Hello.
We provide our software in the form of static libraries (.a) wrapped in xcframework. Therefore, the final app will not include the embed framework.
In such a case, should the manifest content required for the library be written as part of the application's xcprivacy file? Or can I provide xcprivacy as part of the xcframework?
General
RSS for tagPrioritize user privacy and data security in your app. Discuss best practices for data handling, user consent, and security measures to protect user information.
Post
Replies
Boosts
Views
Activity
Hi Team, I have developed a smartcard driver which is working fine when inserting USB mouse,
So here is the process I followed for smartcard driver
Smartcard driver(IFdHandler) has info.plist which contains vendor Id and product ID attributes
Mentioned vendor Id and product ID of USB mouse which one is going to be connected to device(Mac) in info.plist, Build the IFDdriver and replace it to path - /usr/local/libexec/SmartCardServices/drivers/
Once Inserting USB mouse I am getting smart card pairing notification on Mac
This scenario is working fine and able to achieve following changes on Mac device -
Getting Smart card notification for pairing on Mac device
After Pairing , Password field on Login Screen changes to PIN field
But I want smartcard driver(IFDHandler) to be trigger via bluetooth connection from iPhone or android instead via USB
Is there any way to achieve This?
Reference for USB driver smart card driver - https://github.com/frankmorgner/vsmartcard/blob/master/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c
I have a project using SecKey. Everything was working fine. But my newest build in TestFlight has crashed iOS 17.4 above.
Could you help me to fix this problem?
Here is my bug.
Hello community
we have been using an Endpoint Security client within a system extension for quite a while now. After some users updated macOS to Sonoma, we got complaints about slower performance when using MS Office on Mac. The product features work as expected, and our system extension is loaded and delivers events.
Upon inspection of the log files, we found the following (but not on all machines):
[com.apple.TCC:access] Failed to create LSApplicationRecord for file:///Library/SystemExtensions/0062566E-9869-4CC4-A666-F641F5C011CD/com.sophos.endpoint.scanextension.systemextension/: 'The operation couldn’t be completed. (OSStatus error -10811.)'
and
[com.apple.TCC:access] -[TCCDAccessIdentity staticCode]: static code for: identifier com.sophos.endpoint.scanextension, type: 0: 0x7fb63da318c0 at /Library/SystemExtensions/0062566E-9869-4CC4-A666-F641F5C011CD/com.sophos.endpoint.scanextension.systemextension
for almost each event delivered. We are using XPC from the system extension to a non-priviliged daemon process to process file content.
A feedback has already been filed: FB13174804
An additional code-level support was returnd woithout any explanation.
Signing checks of the system extension and the containing app (daemon) on Sonoma turn up without any errros.
Any idea, whats going on here?
Frank Fenn
Sophos Inc.
Is it possible to get the process (name, executable location) that triggers CryptoTokenKit extension security operation, such as signData or decryptData?
We are developing smart card middleware, for both Windows (minidriver) and macOS (CryptoTokenKit extension). We would like the possibility to configure various parts of our implementation based on the calling process. For example, we would like to cache PIN code in memory for particular amount of time, that is different for web browser and email client.
On Windows it can be done, since minidriver dll is loaded into the calling application process. By calling GetCurrentProcess() inside our minidriver, we can figure out what application is using it. On macOS, however, there is a single process that handles all requests from the apps, using smart cards. So getting current process info does not help. Is there a way to get calling application somehow?
Could you help me to understand this crash:
Thread 22 Crashed:
0 libsystem_kernel.dylib 0x00000001e9ee2974 __pthread_kill + 8 (:-1)
1 libsystem_pthread.dylib 0x00000001fd9650ec pthread_kill + 268 (pthread.c:1717)
2 libsystem_c.dylib 0x00000001a9933c14 __abort + 136 (abort.c:159)
3 libsystem_c.dylib 0x00000001a9933b8c abort + 192 (abort.c:126)
4 libsystem_malloc.dylib 0x00000001b1b5ec68 malloc_vreport + 896 (malloc_printf.c:251)
5 libsystem_malloc.dylib 0x00000001b1b5ef10 malloc_zone_error + 104 (malloc_printf.c:319)
6 libsystem_malloc.dylib 0x00000001b1b54a44 nanov2_guard_corruption_detected + 44 (nanov2_malloc.c:2425)
7 libsystem_malloc.dylib 0x00000001b1b3b6f0 nanov2_allocate_from_block + 352 (nanov2_malloc.c:2543)
8 libsystem_malloc.dylib 0x00000001b1b3b418 nanov2_find_block_and_allocate + 1172 (nanov2_malloc.c:2797)
9 libsystem_malloc.dylib 0x00000001b1b3aeec nanov2_allocate_outlined + 252 (nanov2_malloc.c:2955)
10 CoreFoundation 0x00000001a1980ab8 _CFRuntimeCreateInstance + 448 (CFRuntime.c:791)
11 CoreFoundation 0x00000001a19e0b5c __CFDataInit + 172 (CFData.c:444)
12 Security 0x00000001aa14607c createNormalizedX501Name + 56 (SecCertificate.c:1277)
13 Security 0x00000001aa1458ec SecCertificateParse + 820 (SecCertificate.c:1658)
14 Security 0x00000001aa145594 SecCertificateCreateWithBytes + 124 (SecCertificate.c:1807)
15 libboringssl.dylib 0x00000001d2c9287c boringssl_helper_copy_certificates_from_CRYPTO_BUFFERs + 196 (boringssl_helper.m:148)
16 libboringssl.dylib 0x00000001d2c913ac boringssl_session_set_peer_verification_state_from_session + 160 (boringssl_session.m:446)
17 libboringssl.dylib 0x00000001d2ca09a4 boringssl_context_certificate_verify_callback + 528 (boringssl_context.m:1861)
18 libboringssl.dylib 0x00000001d2ca0618 bssl::ssl_verify_peer_cert(bssl::SSL_HANDSHAKE*) + 372 (handshake.cc:395)
19 libboringssl.dylib 0x00000001d2c8da68 bssl::ssl_client_handshake(bssl::SSL_HANDSHAKE*) + 3112 (handshake_client.cc:1956)
20 libboringssl.dylib 0x00000001d2c7f22c bssl::ssl_run_handshake(bssl::SSL_HANDSHAKE*, bool*) + 376 (handshake.cc:764)
21 libboringssl.dylib 0x00000001d2c8cd90 SSL_do_handshake + 80 (ssl_lib.cc:874)
22 libboringssl.dylib 0x00000001d2c8caec boringssl_session_handshake_continue + 108 (boringssl_session.m:262)
23 libboringssl.dylib 0x00000001d2c743e0 nw_protocol_boringssl_handshake_negotiate + 120 (protocol_boringssl.m:803)
24 libboringssl.dylib 0x00000001d2c715d4 nw_boringssl_read + 3144 (protocol_boringssl.m:700)
25 libboringssl.dylib 0x00000001d2c708e0 nw_protocol_boringssl_input_available + 348 (protocol_boringssl.m:1435)
26 libusrtcp.dylib 0x00000002155f6554 nw_protocol_tcp_wake_read + 396 (protocol_tcp.c:324)
27 libusrtcp.dylib 0x00000002155f504c nw_protocol_tcp_input_flush + 108 (protocol_tcp.c:2034)
28 Network 0x00000001a1ecc2b8 nw_channel_update_input_source(nw_channel*, nw_protocol*, bool) + 7872 (channel.cpp:1483)
29 Network 0x00000001a2824180 invocation function for block in nw_channel_create(nw_context*, unsigned char*, unsigned int, void*, unsigned int, bool, bool, bool*) + 72 (channel.cpp:2545)
30 libdispatch.dylib 0x00000001a987add4 _dispatch_client_callout + 20 (object.m:576)
31 libdispatch.dylib 0x00000001a987e2d8 _dispatch_continuation_pop + 600 (queue.c:321)
32 libdispatch.dylib 0x00000001a98921c8 _dispatch_source_latch_and_call + 420 (source.c:596)
33 libdispatch.dylib 0x00000001a9890d8c _dispatch_source_invoke + 832 (source.c:961)
34 libdispatch.dylib 0x00000001a9884284 _dispatch_workloop_invoke + 1756 (queue.c:4570)
35 libdispatch.dylib 0x00000001a988dcb4 _dispatch_root_queue_drain_deferred_wlh + 288 (queue.c:6998)
36 libdispatch.dylib 0x00000001a988d528 _dispatch_workloop_worker_thread + 404 (queue.c:6592)
37 libsystem_pthread.dylib 0x00000001fd960f20 _pthread_wqthread + 288 (pthread.c:2665)
38 libsystem_pthread.dylib 0x00000001fd960fc0 start_wqthread + 8 (:-1)
Hi Team,
I have developed a smartcard driver which is working fine when inserting USB mouse, So here is the process I followed for smartcard driver:
Smartcard driver(IFdHandler) has info.plist which contains vendor Id and product ID attributes
Mentioned vendor Id and product ID of USB mouse which one is going to be connected to device(Mac) in info.plist, Build the IFDdriver and replace it to path - /usr/local/libexec/SmartCardServices/drivers/
Once Inserting USB mouse I am getting smart card pairing notification on Mac
This scenario is working fine and able to achieve following changes on Mac device -
Getting Smart card notification for pairing on Mac device
After Pairing , Password field on Login Screen changes to PIN field
But I want smartcard driver(IFDHandler) to be trigger via bluetooth connection from iPhone or android instead via USB
Is there any way to achieve This?
Reference for USB driver smart card driver - https://github.com/frankmorgner/vsmartcard/blob/master/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c
I'm building an iOS app using Swift, designed to run on iOS 16 and later and I'm curious about accessing battery health information directly from the device. Specifically, I'm interested in retrieving details such as the maximum battery capacity and app usage statistics for my application.
Is it possible to programmatically obtain this data within my app?
Any guidance would be helpful. Thank you for your assistance!"
Hi,
Is this possible? I would like to:
Store a biometrically secured key in the Secure Enclave.
Do multiple cryptographic operations using that key in a short period of time (say 5 seconds), not all at once.
Only do one FaceID for that set.
For the time I've only gotten either multiple flashing FaceId requests or the operations failing.
Is it possible to set a time limit in which the first FaceID authentication is accepted?
Should I do something else?
Thanks!
I added Privacy manifest for my app and submit it to review
and apple reject my app with what comment
ITMS-91054: Invalid API category declaration - The PrivacyInfo.xcprivacy for the “Frameworks/SmartlookAnalytics.framework/SmartlookAnalytics” file contains “Disk Space” as the value for a NSPrivacyAccessedAPIType key, which is invalid. Values for NSPrivacyAccessedAPIType keys in any privacy manifest must be valid API categories. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.
i look at the package manifest and all looks fine (attached image).
Maybe somebody saw that issue - and may tell me how can i fix it.
Hi everyone,
I wanted to ask if anybody knows what the current status is about the declaration of required reasons APIs.
Before May 1, when I uploaded a new build to the App Store Connect and added it to a group with external testers, I got a notification by email like the following:
ITMS-91053: Missing API declaration - Your app’s code in the [...] file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code.
In an article published by Apple (https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api) it is even statet that that after May 1, apps that do not comply are not accepted by the App Store Connect. According to my interpretation, even the upload should be rejected.
I am currently in the process to add a privacy manifest and add the declarations. For testing purposes, I wanted to add the declarations step by step and see where I still need to fix anything. My problem is, that the warnings by apple are not beeing sent anymore. I have uploaded a new build after May 1 with no privacy manifest and therefore no API declarations, it was accepted by App Store Connect and even passed the review for an external testers group.
Does anybody have information about the following questions?
Did Apple shift the deadline?
How can I trigger the warning emails again so that I know what to fix and see, when my app is compliant?
Thanks in advance!
Hello,
I am trying to enumerate all ways on macOS for launching an application when a user opens a session.
Please note i am not looking for a way which requires root or sudo privileges.
I have found this:
~/Library/LaunchAgents/
Login Items (in macOS System Settings)
But are there others ?
Thanks
Near the bottom,
Describing data use in privacy manifests, says:
App extensions don’t include privacy information files. The operating system and App Store Connect use the privacy information file in the extension’s host app bundle, in combination with those from third-party SDKs your app links to.
Yet the warnings email we see lists the app's extensions as missing manifests.
Are we reading the documentation incorrectly?
Getting this clarified helps us justify approvals for the additional work.
In our implementation of Platform SSO, we would like to show custom UI in both the beginDeviceRegistration call as well as the beginUserRegistration call.
It works fine in the beginDeviceRegistration call when we use presentRegistrationViewController. When we try to apply the same logic in beginUserRegistration, the ViewController's view.window object is nil and thus using it to house our custom UI doesn't work.
I'm not sure if this is an implementation flaw on our part or if presentRegistrationViewController is only intended to be used in beginDeviceRegistration. The call is only mentioned in the context of registering devices, which makes us wonder if it is limited to that.
Any help would be appreciated!
I created a custom PAM module following this and It works fine with etc/pam.d/sudo but doesn't work with etc/pam.d/authorization and etc/pam.d/login.
sudo
# sudo: auth account password session
auth include sudo_local
auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so
auth sufficient pam_smartcard.so
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
authorization
# authorization: auth account
auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so
auth optional pam_krb5.so use_first_pass use_kcminit no_auth_ccache
auth optional pam_ntlm.so use_first_pass
auth sufficient pam_smartcard.so use_first_pass
account required pam_opendirectory.so
Is it even allowed to add a custom PAM to \etc\pam.d\login or etc\pam.d\authorization ?
Is it possible to create a mechanism with custom logic and replace it with<string>builtin:authenticate,privileged</string> in system.login.console authorization right ?
Note: I have also tried moving the .so file to /usr/lib/pam but it failed even after disabling SIP.
I am trying to pass smart card PIN from a custom auth plugin with tag kAuthorizationEnvironmentPassword. I added pam_smartcard.so to login stack (\etc\pam.d\login) but the changes do not take place.
# login: auth account password session
auth sufficient pam_smartcard.so
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session required pam_uwtmp.so
session optional pam_mount.so
What could possible be going wrong in this ? Also is there an API to trigger authorization_ctk from a custom auth plugin to work with smart card ?
Hello,
It is possible to restrict Documents folder access with TCC.
But when an applications shows a standard "file open" dialog, it is possible to access this directory to open a file.
macOS allows file access in this case because it is an intentional action from user.
So i suppose there is a kind of whitelist for all files path opened through "file open" dialog.
I would like to know how i can access this whitelist and how i can remove entries.
Thanks
We develop an iOS SDK that allows developers to add VoIP capability to their iOS applications.
For post-call quality analysis and debugging purposes we do collect SDK API usage and call quality data and send them back through internal HTTP API endpoint, therefore we need to disclose the domain in the privacy manifest. However we do not collect any Personally Identifiable Information and definitely have no intent to use these data for tracking the users like the examples described in https://developer.apple.com/app-store/user-privacy-and-data-use/.
Our question is, do we need to set the “NSPrivacyTracking” key to “true” in the privacy, or our SDK actually is not tracking from the Privacy Manifest’s perspective and simply disclosing the data collection type/purpose as well as the domain is sufficient?
We’ve observed a couple of concerning alterations in the passkey registration and authentication behaviour in iOS 17.4.1:
During passkey registration, “excludeCredentials” property is ignored. Existing passkey is silently overwritten and no error is reported from navigator.credentials.create (both, Safari and Chrome).
However, according to W3 spec when “excludeCredentials” is present in the PublicKeyCredentialCreationOptions -
“The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter.”
PublicKeyCredentialCreationOptions we use:
"credCreateOptions": {
"rp": {
"name": "RP name"
},
"user": {
"name": "username",
"id": "abcd"
},
"challenge": "56elsKE5pKgEECg-fJpLl3gF33ACRSVBl00Mn03JAIk",
"pubKeyCredParams": [
{
"type": "public-key",
"alg": -7
}
],
"excludeCredentials": [
{
"type": "public-key",
"id": “abcd”
}
],
"authenticatorSelection": {
"authenticatorAttachment": "platform",
"userVerification": "required"
},
"hints": [
"client-device"
],
"attestation": "direct",
"extensions": null
}
}
This behaviour is different from what is observed on iOS 17.3.1 where the registration call to navigator.credentials.create with the same options produces the following error: “At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator”
During passkey login flow, iOS 17.4.1 ignores
"hints": [ "client-device" ]
According to https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create#client-device, hints specify what authentication UI the user-agent should provide for the user. “client-device” requests the user authenticates using their own device, such as a phone.
Here’s our PublicKeyCredentialRequestOption:
"credRequestOptions": {
"challenge": "xk_wd1BaVue7mOZ-UM_KVj6Z4AmGxf12_7H1Gilq01I",
"timeout": 300000,
"allowCredentials": [
{
"type": "public-key",
"id": “abcd”,
"transports": [
"internal"
]
}
],
"userVerification": "required",
"hints": [
"client-device"
],
"extensions": null
}
}
However, iOS 17.4.1 gives user an option to sign in with another device .
On iOS 17.3.1, the request to navigator.credentials.get with the same same PublicKeyCredentialRequestOption presents the UI screen without the “Sign In with Another Device” option.
Is that a bug on iOS 17.4.1 or intended behaviour? This does not follow the official specs and different from the other platforms like Android.
Is there any documentation around this change on iOS 17.4.1? That would be helpful.
Suppose I received a Privacy Manifest from Apple in the process of reviewing the app.
I used "UserDefaults" and "File timestamp APIs" among the APIs, and I didn't add Privacymanifest. And there is nothing in the mail other than "UserDefaults" and "File timestamp APIs".
And so is the code.
If I remove all the code related to "UserDefaults" and "File timestamp APIs" from the library in this situation, is it okay not to add "Privacy Manifest" from the library as well??
The library can be FrameWork or Static Library.