Hi, I use AudioQueueNewInput() with my very own run loop and dedicated thread. But now it doesn't show the mic alert window. Howto fix this? AudioQueueNewInput(&(core_audio_port->record_format), ags_core_audio_port_handle_input_buffer, core_audio_port, ags_core_audio_port_input_run_loop, kCFRunLoopDefaultMode, 0, &(core_audio_port->record_aq_ref));

I am writing SwiftData app, using a group container. When editing a SwiftUI file, every couple of seconds a dialog - that the app wants to access data from other apps - pops up. It is impossible to edit a view file while Canvas preview is open. If preview is resumed the dialog has to be confirmed twice. Each time the app is started from Xcode, the dialog has to be confirmed again. Any idea, how to stop these boring dialogs?

Is there a step by step program on Sending Push notifications? I seem to be stuck at load private key. I get this error. SecKeyCreateWithData failed with error: Error Domain=NSOSStatusErrorDomain Code=-50 "EC private key creation from data failed" It is a new p8 file. I tried different format. I read some articles that say that there is a bug I think. I don't know for sure because it was written in jibberish. 90% of the code is dealing with these stupid keys. This should be 1 function setting the pipe and then I can use the pipe. This is ridiculous. If anybody has any ideas. The code is a mess because I tried so many different ideas. Push Notification.txt

Hi, It may be a stupid question, but we really wonder if there is a way for MDM to push a unique mTLS cert to our iOS application or if it can populate a client certificate in the iOS where our application can access it. Like browser app, how do browser mTLS certs get pushed? Thanks, Ying

Hello. I am trying to give an update to my app but it again and again gets rejected due to the ATT Prompt. Before this late week I gave the update and it got live without any issue. Now I done some minor changes in the App. Apple Response. The app uses the AppTrackingTransparency framework, but we are unable to locate the App Tracking Transparency permission request when reviewed on iPadOS 18.2. Next Steps Explain where we can find the App Tracking Transparency permission request in the app. The request should appear before any data is collected that could be used to track the user. If App Tracking Transparency is implemented but the permission request is not appearing on devices running the latest operating system, review the available documentation and confirm App Tracking Transparency has been correctly implemented. If your app does not track users, update your app privacy information in App Store Connect to not declare tracking. You must have the Account Holder or Admin role to update app privacy information. My Response: Hello Apple Team Thank you for your feedback. We have tested the app on iPadOS 18.2, also on iPhone 18.1 and the App Tracking Transparency dialogue is appearing as expected on the main home screen when the user enters the app. To help demonstrate this, we’ve attached a video showing the ATT prompt in action. If there is still an issue with the dialogue or if it needs to be placed in a different position, we kindly request your guidance on what needs to be adjusted. Please let us know the details so we can address it promptly. Thank you for your support "I uploaded a video with images showcasing the ATT prompt but now again they rejected the update with the exact same reply. Which I am thinking it may be a bot reply. Now what to do how to solve it?

Seeing the following error when attempting automatic passkey upgrade - [Warning] NotAllowedError: The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission. We're trying to enable Automatic passkey upgrade (https://developer.apple.com/videos/play/wwdc2024/10125/?time=38) for our website but it's not working from our testing on iOS 18.2 and 18.3 Beta Safari. The flow on our website looks like: the customers use autofill to fill out email and password on the sign-in page (abc.com/signin) PublicKeyCredential.getClientCapabilities is called to check if conditionalCreate supported. land on another page of our website (abc.com/pageX), which calls navigator.credentials.create with mediation conditional (Right after sign-in). We checked that we followed the steps in above video: Allow automatic passkey upgrades is enabled, mediation is set to conditional and password autofill is used to signed in. However, Safari threw an error [Warning] NotAllowedError: The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission. Can Apple help guide us if anything is missed here?

Hello, I have a password manager app and would like to help my user's to enable the Safari autofill capability. I've made the password credential extension and that is working great. I just need to help my user's enable the feature. I could point them to Settings->General->AutoFill & Password and instruct them to turn the feature on. However, I've noticed that my competitors are able to present an alert directly from their app to turn the feature on (without going to settings at all). I can't find any documentation on how to do this? Thanks for your help! //Ray

I have a Mobile App developed in Objective C which has two SDK's writing to the keychain. The first SDK which is completely written in Swift, uses Swift to write and read the key chain and the second SDK uses Objective C to read and write to the SDK. When the first SDK reads from the keychain, the second SDK is not able to read from the keychain and it is getting the Keychain error of item not found. Both the SDK's are using different keys and so not sure why the second SDK is getting item not found. The weird thing with this error is it happens only on a Simulator and it is working fine on actual iPhone. I have also checked the Objective C to Swift bridging header and everything looks correct. Any help you can provide is highly appreciated.

I've made a simple command line app that requires Screen recording permission. When I ran it from Xcode, it prompts for a permission and once I allowed it from the settings, it runs well. #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <CoreGraphics/CGDisplayStream.h> int main() { printf("# Start #\n"); if (CGPreflightScreenCaptureAccess()) { printf("# Permitted.\n"); } else { printf("# Not permitted.\n"); if (CGRequestScreenCaptureAccess() == false) { printf("# CGRequestScreenCaptureAccess() returning false\n"); } } size_t output_width = 1280; size_t output_height = 720; dispatch_queue_t dq = dispatch_queue_create("com.domain.screengrabber", DISPATCH_QUEUE_SERIAL); CGError err; CGDisplayStreamRef sref = CGDisplayStreamCreateWithDispatchQueue( 1, output_width, output_height, 'BGRA', NULL, dq, ^( CGDisplayStreamFrameStatus status, uint64_t time, IOSurfaceRef frame, CGDisplayStreamUpdateRef ref ) { printf("Got frame: %llu, FrameStatus:%d \n", time, status); } ); err = CGDisplayStreamStart(sref); if (kCGErrorSuccess != err) { printf("Error: failed to start streaming the display. %d\n", err); exit(EXIT_FAILURE); } while (true) { usleep(1e5); } CGDisplayStreamStop(sref); printf("\n\n"); return 0; } Now I want to execute this from terminal, so I went to the build folder and typed the app name. cd /Users/klee/Library/Developer/Xcode/DerivedData/ScreenStreamTest-ezddqbkzhndhakadslymnvpowtig/Build/Products/Debug ./ScreenStreamTest But I am getting following output without any prompt for permission. # Start # # Not permitted. # CGRequestScreenCaptureAccess() returning false Error: failed to start streaming the display. 1001 Is there a something I need to consider for this type of command line app?

I'm developing an Authorization Plug-In and have stumbled upon a concerning behavior regarding credential caching that may have security implications. Consider this scenario: I'm working on a Mac without admin privileges, and I need to temporarily disable the Firewall for some testing. An administrator physically comes to my machine, inputs their credentials to disable the Firewall, and then leaves. What follows is that, for a short period after this action, the administrator's credentials remain cached in Authorization Services. During this window, I can perform some additional privileged operations without any re-authentication. For example, I can open Activity Monitor and send SIGKILL signals to arbitrary privileged processes (!!). From what I could gather, this happens because system.preferences.network shares cached credentials with other authorization rights. Even more concerning, even when I explicitly modify the authorization database to prevent credential sharing for this specific right, the behavior persists! I suspect the issue relates to the underlying shared authentication rules (such as authenticate-admin-30, which com.apple.activitymonitor.kill uses), but I've been unable to modify these rules to test this theory. From my understanding, the most concerning aspect is that even if all system Authorization Rights were configured to not share credentials, third-party applications could still create proprietary rights that might end up sharing credentials anyway. From my Auth Plug-In, I've tried unsetting the kAuthorizationEnvironmentShared context value (even though the documentation in AuthorizationTags.h tells me that the value is ignored), and looking for ways to override the timeout for shared credentials, both without success. Finally, I'm looking to answer some questions that have been raised: I understand that this credential sharing is a feature, but isn't the behavior I described actually a security vulnerability? I worry that other (potentially more dangerous) operations may be able to exploit this. Is there a recommended way to prevent privileged credentials from being reused across arbitrary authorization rights if the original process does not destroy the auth reference? Are there any options from within an Authorization Plug-In to ensure more strict authentication boundaries? What exactly is the authorization "session" mentioned in /System/Library/Security/authorization.plist? Does this concept imply that System Settings.app and Activity Monitor.app share the same session in my previous example? This post ended up being quite long, but unfortunately, documentation on the subject seems incredibly scarce. For reference, the little information I could find came from: QA 1277 The Credentials Cache and the Authentication Dialog Comments on /System/Library/Security/authorization.plist

Our application uses Screen capture KIT API for screen recording. But from Sequoia OS, we are getting additional permission dialog which states " is requesting to bypass the system private window picker and directly access your screen and audio". It seems we need to add our app under "System settings -> Privacy & Security -> Remote Desktop" setting to avoid getting above additional dialogue in every few days. Some places mention use of .plist file that if mention in this file, the app will request for this permission. But did not seem to work or we do not understand that properly yet.

I have read that iOS data protection ensures most of the files to be stored encrypted. However, I saw someone insisting (elcomsoft blog) very few files are not encrypted. Are app’s cache files or tmp files not stored encrypted? For example, are safari history.db file and cache files stored in the flash encrypted?

Hello, I have a password manager app and have noticed a new feature in AutoFill & Passwords called "Set Up Codes In". I see that my competitors have been able to implement this feature but cannot find any documentation on how to do this. How can I make it so my app can support this feature. Any help to pointing me to the documentation or otherwise would be greatly appreciated. Thanks! //Ray

Regarding the issue of login controls remaining on screen for a few seconds when using a subclass of SFAuthorizationPluginView, I wanted to inquire whether any progress has been made on resolving it. To recap, per notes I found in the QAuthPlugins sample code: Due to a bug (FB12074874), the use of an SFAuthorizationPluginView subclass can cause the login controls to remain onscreen for a significant amount of time (roughly 5 seconds) after login is complete, resulting in them being onscreen at the same time as the Finder’s menu bar and the Dock. The exact circumstances under which this happens are not well understood, but one factor seems to be running on a laptop where the main display is mirrored to an external display. Specifically, I would like to know: If there any other information about how the issue is reproduced? For my part I can say that it reproduces with out the use of a mirrored display. So far it reproduces for all of our developers and testers, all of the time. Are there any known workarounds? Is there any expectation that this issue will be addressed? Thank you so much!

My existing chrome extension has "Sign in with Apple" given that we have iOS users. When user clicks "Continue with Apple" button in the extension log in pop up, this is what we do: javascript window.open( 'https://appleid.apple.com/auth/authorize?client_id=' + clientID + '&redirect_uri=' + backEndURL + '&response_type=id_token%20code&response_mode=form_post&scope=email%20name', 'Sign in with Apple', 'height=500,width=400,left=600,top=200,status=no,location=no,toolbar=no,menubar=no' ) In chrome, this opens a popup window with that URL. In Safari Converted Web Extension, it opens custom Apple sign in flow, where it says: "Do you want to sign in to XXX with your Apple ID YYY?" and then with my mac password I'm able to authenticate. Afterwards, nothing happens. Expected: a redirect to the URL specified in the window.open. Now let's do a trick: I'll wrap the above window.open code into javascript setTimeout (() = {window.open (...)}, 3000) Because of security reasons, safari then won't open the popup after 3s and will display a notification in the toolbar "Popup blocked..". If we allow the popup, then it finally opens as a normal window popup and after sign in, it redirects to our backend and it successfully authenticates. Any ides what how to solve this? P.S. We're not able to use embedded Sign in with Apple JS - https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple script because we can't host a remote code in the extension (it will be deprecated soon). So, we arere using this. - https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms

Hello, I'm developing a Command Line Tool in XCode, in order to capture system audio and save it to a file, which will then be used by a separate process. Everything works perfectly when running it from either XCode or the native terminal application (see image below), but as soon as I try to run it from any 3rd party application, it doesn't ask for permissions to record sound, and the resultant file ends up soundless. When archiving it and then running it from other 3rd party applications, e.g Warp (terminal) or spawning it as a child process from a bundled Electron application, it doesn't ask for permissions. Things of note: I've codesigned the application with "Developer ID Application" I've added NSAudioCaptureUsageDescriptionto Info.plist I've included Info.plist in the binary (see image below) I've added the com.apple.security.device.audio-input entitlement I've used the following resources as inspiration: https://github.com/insidegui/AudioCap https://developer.apple.com/documentation/coreaudio/capturing-system-audio-with-core-audio-taps As my use-case involves spawning the executable from Electron as a child process, I've tried to include the appropriate permissions to the parent application too, without success. I'm really at a loss here, it feels like I've tried everything. Any pointers are much appreciated! Thanks

Hello everyone! I'm encountering an issue while trying to use the Sign in with Apple token revocation API. I've followed the steps outlined in the official documentation (https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens), but when I consume the API, I receive a 200 status code instead of the expected code. I've double-checked my implementation and can't find any obvious errors. Has anyone else experienced this issue before? I would greatly appreciate any suggestions or advice on how to resolve this issue. Thank you in advance for your help!

I am developing a background program that is included in the app as an extension. I would like to include logic to check the teamID and code signature validity of the program I created to ensure that it has not been tampered with. Is this possible?

Hello everyone, We recently transferred an iOS app but didn’t generate the transfer identifier before initiating the transfer. Is it still possible to generate the transfer identifier after the transfer has been completed? If not, are there any alternative solutions or steps we can take to resolve this issue? Thank you for any guidance!

Our desktop app for macos will be released in 2 channels appstore dmg package on our official website for users to download and install Now when we debug with passkey, we find that the package name of the appstore can normally arouse passkey, but the package name of the non-App Store can not arouse the passkey interface I need your help. Thank you