Hello, I'm working on an app that currently uses CoreBluetooth to scan for devices and connecting. I am trying to integrate AccessibilitySetupKit for pairing with new devices, but I also need backward compatibility for older Bluetooth devices. I am playing around with SKSampleApp, and it looks like when I use ASK to discover devices, created CBCentralManager is either always poweredOff when I don't connect any accessory through ASK, or only discovers the paired devices. Is there any documentation describing the behavior of CBCentralManager state + scanning when ASK is integrated?

Hi Team We are facing a problem in our app for one particular user the url session is giving below error. Rest for all the users its working fine. Below is the complete error we get from user device. {"type":"video_player","error":"Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://api.vimeo.com/videos/1020892798, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask .<4>, _NSURLErrorRelatedURLSessionTaskErrorKey=(\n "LocalDataTask .<4>"\n), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://api.vimeo.com/videos/1020892798, NSUnderlyingError=0x301ea8930 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9836, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9836, _NSURLErrorNWPathKey=satisfied (Path is satisfied), viable, interface: pdp_ip0, ipv6, dns, expensive, uses cell}}, _kCFStreamErrorCodeKey=-9836}"} Device info device_type iOS device_os_version 18.1.1 device_model iPhone 11 Please let me know how we can resolve for one particular user. Or what we can adivse.

I'm extending a C++ library to gather some data from the keychain, I have a prototype code written in Swift that works just fine: import Security; import Foundation; let query: [String: Any] = [ kSecClass as String: kSecClassCertificate, kSecReturnData as String: true, kSecMatchLimit as String: kSecMatchLimitAll ] var items: CFTypeRef?; let status = SecItemCopyMatching(query as CFDictionary, &items); However trying to do the same in C++ crashes: #include <security/SecItem.h> int main() { static const void* keys[] = { kSecClass, kSecMatchLimit, kSecReturnData, }; static const void* values[] = { kSecClassCertificate, kSecMatchLimitOne, kCFBooleanTrue, }; static_assert(sizeof(keys) == sizeof(values), "Key-value lengths mismatch for query dictionary constructor!"); CFDictionaryRef query = CFDictionaryCreate(kCFAllocatorDefault, keys, values, sizeof(keys), nullptr, nullptr); SecItemCopyMatching(query, nullptr); return 0; } With the backtrace of: Thread 1 Queue : com.apple.main-thread (serial) #0 0x0000000191a7f1b8 in objc_retain () #1 0x0000000191ed9e0c in -[__NSDictionaryM __setObject:forKey:] () #2 0x0000000191f3ae28 in __CFDictionaryApplyFunction_block_invoke () #3 0x0000000191effbb0 in CFBasicHashApply () #4 0x0000000191ef2ccc in CFDictionaryApplyFunction () #5 0x0000000194cdafc4 in SecCFDictionaryCOWGetMutable () #6 0x0000000194cdf3e8 in SecItemCopyMatching_ios () #7 0x0000000194e79754 in SecItemCopyMatching () #8 0x0000000100003f68 in main at /Users/kkurek/whatever/whatever/main.cpp:15 #9 0x0000000191acf154 in start () I don't have much experience with MacOS so I'm not sure how to analyze this situation. I have tried running with sanitizers enabled but somehow the crash doesn't occur at all when running with them.

Will my app still be available in Europe as well as my subscription options if I identify as a non-trader? Basically, even when I identify as a non-trader: 1: My app will remain active in the App Store in whole Europe and everywhere else 2: My subscriptions will stay active and people will still be active to subscribe Is this correct? thank you!

Hello everyone, We have an iOS XCFramework that we distribute to our clients, and we're exploring ways to enhance its security. Specifically, we’d like to isolate the most sensitive code by running it in a separate process, making it harder to tamper with. During our research, we considered using XPC for iOS but found its functionality to be quite limited. We also explored App Extensions, but unfortunately, they cannot be integrated into an XCFramework. This leads us to the question: Is it possible to spawn a new process to run in parallel with the main one in iOS? If so, could you provide guidance or suggest alternative approaches to achieve this within the constraints of iOS development? Thank you in advance for your insights and advice! Best regards, Stoyan

I'm developing an authorization plugin for macOS and encountering a problem while trying to store a password in the system keychain (file-based keychain). The error message I'm receiving is: Failed to add password: Write permissions error. Operation status: -61 Here’s the code snippet I’m using: import Foundation import Security @objc class KeychainHelper: NSObject { @objc static func systemKeychain() -> SecKeychain? { var searchListQ: CFArray? = nil let err = SecKeychainCopyDomainSearchList(.system, &searchListQ) guard err == errSecSuccess else { return nil } let searchList = searchListQ! as! [SecKeychain] return searchList.first } @objc static func storePasswordInSpecificKeychain(service: String, account: String, password: String) -> OSStatus { guard let systemKeychainRef = systemKeychain() else { print("Error: Could not get a reference to the system keychain.") return errSecNoSuchKeychain } guard let passwordData = password.data(using: .utf8) else { print("Failed to convert password to data.") return errSecParam } let query: [String: Any] = [ kSecClass as String: kSecClassGenericPassword, kSecAttrService as String: service, kSecAttrAccount as String: account, kSecValueData as String: passwordData, kSecUseKeychain as String: systemKeychainRef // Specify the System Keychain ] let status = SecItemAdd(query as CFDictionary, nil) if status == errSecSuccess { print("Password successfully added to the System Keychain.") } else if status == errSecDuplicateItem { print("Item already exists. Consider updating it instead.") } else { print("Failed to add password: \(SecCopyErrorMessageString(status, nil) ?? "Unknown error" as CFString)") } return status } } I am callling storePasswordInSpecificKeychain through the objective-c code. I also used privileged in the authorizationDb (system.login.console). Are there specific permissions that need to be granted for an authorization plugin to modify the system keychain?

We have special use case, We have two apps, App A (Electron) and App B (Swift). App B when run independently works completely fine but when bundles with App A and shipped as dmg, App B doesn't prompt for microphone permission anymore. What can be issue? What's right way to ship both app together such that App B is hidden and launched through App A only? How can I figure out what changes after App B is bundled and comes with App A. Even if I produce dmg of App A and install it on same system, App B doesn't ask for microphone permission anymore.

Wondering if others have encountered this issue with PSSO 2.0. We are observing that if, after registration, a user changes their IDP password, they may be prompted for their previous password in order to unlock the Keychain. We are trying to determine if this is expected behavior or if there is a way to avoid it. To reproduce this, the flow would be as follows: user registers with PSSO user logs out and logs back in with their IDP password user is authenticated (and not prompted for previous password) user logs out user changes their IDP password on another machine user logs in and is prompted to use their previous password to unlock the Keychain. Failure to provide the previous password nukes the Keychain, which is not an outcome we want. Any insight anyone has on this issue would be most welcome. Thanks

Hello, I'm having a problem with taxes calculation for US, the thing is, for some very specific addresses the taxes are coming wrong because we don't have the full address before the authorization with Adyen (our payment provider), for example, when I put the address "1 Infinite Loop, CA, US, 95014" in my wallet, I'm not receiving the value "1 Infinite Loop" (addressLines[0]) in backend until we authorize in Adyen, but I need this field to calculate the taxes and show to the customer before the authorization. My question is, is there any way to have this field before the authorization? If not, you have any idea how other ecommerces that use ApplePay and Adyen handle with this problem? Thanks in advance!

Hello Developers, I have ran into a problem while sending mail to apple private relay email. We have built a mobile application where user can sign up through apple and they can sign up using hide-my-email feature. Which provides private relay address for us. Now we want to communicate with them using private relay mail address. The technology we are using to send emails are amazon SES, have done SPF, DMIK, DMARC and added domains in apple identity services for mail communication, passed an SPF check as well. But still mail is not getting delivered what am i doing wrong or apple doesn't support third party apps for sending emails to private relay? Is there any other way to achieve this please let me know Using the same body as attached in image is working fine for rest emails.

My test was conducted by changing the pink dice to have a 16 bit UUID using the ASKSampleAccessory app. Afterwards, I ran AccessorySetupKit Picker in the ASKSample app, but Pink dice was not found. We confirmed that Pink dice was searched well in other apps. Does AccessorySetupKit not support 16 bit UUID? AccessorySetupKit Sample code : https://developer.apple.com/documentation/AccessorySetupKit/authorizing-a-bluetooth-accessory-to-share-a-dice-roll

Hi everyone, I'm looking for a way to configure Passkey on iOS so that authentication is only possible using FaceID or TouchID. Specifically, I want to disable the use of passcodes and QR codes for authentication. Additionally, is there a method to detect if the authentication was done using a passcode or QR code? Thanks for your help!

I am trying to generate public and private keys for an ECDH handshake. Back end is using p256 for public key. I am getting a failed request with status 0 public func makeHandShake(completion: @escaping (Bool, String?) -> ()) { guard let config = self.config else { completion(false,APP_CONFIG_ERROR) return } var rData = HandshakeRequestTwo() let sessionValue = AppUtils().generateSessionID() rData.session = sessionValue //generating my ECDH Key Pair let sPrivateKey = P256.KeyAgreement.PrivateKey() let sPublicKey = sPrivateKey.publicKey let privateKeyBase64 = sPrivateKey.rawRepresentation.base64EncodedString() print("My Private Key (Base64): \(privateKeyBase64)") let publicKeyBase64 = sPublicKey.rawRepresentation.base64EncodedString() print("My Public Key (Base64): \(publicKeyBase64)") rData.value = sPublicKey.rawRepresentation.base64EncodedString() let encoder = JSONEncoder() do { let jsonData = try encoder.encode(rData) if let jsonString = String(data: jsonData, encoding: .utf8) { print("Request Payload: \(jsonString)") } } catch { print("Error encoding request model to JSON: \(error)") completion(false, "Error encoding request model") return } self.rsaReqResponseHandler(config: config, endpoint: config.services.handShake.endpoint, model: rData) { resToDecode, error in print("Response received before guard : \(resToDecode ?? "No response")") guard let responseString = resToDecode else { print("response string is nil") completion(false,error) return } print("response received: \(responseString)") let decoder = JSONDecoder() do { let request = try decoder.decode(DefaultResponseTwo.self, from: Data(responseString.utf8)) let msg = request.message let status = request.status == 1 ? true : false completion(status,msg) guard let serverPublicKeyBase64 = request.data?.value else { print("Server response is missing the value") completion(false, config.messages.serviceError) return } print("Server Public Key (Base64): \(serverPublicKeyBase64)") if serverPublicKeyBase64.isEmpty { print("Server public key is an empty string.") completion(false, config.messages.serviceError) return } guard let serverPublicKeyData = Data(base64Encoded: serverPublicKeyBase64) else { print("Failed to decode server public key from Base64. Data is invalid.") completion(false, config.messages.serviceError) return } print("Decoded server public key data: \(serverPublicKeyData)") guard let serverPublicKey = try? P256.KeyAgreement.PublicKey(rawRepresentation: serverPublicKeyData) else { print("Decoded server public key data is invalid for P-256 format.") completion(false, config.messages.serviceError) return } // Derive Shared Secret and AES Key let sSharedSecret = try sPrivateKey.sharedSecretFromKeyAgreement(with: serverPublicKey) // Derive AES Key from Shared Secret let symmetricKey = sSharedSecret.hkdfDerivedSymmetricKey( using: SHA256.self, salt: "AES".data(using: .utf8) ?? Data(), sharedInfo: Data(), outputByteCount: 32 ) // Storing AES Key in Config let symmetricKeyBase64 = symmetricKey.withUnsafeBytes { Data($0) }.base64EncodedString() print("Derived Key: \(symmetricKeyBase64)") self.config?.cryptoConfig.key = symmetricKeyBase64 AppUtils.Log(from: self, with: "Handshake Successful, AES Key Established") } catch { AppUtils.Log(from: self, with: "Handshake Failed :: \(error)") completion(false, self.config?.messages.serviceError) } } } this is request struct model public struct HandshakeRequestTwo: Codable { public var session: String? public var value: String? public enum CodingKeys: CodingKey { case session case value } public init(session: String? = nil, value: String? = nil) { self.session = session self.value = value } } This is backend's response {"message":"Success","status":1,"data":{"senderId":"POSTBANK","value":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErLxbfQzX+xnYVT1LLP5VOKtkMRVPRCoqYHcCRTM64EMEOaRU16yzsN+2PZMJc0HpdKNegJQZMmswZtg6U9JGVw=="}} This is my response struct model public struct DefaultResponseTwo: Codable { public var message: String? public var status: Int? public var data: HandshakeData? public init(message: String? = nil, status: Int? = nil, data: HandshakeData? = nil) { self.message = message self.status = status self.data = data } } public struct HandshakeData: Codable { public var senderId: String? public var value: String? public init(senderId: String? = nil, value: String? = nil) { self.senderId = senderId self.value = value } }

在我的蜂窝数据中出现了一个名为BusinessExtensionsWrapper的程序组件，是个灰色的点不动，我好奇这是什么程序组件，既然是系统自带的，为什么要隐藏呢？对隐私有威胁吗？

Hi everyone, I’m currently developing an MFA authorization plugin for macOS and am looking to implement a passwordless feature. The goal is to store the user's password securely when they log into the system through the authorization plugin. However, I’m facing an issue with using the system's login keychain (Data Protection Keychain), as it runs in the user context, which isn’t suitable for my case. Therefore, I need to store the password in a file-based keychain instead. Does anyone have experience or code snippets for objective-c for securely storing passwords in a file-based keychain (outside of the login keychain) on macOS? Specifically, I'm looking for a solution that would work within the context of a system-level authorization plugin. Any advice or sample code would be greatly appreciated! Thanks in advance!

Hello, I am currently implementing a biometric authentication registration flow using WebAuthn. I am using ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest, and I would like to know if there is a way to hide the "Save to another device" option that appears during the registration process. Specifically, I want to guide users to save the passkey only locally on their device, without prompting them to save it to iCloud Keychain or another device. If there is a way to hide this option or if there is a recommended approach to achieve this, I would greatly appreciate your guidance. Also, if this is not possible due to iOS version or API limitations, I would be grateful if you could share any best practices for limiting user options in this scenario. If anyone has experienced a similar issue, your advice would be very helpful. Thank you in advance.

Hello, I am currently working on implementing credential registration for biometric authentication using WebAuthn in an iOS app. I am using ASAuthorizationPlatformPublicKeyCredentialProvider to create a credential registration request based on the data retrieved from the WebAuthn options endpoint. At the moment, I am only using user.id, user.name, and challenge from the options response, and I am unsure how to utilize the other fields effectively. I would greatly appreciate advice on how to use the following fields: **Fields I would like to use: ** rp (Relying Party) I am retrieving id and name, but I am not sure how best to pass and utilize these fields. Is there an explicit way to use them? authenticatorSelection How can I set requireResidentKey and userVerification in ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest? Also, what are the specific benefits of using these fields? timeout Is there a way to reflect the timeout value in the credential registration request, and what would be the best way to handle this information in iOS? attestation The attestation field can contain values such as none or direct. How should I reflect this in the credential registration request for iOS? I would appreciate a sample implementation or guidance on the benefits of setting this field. extensions If I want to customize the authentication flow using the extensions field, how can I appropriately reflect this in iOS? For instance, how can I utilize extensions like credProps? pubKeyCredParams Regarding pubKeyCredParams, which is a list of supported public key algorithms, I am unsure how to use it to select an appropriate algorithm in iOS. How should I incorporate this information into the request? excludeCredentials I understand that setting excludeCredentials can prevent duplicate registration, but I am not sure how to use past credential information to set it effectively. Any advice on this would be appreciated. **Current Code ** Currently, I have implemented the following code, but I am struggling to understand how to add and configure the fields mentioned above. let publicKeyCredentialProvider = ASAuthorizationPlatformPublicKeyCredentialProvider( relyingPartyIdentifier: "www.example.com" ) let registrationRequest = publicKeyCredentialProvider.createCredentialRegistrationRequest( challenge: challenge, name: userId, userID: userIdData ) let authController = ASAuthorizationController(authorizationRequests: [registrationRequest]) authController.delegate = self authController.presentationContextProvider = self authController.performRequests() In addition to the above code, I would be grateful if anyone could advise on how to configure fields like rp, authenticatorSelection, attestation, extensions, and pubKeyCredParams as well. Furthermore, I would appreciate any insights into the benefits of setting each of these fields in iOS, and any security considerations to be aware of. If anyone has experience with this, your guidance would be extremely helpful. Thank you very much in advance!

I am researching to apply Apple Sign In to my app. I see response data from Apple just include user name and email (phone number is not required also), but currently my app has only one login method that is by phone number. So I would like to ask:
 Can I request an phone number (by an customize popup) from the user after Signin Apple successfully? If not then which approach that can I apply? Many thanks!

Is there a way to know the event of user unlocking on iOS Device in Application?

Hi everyone, I'm working on a macOS authorization plugin (NameAndPassword) to enable users to log into their system using only MFA, effectively making it passwordless. To achieve this, I'm attempting to store the user's password securely in the Keychain so it can be used when necessary without user input. However, when I attempt to store the password, I encounter error code -25308. Below is the code I'm using to save the password to the Keychain: objc code (void)storePasswordInKeychain:(NSString *)password forAccount:(NSString *)accountName { NSData *passwordData = [password dataUsingEncoding:NSUTF8StringEncoding]; NSDictionary *query = @{ (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword, (__bridge id)kSecAttrService: @"com.miniOrange.nameandpassword", (__bridge id)kSecAttrAccount: accountName, (__bridge id)kSecValueData: passwordData, (__bridge id)kSecAttrAccessible: (__bridge id)kSecAttrAccessibleAfterFirstUnlock }; // Delete any existing password for the account OSStatus deleteStatus = SecItemDelete((__bridge CFDictionaryRef)query); if (deleteStatus == errSecSuccess || deleteStatus == errSecItemNotFound) { [Logger debug:@"Old password entry deleted or not found."]; } else { [Logger error:@"Failed to delete existing password: %d", (int)deleteStatus]; } // Add the new password OSStatus addStatus = SecItemAdd((__bridge CFDictionaryRef)query, NULL); if (addStatus == errSecSuccess) { [Logger debug:@"Password successfully saved to the Keychain."]; } else { [Logger error:@"Failed to save password: %d", (int)addStatus]; } } Any insights or suggestions would be greatly appreciated!