Prioritize user privacy and data security in your app. Discuss best practices for data handling, user consent, and security measures to protect user information.

All subtopics
Posts under Privacy & Security topic

Post

Replies

Boosts

Views

Activity

Sign in with Apple user mapping after App Store app transfer when legacy sub values were not stored
Hello, We are preparing to transfer an App Store app from one Apple Developer account/team to another. Our iOS app uses Sign in with Apple. However, in our legacy implementation, we did not store the Apple user subject identifier (sub) for many existing Apple login users. Our service primarily matched users by email. After reviewing Apple’s app transfer and Sign in with Apple migration documentation, we understood that we should generate a transfer identifier for each Sign in with Apple user before transferring the app. We have now started collecting and storing the sub value, but many legacy Apple login users still do not have their original sub value stored in our database. We are concerned about two main cases: Legacy users whose original Apple sub value was never stored For these users, we may not be able to generate the required transfer identifier before the app transfer. If the user uses Private Relay, we are also concerned that the email address we receive after the transfer may not match the email address we previously stored. In that case, our backend may not be able to match the post-transfer Sign in with Apple login to the user’s existing account, and the user may be treated as a new account. Users whose sub value is stored, but who do not sign in during the migration period For some users, we do have the Apple sub value and may be able to generate the transfer identifier before the app transfer. However, we are not sure what happens if those users do not sign in during the available Sign in with Apple migration period after the app transfer. If they sign in only after that period has ended, will the post-transfer Sign in with Apple user still be reliably mapped to the original pre-transfer user? The scenario we are worried about is: A user originally signed in with Apple before the app transfer. The app is transferred to another Apple Developer account/team. The user does not sign in during the Sign in with Apple migration period. After the migration period has ended, the same user signs in with Apple again. Our backend receives a new Apple user identifier and/or a different Private Relay email address. Our backend cannot correlate that login with the user’s original service account. The user may be treated as a new user and may lose access to their existing profile, activity history, chats, purchases, or other account data. Could someone confirm the expected behavior? Questions: If we have a legacy sub value and generate the transfer identifier before the app transfer, can the user still be mapped to the original account if they do not sign in during the Sign in with Apple migration period? After the migration period has ended, does Apple provide any identifier, token claim, API response, or other mechanism that allows us to correlate the post-transfer Sign in with Apple user with the pre-transfer user? For legacy users whose original sub value was never stored, is there any Apple-provided way to recover or map those users after the app transfer? Can a Private Relay email address change as part of or after an App Store app transfer? Should we avoid using email as a stable identifier for this migration? Should we delay the app transfer until we implement our own account recovery and account re-linking flow for all Sign in with Apple users? Environment: Platform: iOS Development environment: Xcode Runtime: iOS Framework: AuthenticationServices Feature: Sign in with Apple Context: App Store Connect app transfer between Apple Developer teams/accounts This issue does not appear to be specific to a particular iOS or Xcode version. We expect the development and runtime environments to be using the latest available versions of Xcode, macOS, and iOS at the time of submission. Any guidance on the correct migration behavior and the recommended implementation approach would be greatly appreciated.
1
0
579
4w
[Apple Sign-In] How to handle missing transfer_sub and the 60-day migration limit during App Transfer?
Hello everyone, We are currently preparing for an App Transfer to a new Apple Developer account due to a corporate merger. We are trying to figure out the best way to handle Apple Sign-In user migration and would love to get some advice on our proposed fallback plan. 📌 Current Situation We need to transfer our app's ownership to a new corporate entity. The app heavily relies on Apple Sign-In. The Issue: We did not collect the transfer_sub values during our initial development phase. Although we started collecting them recently, we will not have them for all existing users by the time the transfer happens. 🚨 The Risk (The 60-Day Rule) Based on Apple's documentation, even if we provide the transfer_sub, users must log into the app within 60 days of the transfer to successfully migrate their accounts. This means that users who log in after 60 days, or those whose transfer_sub is missing, will fail the Apple migration process. They will be treated as "new users" and will lose access to their existing account data. 💡 Our Proposed Custom Recovery Flow Since we cannot rely entirely on Apple's automated migration, we are planning to build a custom internal account recovery process to prevent user drop-off: A user (who failed the migration or logged in after 60 days) attempts to use Apple Sign-In on the transferred app. Since the existing account isn't linked, Apple generates a new identifier (sub), and the user enters the new sign-up flow. During the sign-up process, we enforce a mandatory identity verification step (e.g., SMS phone number verification). We query our existing user database using this verified information. If a matching existing user is found: We interrupt the sign-up process and display a prompt: "An existing account was found. We will link your account." We then update our database by mapping the new Apple sub value to their existing account record, allowing them to log in seamlessly. ❓ My Questions App Review Risk: Could this manual mapping approach—overwriting the Apple sub on an existing account based on internal identity verification—violate any Apple guidelines or result in an App Store rejection? Shared Experiences: Has anyone dealt with missing transfer_sub values or the 60-day migration limit during an App Transfer? How did you mitigate user loss? Best Practices: Are there any alternative, safer, or more recommended workarounds for this scenario?
1
0
318
4w
Sign in with Apple after App Transfer: What happens if a user signs in after the 60-day migration period?
Hello everyone, I’m trying to better understand the expected behavior of Sign in with Apple after an app is transferred to another Apple Developer Team. Specifically, my question is about users who do not open or sign in to the app during the 60-day migration period after the app transfer. Here is the scenario we are concerned about: An existing user created an account using Sign in with Apple. The user is using a private relay email address. The app is transferred to another Apple Developer Team. The user does not sign in during the 60-day migration period. The user signs in again only after the 60-day period has ended. In this situation, is there any possibility that Apple may provide different user-related values compared to the values before the app transfer? For example, I am referring to values such as: sub private relay email address ID token claims any other API response value that may be used to identify the user The reason I’m asking is that if any of these values change after the transfer, our backend may not be able to match the user to the existing account in our database. In that case, the user could incorrectly be treated as a new user. My understanding is that the purpose of the Sign in with Apple migration process after an app transfer is to associate the user identifier from the original Team with the user identifier for the new Team. However, I would like to confirm what happens if the user was not processed during the 60-day migration period and signs in later. Do the values provided by Apple remain consistent in this case, or can they change after the migration period ends? If they can change, should we prepare our own account recovery or re-linking flow to handle these users? I would appreciate any clarification on Apple’s expected behavior and the recommended approach for this case. Thank you.
1
0
379
4w
Ability to bring the PSSO window to the front when using ASWebAuthenticationSession
During PSSO User Registration, we use ASWebAuthenticationSession for OIDC. If the user's default browser isn't Safari (e.g., Chrome), the browser window stays stuck on top of the PSSO UI after authentication. This confuses users because they can't see the final PSSO registration screen. Are there any native macOS window-management APIs we can call inside the session's completion handler to force the PSSO window back to the foreground?
1
0
240
4w
Authenticated Guest Mode on iPad
I saw the "Authenticated Guest Mode on iPad" in macOS 27. Is this related to PSSO Authenticated Guest Mode on macOS? Does it require cloud binding for a machine account like on macOS? How is it related to Shared iPad? Shared iPad requires supervised mode. Is there a new profile and keys? Where is this documented? Can you share information about how it works and how it can be tested?
1
0
141
4w
Sdk Suthorization
For a third-party ads SDK embedded in host apps: the ATT authorization status is determined at the app level, but our SDK initializes before the host app necessarily calls ATTrackingManager.requestTrackingAuthorization(). What's Apple's recommended pattern for: SDK initialization that's ATT-status-agnostic at launch Receiving a callback or notification when ATT status changes post-initialization, without polling Is there a system notification or delegate pattern for ATT status changes that SDKs should be using in iOS 27? — Divya Ravi, Senior iOS Engineer
1
0
208
4w
Troubleshooting SiwA server-to-server notifications
Are there any mechanisms to troubleshoot or test SiwA server-to-server notifications? I am not seeing any traffic from Apple for user account changes (e.g., revoking authorization for an app), but the URL that I have configured in my account matches my endpoint, it is available from the public internet, and other SiwA functions are working correctly. Any guidance will be appreciated.
1
0
106
4w
Recommendation for Authentication for the Enterprise with Identity Provider.
Throughout the years I've done a few integrations at my company with an iOS Application and an identity provider. I've implemented samples with UIWebView, WKWebview, Certificate based authentication through custom URLSession implementations and lastly through ASWebAuthentication. Also I gave the SSO Extension a try, but got stuck at some point (also Apple Forum didn't give me some solution -> https://developer.apple.com/forums/thread/117747) I'm having troubles digging through the Apple resources to find the best approach for big enterprises. We make use of a MDM solution, so I was hoping to find means to 'exploit it' and don't implement any custom authenticationframework anymore. Also, granting SSO between Apps and websites is what my ideal goal would be. Could you point me to some resources that can help me or give me some guidance on which of the frameworks/SDKs to use?
6
0
305
4w
Future of Behavioral Authentication on Apple Platforms
Future of Behavioral Authentication on Apple PlatformsWith the rapid advancement of on-device AI and Apple Intelligence, does Apple see a future where user identity can be continuously verified through behavioral patterns and contextual signals rather than relying solely on discrete authentication events such as Face ID, Touch ID, or passcodes? If so, what privacy and security challenges would need to be solved before such an approach could become practical on Apple platforms?
4
0
199
4w
Future of Behavioral Authentication on Apple Platforms
With the rapid advancement of on-device AI and Apple Intelligence, does Apple see a future where user identity can be continuously verified through behavioral patterns and contextual signals rather than relying solely on discrete authentication events such as Face ID, Touch ID, or passcodes? If so, what privacy, security, and battery-efficiency challenges would need to be solved before such an approach could become practical on Apple platforms?
1
0
113
4w
Can a third-party credential provider participate in the FIDO2 hybrid (cross-device) transport as the authenticator?
Hey there, I'm trying to building an iOS credential provider (ASCredentialProviderExtension, iOS 17+) that manages passkeys backed by keys generated in the Secure Enclave, attested via App Attest. My question is about the cross-device (FIDO2 hybrid / "passkey on a nearby device") flow, where a phone authenticates a sign-in initiated on a separate client device (e.g. a laptop browser). Specifically, Can a third-party credential provider serve as the authenticator in this flow, signing with its own key — or is the cross-device role reserved for iCloud Keychain? If it can, does the OS handle the BLE advertisement and tunnel/handshake on the provider's behalf? I ask because it seems like CBPeripheralManager.startAdvertising(_:) will not emit raw bytes, so an app can't emit a CTAP hybrid advert itself. If neither is supported, is there any supported API — including MDM-managed/supervised-device capabilities — for an app to act as a cross-device FIDO2 authenticator with a non-iCloud-Keychain key? Thanks!
1
0
276
4w
Requesting com.apple.developer.web-browser.public-key-credential entitlement for macOS WKWebView app
We have a macOS app (io.formhealth.SideCore) that acts as a browser-style wrapper, embedding multiple web applications in WKWebView panes. We need the com.apple.developer.web-browser.public-key-credential entitlement so that WebAuthn/passkey flows (e.g. Google OAuth) work within the embedded webviews. The capability doesn't appear on macOS App IDs in the developer portal, and the entitlement request form at developer.apple.com/contact/request/system-extension returns "Your account can't access this page." What's the correct process to request this entitlement for a non-App-Store macOS app?
1
0
213
Jun ’26
AutoFill extension loading woes
I'm trying to diagnose some issues with my AutoFill credential provider not loading on macOS. As far as I can tell I have all the entitlements and provisioning profiles correct, and ASSettingsHelper.requestToTurnOnCredentialProviderExtension() returns true with the Credential Provider showing up enabled in System Settings. However all other attempts to call into AuthenticationServices fail, and ASCredentialIdentityStore.shared.getState() always returns false for state.isEnabled Looking at the logs I don't see anything that stands out but I am not sure I've got the correct filter on the logs. I see discovery taking place 2026-05-29 08:43:09.389967-0700 0xd7d00 Default 0x83c0b1 26490 0 CredentialProviderExtensionHelper: (PlugInKit) [com.apple.PlugInKit:discovery] [d 88616305-672E-4143-81A6-832522BCD790] <PKHost:0x7e6c24900> Beginning discovery for flags: 0, point: com.apple.authentication-services-credential-provider-ui 2026-05-29 08:43:09.390070-0700 0xd7d00 Info 0x83c0b1 26490 0 CredentialProviderExtensionHelper: (PlugInKit) [com.apple.PlugInKit:discovery] [d 88616305-672E-4143-81A6-832522BCD790] <PKHost:0x7e6c24900> Query: { "LS:ExtensionPlatforms" = ( 1, 6, 2 ); NSExtensionPointName = "com.apple.authentication-services-credential-provider-ui"; NSUserElection = 1; } 2026-05-29 08:43:09.392893-0700 0xd79ee Debug 0x83c0b1 487 0 pkd: (PlugInKit) [com.apple.PlugInKit:sandbox] issued file extension for [/Applications/test.app/Contents/PlugIns/testIDCredentialProvider.appex] 2026-05-29 08:43:09.392936-0700 0xd79ee Debug 0x83c0b1 487 0 pkd: (PlugInKit) [com.apple.PlugInKit:ls] [u C85BFC1E-25E1-4917-A1D8-0123013482EE] [com.myapp.test.App.testid-credential-provider(7.35)] info [CFBundleIdentifier] => [com.myapp.test.App.testid-credential-provider] 2026-05-29 08:43:09.392947-0700 0xd79ee Debug 0x83c0b1 487 0 pkd: (PlugInKit) [com.apple.PlugInKit:sandbox] issued mach extension for [com.myapp.test.App.testid-credential-provider] And I see it being discovered correctly: 2026-05-29 08:43:09.394535-0700 0xd7d00 Default 0x83c0b2 26490 0 CredentialProviderExtensionHelper: (ExtensionFoundation) [com.apple.extensionkit:NSExtension] discovered extensions: attributes { "LS:ExtensionPlatforms" = ( 1, 6, 2 ); NSExtensionPointName = "com.apple.authentication-services-credential-provider-ui"; NSUserElection = 1; }, extensionSet {( <EXConcreteExtension: 0x7e71b41c0> {id = com.myapp.test.App.testid-credential-provider} )} I don't see any errors related to security or provisioning that I can tell. Any tricks I can use to see why I can't use my Credential Provider?
4
0
740
Jun ’26
PCC VRE: 403 Forbidden when downloading SW Release 41303
Is anyone else seeing 403 errors for PCC VRE when trying to pull assets for Release 41303? My pccvre audit of the Transparency Log passes (valid root digests for 41385), but the download fails consistently on specific CDN URLs: Failed to download SW release asset... response: 403 I’ve verified csrutil allow-research-guests is active and the license is accepted. Release 41385 seems fine, but 41303 is a brick wall. Is this a known pull-back or a CDN permissions sync issue?
1
0
504
Jun ’26
Sign in with Apple user mapping after App Store app transfer when legacy sub values were not stored
Hello, We are preparing to transfer an App Store app from one Apple Developer account/team to another. Our iOS app uses Sign in with Apple. However, in our legacy implementation, we did not store the Apple user subject identifier (sub) for many existing Apple login users. Our service primarily matched users by email. After reviewing Apple’s app transfer and Sign in with Apple migration documentation, we understood that we should generate a transfer identifier for each Sign in with Apple user before transferring the app. We have now started collecting and storing the sub value, but many legacy Apple login users still do not have their original sub value stored in our database. We are concerned about two main cases: Legacy users whose original Apple sub value was never stored For these users, we may not be able to generate the required transfer identifier before the app transfer. If the user uses Private Relay, we are also concerned that the email address we receive after the transfer may not match the email address we previously stored. In that case, our backend may not be able to match the post-transfer Sign in with Apple login to the user’s existing account, and the user may be treated as a new account. Users whose sub value is stored, but who do not sign in during the migration period For some users, we do have the Apple sub value and may be able to generate the transfer identifier before the app transfer. However, we are not sure what happens if those users do not sign in during the available Sign in with Apple migration period after the app transfer. If they sign in only after that period has ended, will the post-transfer Sign in with Apple user still be reliably mapped to the original pre-transfer user? The scenario we are worried about is: A user originally signed in with Apple before the app transfer. The app is transferred to another Apple Developer account/team. The user does not sign in during the Sign in with Apple migration period. After the migration period has ended, the same user signs in with Apple again. Our backend receives a new Apple user identifier and/or a different Private Relay email address. Our backend cannot correlate that login with the user’s original service account. The user may be treated as a new user and may lose access to their existing profile, activity history, chats, purchases, or other account data. Could someone confirm the expected behavior? Questions: If we have a legacy sub value and generate the transfer identifier before the app transfer, can the user still be mapped to the original account if they do not sign in during the Sign in with Apple migration period? After the migration period has ended, does Apple provide any identifier, token claim, API response, or other mechanism that allows us to correlate the post-transfer Sign in with Apple user with the pre-transfer user? For legacy users whose original sub value was never stored, is there any Apple-provided way to recover or map those users after the app transfer? Can a Private Relay email address change as part of or after an App Store app transfer? Should we avoid using email as a stable identifier for this migration? Should we delay the app transfer until we implement our own account recovery and account re-linking flow for all Sign in with Apple users? Environment: Platform: iOS Development environment: Xcode Runtime: iOS Framework: AuthenticationServices Feature: Sign in with Apple Context: App Store Connect app transfer between Apple Developer teams/accounts This issue does not appear to be specific to a particular iOS or Xcode version. We expect the development and runtime environments to be using the latest available versions of Xcode, macOS, and iOS at the time of submission. Any guidance on the correct migration behavior and the recommended implementation approach would be greatly appreciated.
Replies
1
Boosts
0
Views
579
Activity
4w
[Apple Sign-In] How to handle missing transfer_sub and the 60-day migration limit during App Transfer?
Hello everyone, We are currently preparing for an App Transfer to a new Apple Developer account due to a corporate merger. We are trying to figure out the best way to handle Apple Sign-In user migration and would love to get some advice on our proposed fallback plan. 📌 Current Situation We need to transfer our app's ownership to a new corporate entity. The app heavily relies on Apple Sign-In. The Issue: We did not collect the transfer_sub values during our initial development phase. Although we started collecting them recently, we will not have them for all existing users by the time the transfer happens. 🚨 The Risk (The 60-Day Rule) Based on Apple's documentation, even if we provide the transfer_sub, users must log into the app within 60 days of the transfer to successfully migrate their accounts. This means that users who log in after 60 days, or those whose transfer_sub is missing, will fail the Apple migration process. They will be treated as "new users" and will lose access to their existing account data. 💡 Our Proposed Custom Recovery Flow Since we cannot rely entirely on Apple's automated migration, we are planning to build a custom internal account recovery process to prevent user drop-off: A user (who failed the migration or logged in after 60 days) attempts to use Apple Sign-In on the transferred app. Since the existing account isn't linked, Apple generates a new identifier (sub), and the user enters the new sign-up flow. During the sign-up process, we enforce a mandatory identity verification step (e.g., SMS phone number verification). We query our existing user database using this verified information. If a matching existing user is found: We interrupt the sign-up process and display a prompt: "An existing account was found. We will link your account." We then update our database by mapping the new Apple sub value to their existing account record, allowing them to log in seamlessly. ❓ My Questions App Review Risk: Could this manual mapping approach—overwriting the Apple sub on an existing account based on internal identity verification—violate any Apple guidelines or result in an App Store rejection? Shared Experiences: Has anyone dealt with missing transfer_sub values or the 60-day migration limit during an App Transfer? How did you mitigate user loss? Best Practices: Are there any alternative, safer, or more recommended workarounds for this scenario?
Replies
1
Boosts
0
Views
318
Activity
4w
Sign in with Apple after App Transfer: What happens if a user signs in after the 60-day migration period?
Hello everyone, I’m trying to better understand the expected behavior of Sign in with Apple after an app is transferred to another Apple Developer Team. Specifically, my question is about users who do not open or sign in to the app during the 60-day migration period after the app transfer. Here is the scenario we are concerned about: An existing user created an account using Sign in with Apple. The user is using a private relay email address. The app is transferred to another Apple Developer Team. The user does not sign in during the 60-day migration period. The user signs in again only after the 60-day period has ended. In this situation, is there any possibility that Apple may provide different user-related values compared to the values before the app transfer? For example, I am referring to values such as: sub private relay email address ID token claims any other API response value that may be used to identify the user The reason I’m asking is that if any of these values change after the transfer, our backend may not be able to match the user to the existing account in our database. In that case, the user could incorrectly be treated as a new user. My understanding is that the purpose of the Sign in with Apple migration process after an app transfer is to associate the user identifier from the original Team with the user identifier for the new Team. However, I would like to confirm what happens if the user was not processed during the 60-day migration period and signs in later. Do the values provided by Apple remain consistent in this case, or can they change after the migration period ends? If they can change, should we prepare our own account recovery or re-linking flow to handle these users? I would appreciate any clarification on Apple’s expected behavior and the recommended approach for this case. Thank you.
Replies
1
Boosts
0
Views
379
Activity
4w
Ability to bring the PSSO window to the front when using ASWebAuthenticationSession
During PSSO User Registration, we use ASWebAuthenticationSession for OIDC. If the user's default browser isn't Safari (e.g., Chrome), the browser window stays stuck on top of the PSSO UI after authentication. This confuses users because they can't see the final PSSO registration screen. Are there any native macOS window-management APIs we can call inside the session's completion handler to force the PSSO window back to the foreground?
Replies
1
Boosts
0
Views
240
Activity
4w
Authenticated Guest Mode on iPad
I saw the "Authenticated Guest Mode on iPad" in macOS 27. Is this related to PSSO Authenticated Guest Mode on macOS? Does it require cloud binding for a machine account like on macOS? How is it related to Shared iPad? Shared iPad requires supervised mode. Is there a new profile and keys? Where is this documented? Can you share information about how it works and how it can be tested?
Replies
1
Boosts
0
Views
141
Activity
4w
PSSO Tap to login
There wasn't any update on the tap to login. Has the spec on tap to login been finalized? Can wallet passes now be issued to authenticate to macOS using tap to login?
Replies
1
Boosts
0
Views
117
Activity
4w
Entra-based Platform SSO groups
Are there current plans to implement Microsoft 365 groups with Platform SSO to control administrator access in macOS 27? If so, would you be able to provide a rough estimate of when we can expect changes to be implemented by identity providers?
Replies
1
Boosts
0
Views
93
Activity
4w
SDK tracking Authorization
When a host app hasn't implemented ATT at all — which is still common in enterprise apps — what's the expected behavior for third-party SDKs that rely on tracking authorization? Should the SDK default to notDetermined handling indefinitely, or is there a recommended fallback experience?
Replies
1
Boosts
0
Views
103
Activity
4w
Sdk Suthorization
For a third-party ads SDK embedded in host apps: the ATT authorization status is determined at the app level, but our SDK initializes before the host app necessarily calls ATTrackingManager.requestTrackingAuthorization(). What's Apple's recommended pattern for: SDK initialization that's ATT-status-agnostic at launch Receiving a callback or notification when ATT status changes post-initialization, without polling Is there a system notification or delegate pattern for ATT status changes that SDKs should be using in iOS 27? — Divya Ravi, Senior iOS Engineer
Replies
1
Boosts
0
Views
208
Activity
4w
Troubleshooting SiwA server-to-server notifications
Are there any mechanisms to troubleshoot or test SiwA server-to-server notifications? I am not seeing any traffic from Apple for user account changes (e.g., revoking authorization for an app), but the URL that I have configured in my account matches my endpoint, it is available from the public internet, and other SiwA functions are working correctly. Any guidance will be appreciated.
Replies
1
Boosts
0
Views
106
Activity
4w
Recommendation for Authentication for the Enterprise with Identity Provider.
Throughout the years I've done a few integrations at my company with an iOS Application and an identity provider. I've implemented samples with UIWebView, WKWebview, Certificate based authentication through custom URLSession implementations and lastly through ASWebAuthentication. Also I gave the SSO Extension a try, but got stuck at some point (also Apple Forum didn't give me some solution -> https://developer.apple.com/forums/thread/117747) I'm having troubles digging through the Apple resources to find the best approach for big enterprises. We make use of a MDM solution, so I was hoping to find means to 'exploit it' and don't implement any custom authenticationframework anymore. Also, granting SSO between Apps and websites is what my ideal goal would be. Could you point me to some resources that can help me or give me some guidance on which of the frameworks/SDKs to use?
Replies
6
Boosts
0
Views
305
Activity
4w
Future of Behavioral Authentication on Apple Platforms
Future of Behavioral Authentication on Apple PlatformsWith the rapid advancement of on-device AI and Apple Intelligence, does Apple see a future where user identity can be continuously verified through behavioral patterns and contextual signals rather than relying solely on discrete authentication events such as Face ID, Touch ID, or passcodes? If so, what privacy and security challenges would need to be solved before such an approach could become practical on Apple platforms?
Replies
4
Boosts
0
Views
199
Activity
4w
future of authentication
do you see a future where devices continuously verify a user’s identity through behavioral signals rather than discrete login events?
Replies
1
Boosts
0
Views
110
Activity
4w
behavioral biometrics authentication
with the advancement of on-device ai, do you see a future where devices continuously verify a user’s identity through behavioral patterns rather than discrete authentication events such as Face ID or password entry?
Replies
1
Boosts
0
Views
106
Activity
4w
Future of Behavioral Authentication on Apple Platforms
With the rapid advancement of on-device AI and Apple Intelligence, does Apple see a future where user identity can be continuously verified through behavioral patterns and contextual signals rather than relying solely on discrete authentication events such as Face ID, Touch ID, or passcodes? If so, what privacy, security, and battery-efficiency challenges would need to be solved before such an approach could become practical on Apple platforms?
Replies
1
Boosts
0
Views
113
Activity
4w
Kerberos updates
Are there any Kerberos feature or behavior changes in macOS 27?
Replies
2
Boosts
1
Views
145
Activity
4w
Can a third-party credential provider participate in the FIDO2 hybrid (cross-device) transport as the authenticator?
Hey there, I'm trying to building an iOS credential provider (ASCredentialProviderExtension, iOS 17+) that manages passkeys backed by keys generated in the Secure Enclave, attested via App Attest. My question is about the cross-device (FIDO2 hybrid / "passkey on a nearby device") flow, where a phone authenticates a sign-in initiated on a separate client device (e.g. a laptop browser). Specifically, Can a third-party credential provider serve as the authenticator in this flow, signing with its own key — or is the cross-device role reserved for iCloud Keychain? If it can, does the OS handle the BLE advertisement and tunnel/handshake on the provider's behalf? I ask because it seems like CBPeripheralManager.startAdvertising(_:) will not emit raw bytes, so an app can't emit a CTAP hybrid advert itself. If neither is supported, is there any supported API — including MDM-managed/supervised-device capabilities — for an app to act as a cross-device FIDO2 authenticator with a non-iCloud-Keychain key? Thanks!
Replies
1
Boosts
0
Views
276
Activity
4w
Requesting com.apple.developer.web-browser.public-key-credential entitlement for macOS WKWebView app
We have a macOS app (io.formhealth.SideCore) that acts as a browser-style wrapper, embedding multiple web applications in WKWebView panes. We need the com.apple.developer.web-browser.public-key-credential entitlement so that WebAuthn/passkey flows (e.g. Google OAuth) work within the embedded webviews. The capability doesn't appear on macOS App IDs in the developer portal, and the entitlement request form at developer.apple.com/contact/request/system-extension returns "Your account can't access this page." What's the correct process to request this entitlement for a non-App-Store macOS app?
Replies
1
Boosts
0
Views
213
Activity
Jun ’26
AutoFill extension loading woes
I'm trying to diagnose some issues with my AutoFill credential provider not loading on macOS. As far as I can tell I have all the entitlements and provisioning profiles correct, and ASSettingsHelper.requestToTurnOnCredentialProviderExtension() returns true with the Credential Provider showing up enabled in System Settings. However all other attempts to call into AuthenticationServices fail, and ASCredentialIdentityStore.shared.getState() always returns false for state.isEnabled Looking at the logs I don't see anything that stands out but I am not sure I've got the correct filter on the logs. I see discovery taking place 2026-05-29 08:43:09.389967-0700 0xd7d00 Default 0x83c0b1 26490 0 CredentialProviderExtensionHelper: (PlugInKit) [com.apple.PlugInKit:discovery] [d 88616305-672E-4143-81A6-832522BCD790] <PKHost:0x7e6c24900> Beginning discovery for flags: 0, point: com.apple.authentication-services-credential-provider-ui 2026-05-29 08:43:09.390070-0700 0xd7d00 Info 0x83c0b1 26490 0 CredentialProviderExtensionHelper: (PlugInKit) [com.apple.PlugInKit:discovery] [d 88616305-672E-4143-81A6-832522BCD790] <PKHost:0x7e6c24900> Query: { "LS:ExtensionPlatforms" = ( 1, 6, 2 ); NSExtensionPointName = "com.apple.authentication-services-credential-provider-ui"; NSUserElection = 1; } 2026-05-29 08:43:09.392893-0700 0xd79ee Debug 0x83c0b1 487 0 pkd: (PlugInKit) [com.apple.PlugInKit:sandbox] issued file extension for [/Applications/test.app/Contents/PlugIns/testIDCredentialProvider.appex] 2026-05-29 08:43:09.392936-0700 0xd79ee Debug 0x83c0b1 487 0 pkd: (PlugInKit) [com.apple.PlugInKit:ls] [u C85BFC1E-25E1-4917-A1D8-0123013482EE] [com.myapp.test.App.testid-credential-provider(7.35)] info [CFBundleIdentifier] => [com.myapp.test.App.testid-credential-provider] 2026-05-29 08:43:09.392947-0700 0xd79ee Debug 0x83c0b1 487 0 pkd: (PlugInKit) [com.apple.PlugInKit:sandbox] issued mach extension for [com.myapp.test.App.testid-credential-provider] And I see it being discovered correctly: 2026-05-29 08:43:09.394535-0700 0xd7d00 Default 0x83c0b2 26490 0 CredentialProviderExtensionHelper: (ExtensionFoundation) [com.apple.extensionkit:NSExtension] discovered extensions: attributes { "LS:ExtensionPlatforms" = ( 1, 6, 2 ); NSExtensionPointName = "com.apple.authentication-services-credential-provider-ui"; NSUserElection = 1; }, extensionSet {( <EXConcreteExtension: 0x7e71b41c0> {id = com.myapp.test.App.testid-credential-provider} )} I don't see any errors related to security or provisioning that I can tell. Any tricks I can use to see why I can't use my Credential Provider?
Replies
4
Boosts
0
Views
740
Activity
Jun ’26
PCC VRE: 403 Forbidden when downloading SW Release 41303
Is anyone else seeing 403 errors for PCC VRE when trying to pull assets for Release 41303? My pccvre audit of the Transparency Log passes (valid root digests for 41385), but the download fails consistently on specific CDN URLs: Failed to download SW release asset... response: 403 I’ve verified csrutil allow-research-guests is active and the license is accepted. Release 41385 seems fine, but 41303 is a brick wall. Is this a known pull-back or a CDN permissions sync issue?
Replies
1
Boosts
0
Views
504
Activity
Jun ’26