieve the value leads the app to believe the member is logged out. API error logs on the server show 3 missing values in fields that are each populated from items stored in the keychain. Additional Notes: The issue is hard to reproduce and seems to affect only a subset of users. In some cases, uninstalling and reinstalling the app temporarily resolves the problem, but the issue recurs after a period of time. The behavior appears to have coincided with the release of iOS 18. We’re using the “kSecAttrAccessibleWhenUnlocked” accessibility attribute. Given that our app doesn’t perform background operations, we wouldn’t expect this to be an issue. We’re also considering changing this to "kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly" to see if this might resolve the issue. We're the keychain-swift library to interact with the keychain. We are currently adding extensive logging around our keychain implementation to confirm our findings but are looking for any additional input. Questions: Has anyone encountered similar keychain behavior on iOS 18? Are there known changes or stability issues with the keychain in iOS 18 that might lead to such intermittent “item not found” errors? Any recommended workarounds or troubleshooting steps that could help isolate the problem further? Thanks for any help you can provide.

I'm working on a Password Manager app that integrates with the AutoFill Credential Provider to provide stored passwords and OTPs to the user within Safari and other apps. Password AutoFill works perfectly. I'm unable to get iOS to register that the app supports OTPs though. I've followed the Apple documentation here: https://developer.apple.com/documentation/authenticationservices/providing-one-time-passcodes-to-autofill and added "ProvidesOneTimeCodes" to the AutoFill extension's Info.plist, but iOS just doesn't seem to notice the OTP support. <key>ASCredentialProviderExtensionCapabilities</key> <dict> <key>ProvidesOneTimeCodes</key> <true/> <key>ProvidesPasswords</key> <true/> </dict> Any help would be greatly appreicated!

We run simple iOS Swift code triggered by a remote notification: UserDefaults.standard.set("key", forKey: "value") It runs fine when the app is active or inactive, but when the device is closed/locked and the code is triggered, we see a warning in Xcode: Couldn't write values for keys ( key ) in CFPrefsPlistSource<0x3018802d0> (Domain: com.example, User: kCFPreferencesCurrentUser, ByHost: No, Container: (null), Contents Need Refresh: No): Path not accessible Not updating lastKnownShmemState in CFPrefsPlistSource<0x3018802d0> (Domain: com.example, User: kCFPreferencesCurrentUser, ByHost: No, Container: (null), Contents Need Refresh: No): 767 -> 767 The issue is that there seems to be no way to catch that warning. The value is set, when it's re-read the value is correct. But the value is never written to disk, so after an app restart/update the value is gone, potentially has an old wrong value. This code runs without any interruption, it's just showing the warning on iOS 17.7.1 on iPad: UserDefaults.standard.set("key", forKey: "value") UserDefaults.standard.synchronize() print("value: \(UserDefaults.standard.string(forKey: "key"))") Should there not be a way to catch this, so the code can act accordingly to the circumstances? It would be good to know inside the code that the value is not persisted. I would expect that an exception is generated somewhere which can be caught. It seems .completeFileProtectionUntilFirstUserAuthentication enables files to be written to disk while the device is closed/locked, can something similar be used for UserDefaults.standard?

We are working with an iOS app where we have enabled the “Generate Debug Symbols” setting to true in Xcode. As a result, the .dSYM files are generated and utilized in Firebase Crashlytics for crash reporting. However, we received a note in our Vulnerability Assessment report indicating a potential security concern. The report mentions that the .ipa file could be reverse-engineered due to the presence of debug symbols, and that such symbols should not be included in a released app. We could not find any security-related information about this flag, “Generate Debug Symbols,” in Apple’s documentation. Could you please clarify if enabling the “Generate Debug Symbols” flag in Xcode for a production app creates any security vulnerabilities, such as the one described in the report? The report mentions the following vulnerability: TEST-0219: Testing for Debugging Symbols The concern raised is that debugging symbols, while useful for crash symbolication, may be leveraged to reverse-engineer the app and should not be present in a production release. Your prompt confirmation on this matter would be greatly appreciated. Thank you in advance for your assistance.

Hello, I have a public key of type Curve25519.KeyAgreement.PublicKey that I create from the raw representation using: Curve25519.KeyAgreement.PublicKey(rawRepresentation: Data(base64Encoded: "08sYq4gExgX+UApEwLaASkE+TZjAxG1FPYaT+mj2irk=")!) I'm trying to convert that key to a curve, but I don't see an equivalent function in CryptoKit for the Javascript function pk_to_curve25519. Can someone please help? For completeness, I'm trying to implement the handshake protocol that's a part of secure scuttlebutt. https://ssbc.github.io/scuttlebutt-protocol-guide/

Hi Guys, I want to access items.data file from this location **/Library/Caches/com.apple.findmy.fmipcore/Items.data ** Can anyone hlep me how to decrypt this file as this is encrypted now. Any help on this is highly appreciated. I want to access my own airtag data and this is the only way i believe. Thanks in advance.

I have my custom Authplugin implemented at login (system.login.console), and I want to remove password requirement validation/authentication from system.login.console authorization right. Do you see any functionality loss in completely removing password need at login. And is there any reference which can help me here to acheive this?

Is there a way to know the event of user unlocking on iOS Device in Application?

Friday we were preparing to publish our final build in TestFlight. Our developer informed me that the account holder had to agree to new terms and agreements. I am the sole user of this account, and tried to login (1 week ago I was still able to login). To my surprise I got the notification “account locked”, ”you need to reset your password”. I followed the required step: filling in the phone number on file (which is my phone number). After filling this in the page informed me that they’d get back to me in 1 day. On Saturday I received an email from no_reply@apple with the following “We have received the request for access to your account and we have denied access.” There was no further information in the email why this would be. I tried Apple support but they tell me they can not reactivate the account and I should apply for a new Apple ID. This sounds really strange as it would mean I would lose access to our currently published application forever? But in general I am just shocked how they can deny access to an account, which is even a paid one (Developer Program), and not help me out. I am able to supply all identification (passport). I have access to the email that we use to login. I have access to the mobile phone number that is connected for exactly this reason (two factor authentication). Anyone with similar experience and/or solutions?

I am researching to apply Apple Sign In to my app. I see response data from Apple just include user name and email (phone number is not required also), but currently my app has only one login method that is by phone number. So I would like to ask:
 Can I request an phone number (by an customize popup) from the user after Signin Apple successfully? If not then which approach that can I apply? Many thanks!

Wondering if others have encountered this issue with PSSO 2.0. We are observing that if, after registration, a user changes their IDP password, they may be prompted for their previous password in order to unlock the Keychain. We are trying to determine if this is expected behavior or if there is a way to avoid it. To reproduce this, the flow would be as follows: user registers with PSSO user logs out and logs back in with their IDP password user is authenticated (and not prompted for previous password) user logs out user changes their IDP password on another machine user logs in and is prompted to use their previous password to unlock the Keychain. Failure to provide the previous password nukes the Keychain, which is not an outcome we want. Any insight anyone has on this issue would be most welcome. Thanks