I'm facing a bug about App Tracking Transparency permission, my app still shows this permission popup before, and that version was still working fine. I don't understand why today it doesn't show the permission popup anymore, is anyone else having the same problem?

In one of our applications we use LAContext's evaluatePolicy:localizedReason:reply: to authenticate a user. This works pretty well with both username/password and Touch ID. Now we have a request to add support for smart cards and I wonder if this is possible using LAContext. Otherwise I would use Authentication Services, although that might be a bit overkill since we don't need to request any rights, we just want to see that the user has been successfully authenticated. Or is there a better way? Any help would be greatly appreciated. Thanks, Marc

Hello. I am trying to give an update to my app but it again and again gets rejected due to the ATT Prompt. Before this late week I gave the update and it got live without any issue. Now I done some minor changes in the App. Apple Response. The app uses the AppTrackingTransparency framework, but we are unable to locate the App Tracking Transparency permission request when reviewed on iPadOS 18.2. Next Steps Explain where we can find the App Tracking Transparency permission request in the app. The request should appear before any data is collected that could be used to track the user. If App Tracking Transparency is implemented but the permission request is not appearing on devices running the latest operating system, review the available documentation and confirm App Tracking Transparency has been correctly implemented. If your app does not track users, update your app privacy information in App Store Connect to not declare tracking. You must have the Account Holder or Admin role to update app privacy information. My Response: Hello Apple Team Thank you for your feedback. We have tested the app on iPadOS 18.2, also on iPhone 18.1 and the App Tracking Transparency dialogue is appearing as expected on the main home screen when the user enters the app. To help demonstrate this, we’ve attached a video showing the ATT prompt in action. If there is still an issue with the dialogue or if it needs to be placed in a different position, we kindly request your guidance on what needs to be adjusted. Please let us know the details so we can address it promptly. Thank you for your support "I uploaded a video with images showcasing the ATT prompt but now again they rejected the update with the exact same reply. Which I am thinking it may be a bot reply. Now what to do how to solve it?

Hi! I've just opened Xcode and found that I can't build my app anymore. The error was about signing. Basically, there's no team in my account. Also, I've found that all my certificates have been revoked! I created my dev account a month ago and released only one macOS app. It's SecFolder (it's not self-promotion!!!). App not even in the App Store. I planned to self-distribute it. I'm in a little shock right now since I've just launched and had my first users. And of course, my app is now gone from their Macs, screaming "malware" popup in their faces now :( Since my app is all about paranoia security, this is basically a death sentence for my project... Could someone with experience in the Apple dev ecosystem help me understand what might have gone wrong? Why might Apple think that my app is malware or something? P.S. My app is about Advanced File Access Control for macOS. It gives user complete control over which applications can access specified by user files and folders

Friday we were preparing to publish our final build in TestFlight. Our developer informed me that the account holder had to agree to new terms and agreements. I am the sole user of this account, and tried to login (1 week ago I was still able to login). To my surprise I got the notification “account locked”, ”you need to reset your password”. I followed the required step: filling in the phone number on file (which is my phone number). After filling this in the page informed me that they’d get back to me in 1 day. On Saturday I received an email from no_reply@apple with the following “We have received the request for access to your account and we have denied access.” There was no further information in the email why this would be. I tried Apple support but they tell me they can not reactivate the account and I should apply for a new Apple ID. This sounds really strange as it would mean I would lose access to our currently published application forever? But in general I am just shocked how they can deny access to an account, which is even a paid one (Developer Program), and not help me out. I am able to supply all identification (passport). I have access to the email that we use to login. I have access to the mobile phone number that is connected for exactly this reason (two factor authentication). Anyone with similar experience and/or solutions?

I'm currently working on a project in Swift where I need to digitally sign a PDF file. I have the following resources available: Private Key stored in the iOS Keychain with a tag. Public Key also stored in the iOS Keychain with a tag. A valid certificate stored as a PEM string. I need to digitally sign a PDF file with the above keys and certificate, but I'm struggling to find a clear and straightforward example or guidance on how to achieve this in Swift. Specifically, I’m looking for help with: Creating the digital signature using the private key and certificate. Embedding this signature into the PDF file. Any considerations I should be aware of regarding the format of the signed PDF (e.g., CMS, PKCS7, etc.). If anyone has experience with digitally signing PDFs in Swift, I would greatly appreciate your guidance or code examples. Thank you in advance!

Hi everyone, I'm encountering an issue where the background location indicator remains visible on the status bar even though I have set the location permissions to Never for my app in the system settings. Despite taking all the necessary steps to stop location tracking (including stopping updates, geofencing, and other location-related services), the indicator still appears. This seems to be a bug since everything has been turned off on my end. Here’s what I’ve already tried: Setting location permissions to Never in the settings. Stopping startUpdatingLocation(), stopMonitoringSignificantLocationChanges(), and geofencing (using locationManager.stopMonitoringRegions()). Calling locationManager.showsBackgroundLocationIndicator = false. Ensuring that the CLLocationManager is fully invalidated. Despite all of this, the background location indicator still remains in the status bar. I’ve tested it on real devices, as well as in the simulator, with no improvement. Has anyone experienced something similar, or can suggest why this might be happening? Could this be related to an iOS 18+ issue? Any insights or guidance would be greatly appreciated.

我配置了 DKIM 和 amazon 的默认 spf。但无法使用 Amazon Send 获取电子邮件，则可以发送配置的单个电子邮件

I'm using the following code to store a Keychain item: SecAccessControlCreateWithFlags( kCFAllocatorDefault, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, .biometryAny, &error ) One of my app users reported an issue: 1. The user navigated to his iPhone’s Face ID settings and click `Reset Face ID`. 2. Then, before he set new Face ID, he accidentally tapped the "Back" button and returned to the iPhone Settings page. 3. He later reopened the Face ID setup page and completed the process. 4. Upon returning to my app, the Keychain item secured by Face ID was no longer found. I understand that .biometryAny may cause Keychain items to become invalidated when biometric data is reset. However, the user’s scenario — where the setup was temporarily interrupted — seems to have caused the item to disappear. 1. Is there a way to detect and handle such interruptions to prevent the Keychain item from being lost? 2. How can I design a better experience to guide the user in recreating the Keychain item when this occurs?

To apply for NFC & SE Platform entitlement, I need to provide information regarding licensed applets and TSM. However, I currently lack background knowledge in these areas. Could you provide me with an overview or examples of what licensed applets and TSM entail?

I am using SFAuthorizationPluginView in my Security agent plugin. My code expects that its willActivate method be called. With normal screensaver unlock, this works fine. However if I enter an invalid password, then enter the correct password, I never get the willActivate call. I have reproduced this with Quinn's LoginUIAuthPlugin from the QAuthPlugins example code. My mechanisms look like this with LoginUIAuthPlugin: mechanisms HyprAuthPlugin:invoke builtin:authenticate,privileged PKINITMechanism:auth,privileged LoginUIAuthPlugin:login CryptoTokenKit:login I would like to be able to get my plugin working properly when the user had previously entered an invalid password.

iOS 18.2 (22C152) My phone is currently on lockdown mode and I have gotten alerts from Experian that my information is on the dark web as well as having to reset all my accounts. However this has not fixed the issue. Even if I hard factory reset settings etc the root makes its way very shortly after, if not immediately. Though I recently got these notifications and purchased the phone in Feb. 2024 the has been an ongoing issue for a few years. I can elaborate if needed. To make it short I have a reinstalled root on my phone. Apple nor Spectrum (who I have my phone with) have been able to assist with this issue. I have been able to clarify this ”hijacking” with the Geek Squad who didn’t want their legal team involved when asking for a report so the PD can do an internal cyber investigation. So, I’ve just lived with it. Let me know what your thoughts to resolve this issue would be before spending thousands to find a resolution on my own. Side note before asked: what I’ve been told may be it’s ”gateway” is via “DNS hijacking” with WiFi or internally hotspot. I can also elaborate if needed-I’m not a web developer, however I do know where this issue stems from whom has their masters in such industry as well as 30 years experience. It’s annoying and inconvenient at this point and I’m looking for clarity, resolution and if no justice for the criminal then liability. thank you! please refrain from saying “APpLe CaNt bE hiJaCked“ ..

Hello, I'm developing a Command Line Tool in XCode, in order to capture system audio and save it to a file, which will then be used by a separate process. Everything works perfectly when running it from either XCode or the native terminal application (see image below), but as soon as I try to run it from any 3rd party application, it doesn't ask for permissions to record sound, and the resultant file ends up soundless. When archiving it and then running it from other 3rd party applications, e.g Warp (terminal) or spawning it as a child process from a bundled Electron application, it doesn't ask for permissions. Things of note: I've codesigned the application with "Developer ID Application" I've added NSAudioCaptureUsageDescriptionto Info.plist I've included Info.plist in the binary (see image below) I've added the com.apple.security.device.audio-input entitlement I've used the following resources as inspiration: https://github.com/insidegui/AudioCap https://developer.apple.com/documentation/coreaudio/capturing-system-audio-with-core-audio-taps As my use-case involves spawning the executable from Electron as a child process, I've tried to include the appropriate permissions to the parent application too, without success. I'm really at a loss here, it feels like I've tried everything. Any pointers are much appreciated! Thanks

I've tried all kinds of ways to get a SecKeyRef from the .p8 file I downloaded from my App Store Connect account. The key itself looks OK, as openssl gives this result: openssl asn1parse -in 359UpAdminKey.p8 0:d=0 hl=3 l= 147 cons: SEQUENCE 3:d=1 hl=2 l= 1 prim: INTEGER :00 6:d=1 hl=2 l= 19 cons: SEQUENCE 8:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 17:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 27:d=1 hl=2 l= 121 prim: OCTET STRING [HEX DUMP]:30... My method for creating the key is: '- (SecKeyRef)privateKeyFromP8:(NSURL *)p8FileURL error:(NSError **)error { // Read the .p8 file NSData *p8Data = [NSData dataWithContentsOfURL:p8FileURL options:0 error:error]; if (!p8Data) { return NULL; } // Convert P8 to base64 string, removing header/footer NSString *p8String = [[NSString alloc] initWithData:p8Data encoding:NSUTF8StringEncoding]; NSArray *lines = [p8String componentsSeparatedByString:@"\n"]; NSMutableString *base64String = [NSMutableString string]; for (NSString *line in lines) { if (![line containsString:@"PRIVATE KEY"]) { [base64String appendString:line]; } } // Decode base64 to raw key data NSData *keyData = [[NSData alloc] initWithBase64EncodedString:base64String options:0]; if (!keyData) { if (error) { *error = [NSError errorWithDomain:@"P8ImportError" code:1 userInfo:@{NSLocalizedDescriptionKey: @"Failed to decode base64 data"}]; } return NULL; } // Set up key parameters NSDictionary *attributes = @{ (__bridge NSString *)kSecAttrKeyType: (__bridge NSString *)kSecAttrKeyTypeECSECPrimeRandom, (__bridge NSString *)kSecAttrKeyClass: (__bridge NSString *)kSecAttrKeyClassPrivate, (__bridge NSString *)kSecAttrKeySizeInBits: @256 }; // Create SecKeyRef from the raw key data CFErrorRef keyError = NULL; SecKeyRef privateKey = SecKeyCreateWithData((__bridge CFDataRef)p8Data, (__bridge CFDictionaryRef)attributes, &keyError); if (!privateKey && keyError) { *error = (__bridge_transfer NSError *)keyError; NSError *bridgeError = (__bridge NSError *)keyError; if (error) { *error = bridgeError; // Pass the bridged error back to the caller } NSLog(@"Key Error: %@", bridgeError.localizedDescription); } return privateKey; } ` I get this error from SecKeyCreateWithData The operation couldn’t be completed. (OSStatus error -50 - EC private key creation from data failed) Filed a DTS incident, but they won't be back until after the New Year. I've tried all kinds of things. Various AI chatbots, etc. Nothing seems to be working. I'm sure the problem is something elementary, but have spent hours on this with no luck. Help, please.

I have configured DKIM and amazon's default spf. but can't get emails using Amazon Send, do I have to configure a custom domain name here for this to work, I'd like to get a definitive conclusion!

I am developing apps using NWJS framework, which access devices on the local network. I am doing this on Sequoia on Macos (Desktop). I have developed other apps using NWJS before, but on earlier versions of Macos. My issue is, I am unable to give my app permission to app to access devices on local network on one of the apps. Some background: Other apps which I have used which access devices on the local network, on first-time launching, have given a prompt asking me if I want to allow or deny access to local device for the app. However, on first-time launching (and many others after that), It simply says the device cannot be reached, and I never get a prompt asking me if I want to allow or deny access to local device for my app. In its barebones proof-of-concept stage of my app, I have an iframe who's src attribute is the IP address of a device known on the network with that address. I have tried the protocol https://192.168.1.99 and http://192.168.1.99 in the src attribute. This protocol works in another app I have built where upon first-time launch, I was able to get a prompt and give it the needed permission. If I check in System Settings > Privacy and Security > Network, the app doesn't appear where I can toggle a setting. I also am unable to explicitly add my app to the list. ** This worked for one app, but not another: In researching this issue, it was recommended that I add the following keys in info.plist: com.apple.developer.networking.multicast - boolean true NSLocalNetworkUsageDescription - string description NSNearbyInteractionUsageDescription - string description This worked for one of my apps, but not another, which has a nearly identical structure. In fact, other than CFBundleIdentifier, CFBundleDisplayName and CFBundleName, info.plist is identical. Why did this work one time, and how can I get my app to prompt for permission for local network access?

Hi, Just follow the related post to implement this method in the app, but it gave me error, like: "An SSL error has occurred and a secure connection to the server cannot be made" the info plist configuration like below, NSPinnedDomains mysite.com NSIncludesSubdomains NSPinnedCAIdentities SPKI-SHA256-BASE64 r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= The pub key is right for me, since it works when I use different pub key pinning through URLSession interface. So here, I dont know where to start the troubleshooting, any advice would be appreciated.

I don't know why? 🤷 My uuid and imi as well as ip have been leaked, I don't know what to do? Can someone help me?

Hi Guys, I want to access items.data file from this location **/Library/Caches/com.apple.findmy.fmipcore/Items.data ** Can anyone hlep me how to decrypt this file as this is encrypted now. Any help on this is highly appreciated. I want to access my own airtag data and this is the only way i believe. Thanks in advance.

Hello! Few month ago i did get hacked on my pc and then my android and iphone. Did get at notice that payments couldent draw. lucky I only had 240kr on lunar card that it did draw 200kr to a gift card. Did get mail from skrill that a account whas created with one of my Gmail’s. Tryed to log them out but window did keep close. Gmail did flag like crazy and wanted me to change pw. how the fuck when I lost control of my phone?!?!??! Just lock it god Damn. let’s make it short! I shared network to pc from my phone With usb. I don’t just think it whas a attacker program as Gmail did flag. I think I did get mirror linked on my android and maybe my iphone. Had a real struggle to reset my pc and phones before it worked. My iPhone drains battery like crazy and feels laggy sometimes. A non registered number whas added to two Gmail’s that they did try to change pw multiple times. did notice I Linux pc activity on my fb and some other stuff. My iphone do reboot still sometimes and every second reboot wifi/bluet can’t be activated and mobile share change pw as the original one did look. Next reboot all work and are the same again. Iam scared that iam still hacked or havent removed him from everything. How can I make sure that Iam still not mirror linked and that he or she can’t access anything? Sorry for the long text but iam scared as fuck.