Option 1: Kurz und prägnant
"Hilfe in jeder Situation! Unsere App alarmiert schnell und unkompliziert die Rettungskräfte. Egal wo du bist, wir helfen dir in Notfällen."
Option 2: Detaillierter
"Schnelle Hilfe für alle! Mit unserer App hast du rund um die Uhr einen zuverlässigen Helfer an deiner Seite. Ob du selbst in Not bist oder Zeugen eines Unfalls werden – mit nur einem Klick alarmierst du die Rettungskräfte und erhältst wichtige Informationen. Funktioniert für iOS und Android."
Option 3: Fokus auf die Zielgruppe "Alle"
"Für jeden ein Lebensretter! Egal, ob jung oder alt, sportlich oder weniger beweglich – unsere App ist für alle gedacht, die in einer Notlage schnell Hilfe benötigen. Einfach, intuitiv und immer für dich da."
Option 4: Betonung der Notfallfunktion
"Dein persönlicher Notfallhelfer! In kritischen Situationen zählt jede Sekunde. Unsere App sorgt dafür, dass die Rettungskräfte schnellstmöglich bei dir sind. Perfekt für unterwegs, zu Hause oder am Arbeitsplatz."
Option 5: Hervorhebung der Plattformunabhängigkeit
"Hilfe ohne Grenzen! Unsere App ist für iOS und Android Geräte verfügbar und sorgt dafür, dass du immer und überall Hilfe bekommst. Egal, welches Smartphone du hast, wir sind für dich da."
Möchtest du, dass ich einen Text entwerfe, der alle deine Punkte vereint? Oder hast du weitere Wünsche oder Vorstellungen?
General
RSS for tagPrioritize user privacy and data security in your app. Discuss best practices for data handling, user consent, and security measures to protect user information.
Post
Replies
Boosts
Views
Activity
I added a password to Keychain using Swift on macOS.
All works well, and I can see it
using Keychain Access, it is stored under iCloud -> Passwords.
How can I see this password on the Passwords App. Is there something I need to do, maybe in Swift, to have this password in the Passwords App, not just in Keychain Access
Note, I have turn on iCloud Keychain on my Mac: https://support.apple.com/en-us/109016
I am trying to finish my very first app. I went to save the PN key file and my computer shut off. I went to Certificates, Identifiers, and profiles and it says that I have reached the maximum allowed. I dont know what to do. I cant do anything with my app this is so stupid how could they make it so something like this was even possible. I am totally screwed. Please help me!
I'm seeing some odd behavior which may be a bug. I've broken it down to a least common denominator to reproduce it. But maybe I'm doing something wrong.
I am opening a file read-write. I'm then mapping the file read-only and private:
void* pointer = mmap(NULL, 17, PROT_READ, MAP_FILE | MAP_PRIVATE, fd, 0);
I then unmap the memory and close the file. After the close, eslogger shows me this:
{"close":{"modified":false,[...],"was_mapped_writable":false}}
Which makes sense.
I then change the mmap statement to:
void* pointer = mmap(NULL, 17, PROT_READ, MAP_FILE | MAP_SHARED, fd, 0);
I run the new code and and the close looks like:
{"close":{"modified":false, [....], "was_mapped_writable":true}}
Which also makes sense.
I then run the original again (ie, with MAP_PRIVATE vs. MAP_SHARED) and the close looks like:
{"close":{"modified":false,"was_mapped_writable":true,[...]}
Which doesn't appear to be correct.
Now if I just open and close the file (again, read-write) and don't mmap anything the close still shows:
{"close":{ [...], "was_mapped_writable":true,"modified":false}}
And the same is true if I open the file read-only.
It will remain that way until I delete the file. If I recreate the file and try again, everything is good until I map it MAP_SHARED.
I tried this with macOS 13.6.7 and macOS 15.0.1.
I am trying to send email from our internal server. We are using gmail as smtp client. Gmail is bound to a domain hosted on squarespace. I have all the required DNS records - DKIM, DMARC, SPF configured in squarespace. In the Apple Developer Portal, I have also added allowed domains and email addresses in the Sign In with Apple settings. SPF verification passed.
The problem is that emails sent to @privaterelay.appleid.com are not reaching the final recipient. On our end, the emails are sent and there are no errors.
In the email signature the DKIM domain and the domain in the From: address match completely. Domain on tools like mxtoolbox passes all checks.
Also, there is no response from the gmail server that the email was not delivered. To all other emails the emails are being sent with no problems. Please help me figure this out, maybe I am missing something.
I've made a simple command line app that requires Screen recording permission.
When I ran it from Xcode, it prompts for a permission and once I allowed it from the settings, it runs well.
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <CoreGraphics/CGDisplayStream.h>
int main() {
printf("# Start #\n");
if (CGPreflightScreenCaptureAccess()) {
printf("# Permitted.\n");
} else {
printf("# Not permitted.\n");
if (CGRequestScreenCaptureAccess() == false) {
printf("# CGRequestScreenCaptureAccess() returning false\n");
}
}
size_t output_width = 1280;
size_t output_height = 720;
dispatch_queue_t dq = dispatch_queue_create("com.domain.screengrabber", DISPATCH_QUEUE_SERIAL);
CGError err;
CGDisplayStreamRef sref = CGDisplayStreamCreateWithDispatchQueue(
1,
output_width,
output_height,
'BGRA',
NULL,
dq,
^(
CGDisplayStreamFrameStatus status,
uint64_t time,
IOSurfaceRef frame,
CGDisplayStreamUpdateRef ref
) {
printf("Got frame: %llu, FrameStatus:%d \n", time, status);
}
);
err = CGDisplayStreamStart(sref);
if (kCGErrorSuccess != err) {
printf("Error: failed to start streaming the display. %d\n", err);
exit(EXIT_FAILURE);
}
while (true) {
usleep(1e5);
}
CGDisplayStreamStop(sref);
printf("\n\n");
return 0;
}
Now I want to execute this from terminal, so I went to the build folder and
typed the app name.
cd /Users/klee/Library/Developer/Xcode/DerivedData/ScreenStreamTest-ezddqbkzhndhakadslymnvpowtig/Build/Products/Debug
./ScreenStreamTest
But I am getting following output without any prompt for permission.
# Start #
# Not permitted.
# CGRequestScreenCaptureAccess() returning false
Error: failed to start streaming the display. 1001
Is there a something I need to consider for this type of command line app?
When I reboot my iPhone 14 pro with Live Activity started, KeyChain information disappears.
So there is a problem that I have to sign-in again when I enter the app.
There is no problem rebooting the iPhone without Live Activity.
iOS17 didn't have this problem.
When I reboot my iPhone 14 pro with Live Activity started, Keychase information disappears.
So there is a problem that I have to sign-in again when I enter the app.
There is no problem rebooting the iPhone without Live Activity.
iOS17 didn't have this problem.
Hi, team.
So, I'm working on reading certificates from the keychain that have been stored or saved by other apps into it.
I understand that kSecAttrAccessGroupToken allows us to achieve that.
It is a requirement to use com.apple.token group in the entitlements file.
Having done that, I cannot store SecSertificates into the keychain, and into the security group. I can do it without the security group, but after adding in the dictionary the kSecAttrAccessGroup: kSecAttrAccessGroupToken, I can no longer add certificates.
I get the famous -34018. No entitlement found.
However, when I try to read certificates in the same access group, I do not get a -34018 error back. I instead get a -25300, which I understand means no keychain item was found in this access group.
How can this be happening?
Reading, the entitlement works, writing does not.
Here are my queries:
For adding:
let addQuery = [
kSecClass: kSecClassCertificate,
kSecValueRef: secCertificate as Any,
kSecAttrLabel: certificateName,
kSecAttrAccessGroup: kSecAttrAccessGroupToken
] as [CFString: Any]
let status = SecItemAdd(addQuery as CFDictionary, nil)
For reading:
var item: CFTypeRef?
let query = [
kSecClass: kSecClassCertificate,
kSecMatchLimit: kSecMatchLimitAll,
kSecReturnRef: kCFBooleanTrue as Any,
kSecAttrAccessGroup: kSecAttrAccessGroupToken
] as [CFString: Any]
let status = SecItemCopyMatching(query as CFDictionary, &item)
Dear Apple Team,
I hope this message finds you well.
Recently, while exploring Apple’s open-source resources, I came across some files that appear to contain sensitive information, including private keys. I wanted to reach out to clarify whether these files are intentionally made publicly available or if they might be exposed due to a potential misconfiguration.
Understanding the nature of these files is important, and I would appreciate any guidance you can provide regarding their accessibility and any necessary steps that should be taken to address this matter.
Thank you for your attention to this issue. I look forward to your response.
Hello there, we have implemented the Apple sign in our site, everything is working good except from two edge cases when the JWT returned by Apple sign in does not contain the user email, these cases are:
When users choose Hide My Email when creating their account and later manually change their settings and turning off the email forwarding (Tested).
For Apple at Work & School users. i.e. younger students may not have an email address. According to Apple docs, email could be empty for Sign in with Apple at Work & School users (Not tested).
The problem is that we use the email to confirm the user authentication, but when the email is not present in the JWT, our system won't be able to find the registered user.
We're currently working on a workaround for this, but we would like to confirm that these edge cases are known by apple and also ask some questions:
Is it correct to say that: Turning off the email forwarding will cause that Apple's identity token (JWT) does not include the user's email address?
Apple at Work & School users: is there a way to identify that someone is using this type of account?
Is there any other known edge case when the email could be empty in the JWT?
Thanks in advance!
I haven't gotten any hits searching for this, so I decided to open a new thread.
The Tech Note that was mentioned in an earlier 2024 thread doesn't mention this error.
I've been trying different ways to get a token, and finally found this article that seems to be in the correct format.
https://dev.to/hasone/generate-jwt-token-for-apple-store-connect-api-using-python-3j5h
The Apple App Store Server Swift Library was supposed to have a createJWT() method, but it's gone now.
curl -v -H 'Authorization: Bearer [token]' "https://weatherkit.apple.com/api/v1/availability/37.323/122.032?country=US"
Host weatherkit.apple.com:443 was resolved.
IPv6: (none)
IPv4: 23.66.3.87, 23.66.3.70, 23.66.3.74, 23.66.3.72, 23.66.3.81, 23.66.3.75, 23.66.3.91, 23.66.3.71, 23.66.3.73
Trying 23.66.3.87:443...
Connected to weatherkit.apple.com (23.66.3.87) port 443
ALPN: curl offers h2,http/1.1
(304) (OUT), TLS handshake, Client hello (1):
CAfile: /etc/ssl/cert.pem
CApath: none
(304) (IN), TLS handshake, Server hello (2):
(304) (IN), TLS handshake, Unknown (8):
(304) (IN), TLS handshake, Certificate (11):
(304) (IN), TLS handshake, CERT verify (15):
(304) (IN), TLS handshake, Finished (20):
(304) (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 / [blank] / UNDEF
ALPN: server accepted http/1.1
Server certificate:
subject: C=US; ST=California; O=Apple Inc.; CN=weather-data.apple.com
start date: Oct 9 21:14:44 2024 GMT
expire date: Jan 7 20:21:03 2025 GMT
subjectAltName: host "weatherkit.apple.com" matched cert's "weatherkit.apple.com"
issuer: C=US; O=Apple Inc.; CN=Apple Public Server ECC CA 1 - G1
SSL certificate verify ok.
using HTTP/1.x
GET /api/v1/availability/37.323/122.032?country=US HTTP/1.1
Host: weatherkit.apple.com
User-Agent: curl/8.7.1
Accept: /
Authorization: Bearer [token]
Request completely sent off
< HTTP/1.1 401 Unauthorized
< Server: Apple
< Content-Type: application/json
< Content-Length: 26
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=31536000; includeSubdomains
< X-XSS-Protection: 1; mode=block
< Access-Control-Allow-Origin: *
< X-Content-Type-Options: nosniff
< Content-Security-Policy: default-src 'self';
< X-REQUEST-ID: 320cab08-acba-0127-fe19-4893dacf059c
< X-Apple-Origin: 3c6511d9-6be2-32cb-8412-efd1b1efa576
< Content-Disposition: inline;filename=f.txt
< Date: Tue, 15 Oct 2024 10:40:01 GMT
< X-Cache: TCP_MISS from a23-220-165-87.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-30d892fcde524eb1bee7eeb45111707d) (-)
< Connection: keep-alive
<
Connection #0 to host weatherkit.apple.com left intact
{"reason": "MISSING_AUTH"}
Under iOS 18.0.1, I can't do any development that uses HTTPS, because I can't authorize my generated certificates on my phone. This was not a problem in the past.
Normally you AirDrop a root certificate authority to your phone, install the "profile" for it, and then trust it in Settings / General / About / Certificate Trust Authority. Then you can connect to another server on your network that's using the accompanying certificates.
But after sucessfully installing two profiles on my phone, neither shows up in Certificate Trust Authority. Anybody else seeing this?
This problem, in combo with this one (which prevents running on my Mac as an iPad app) has completely halted my project.
I've found reports of this problem that blamed an empty "common name" field in the certs, but that field is populated in both of these.
Good day. As part of a business unit separation, we are required to have our product with a different name, bundle IDs and certificates than our current configuration.
The product contains network extensions and requires Full Disk Access. We distribute this product to our customers who either support MDM or not.
I know from previous experience that a product can be transferred to a different account, which is something we could do only for some parts of our product (only a couple of Bundle IDs).
My question is what's the best way to do this. I can imagine that having a scripted scenario where the other business unit's product is removed from customers and ours is installed, in a different folder.
The main issue I can foresee is that because our architecture uses several network extensions that are installed as plugins (bad design I know), we would be asking the users for authorisation, again, to use those extensions, plus full disk access.
What options do I have?
Hi I am currently developping the "Sign in with apple" feature.
We set up everything according to the documentation :
https://developer.apple.com/help/account/configure-app-capabilities/configure-private-email-relay-service
When trying to send an email from one of the registered communication emails (that is SPF and DKIM Authentication compliant) the emails are still ending up in the spam box.
If it can help the received email address (that is hidden) is a gmail.
I can not catch what is missing/wrong on our side.
In the FAQ about Local Network, a lot of topics are covered but, unless I missed something, I didn't see the topic of MDMs being covered.
[Q] Could the FAQ be updated to cover whether it is possible to grant this Local Network permission through a configuration profile?
The answer, based on google searches and different forums, seems to be a negative. It seems a bit strange considering that this feature has been available on iOS for at least 3 years.
Anyway, even if it is not possible, it would be useful to add in the FAQ that this is not possible.
I want to install a driver package without internet access and the installation fail. This I think it is due to it need internet to check for signature with Apple Server.
The workaround is to disable System Integrity Protection, but I do not have the administrator password to disable it.
How to install a driver and allow a driver to run without internet access and administrator account? This driver is develop by ourself but how to by pass the code signing and security check for others to use this driver on their Mac PC?
Currently I am following
https://developer.apple.com/documentation/systemextensions/ossystemextensionrequest/activationrequest(forextensionwithidentifier:queue:)
to activate the system extension
If the extension is inactive, the system may need to prompt the user for approval. Which others API can I use which do not need prompt user for approval?
Beside in order to validate the code signing, it need to communicate with Apple server which required internet access. Any method to by pass this validation?
Hello,
I started looking to implement SSO with Apple on my website using this tutorial : https://developers.appcharge.com/docs/apple-sso-login
However, when going to https://developer.apple.com/account/resources/identifiers/list
to generate a new Key, i'm getting the error :
"Unable to find a team with the given Team ID 'XXXXXXXX' to which you belong. Please contact Apple Developer Program Support".
It was a breeze to implement Google SSO, but not for Apple.
I can't find much help online, could you guide me ?
Regards
I have implemented Sign in with Apple on website one weeks ago, and it work perfectly.
However, recently we start to receive invalid_grant with no error description while token validation, however the same client secret works on IOS app without issue....
in ios app site , we used bundle id for client_id.
in web site , we used service id for client_id;
I try to create a new privateKey for web site and add redirect_uri params to /auth/token, but still error....
I tested it like this,
i got authorization code using Service ID
i tried authorization code with Service ID using browser :
successfully got the code
and requested access_token immately
2 and then, i tried validate the authorization grant code to obtain tokens
curl like this
curl -X POST https://appleid.apple.com/auth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=my_service_id" \
-d "client_secret=my_client_secret" \
-d "code=sent_from_frontend" \
-d "grant_type=authorization_code" \
-d "redirect_uri=my_redirect_uri"
then get fail and no error_description error_code is 400
invalid_grant
is not invalid_client error, and client secret is not expired too
My decoded token looks like the following :
{
"alg": "ES256",
"typ": "JWT",
"kid": "my_kid"
}
{
"aud": "https://appleid.apple.com",
"sub": "my_service_id",
"iss": "team_id",
"exp": 1744012650,
"iat": 1728460650
}
When we develop 'Sign in with Apple' function on our app, we visited https://appleid.apple.com to verify the account. However, appleid.apple.com is mapped to an American IP, and it is not suitable for our app which is operated in China. I wonder whether there is a China Mainland IP available for the verification? Thanks very much.