Hello, I run a website that's using FIDO for user logins. A lot of our users set up their device-bound passkeys back when they were on iOS 15. Now that they're moving to iOS 16, I'm trying to figure out what happens with those passkeys. Here's my question: When these users upgrade to iOS 16 and start using other devices, how does iOS handle their existing passkeys? Do they see both the old device-bound and the new synced passkeys in the UI, or does it somehow merge them? This might not be an issue in the latest iOS 17, but I'm interested in knowing if it could occur in earlier versions like iOS 16. I'm aiming to make this transition to synced passkeys as smooth as possible for my users and just want to make sure I understand the UX changes that come with iOS 16. Thanks!

Hi Team, I have developed a smartcard driver which is working fine when inserting USB mouse, So here is the process I followed for smartcard driver: Smartcard driver(IFdHandler) has info.plist which contains vendor Id and product ID attributes Mentioned vendor Id and product ID of USB mouse which one is going to be connected to device(Mac) in info.plist, Build the IFDdriver and replace it to path - /usr/local/libexec/SmartCardServices/drivers/ Once Inserting USB mouse I am getting smart card pairing notification on Mac This scenario is working fine and able to achieve following changes on Mac device - Getting Smart card notification for pairing on Mac device After Pairing , Password field on Login Screen changes to PIN field But I want smartcard driver(IFDHandler) to be trigger via bluetooth connection from iPhone or android instead via USB Is there any way to achieve This? Reference for USB driver smart card driver - https://github.com/frankmorgner/vsmartcard/blob/master/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c

Could you help me to understand this crash: Thread 22 Crashed: 0 libsystem_kernel.dylib 0x00000001e9ee2974 __pthread_kill + 8 (:-1) 1 libsystem_pthread.dylib 0x00000001fd9650ec pthread_kill + 268 (pthread.c:1717) 2 libsystem_c.dylib 0x00000001a9933c14 __abort + 136 (abort.c:159) 3 libsystem_c.dylib 0x00000001a9933b8c abort + 192 (abort.c:126) 4 libsystem_malloc.dylib 0x00000001b1b5ec68 malloc_vreport + 896 (malloc_printf.c:251) 5 libsystem_malloc.dylib 0x00000001b1b5ef10 malloc_zone_error + 104 (malloc_printf.c:319) 6 libsystem_malloc.dylib 0x00000001b1b54a44 nanov2_guard_corruption_detected + 44 (nanov2_malloc.c:2425) 7 libsystem_malloc.dylib 0x00000001b1b3b6f0 nanov2_allocate_from_block + 352 (nanov2_malloc.c:2543) 8 libsystem_malloc.dylib 0x00000001b1b3b418 nanov2_find_block_and_allocate + 1172 (nanov2_malloc.c:2797) 9 libsystem_malloc.dylib 0x00000001b1b3aeec nanov2_allocate_outlined + 252 (nanov2_malloc.c:2955) 10 CoreFoundation 0x00000001a1980ab8 _CFRuntimeCreateInstance + 448 (CFRuntime.c:791) 11 CoreFoundation 0x00000001a19e0b5c __CFDataInit + 172 (CFData.c:444) 12 Security 0x00000001aa14607c createNormalizedX501Name + 56 (SecCertificate.c:1277) 13 Security 0x00000001aa1458ec SecCertificateParse + 820 (SecCertificate.c:1658) 14 Security 0x00000001aa145594 SecCertificateCreateWithBytes + 124 (SecCertificate.c:1807) 15 libboringssl.dylib 0x00000001d2c9287c boringssl_helper_copy_certificates_from_CRYPTO_BUFFERs + 196 (boringssl_helper.m:148) 16 libboringssl.dylib 0x00000001d2c913ac boringssl_session_set_peer_verification_state_from_session + 160 (boringssl_session.m:446) 17 libboringssl.dylib 0x00000001d2ca09a4 boringssl_context_certificate_verify_callback + 528 (boringssl_context.m:1861) 18 libboringssl.dylib 0x00000001d2ca0618 bssl::ssl_verify_peer_cert(bssl::SSL_HANDSHAKE*) + 372 (handshake.cc:395) 19 libboringssl.dylib 0x00000001d2c8da68 bssl::ssl_client_handshake(bssl::SSL_HANDSHAKE*) + 3112 (handshake_client.cc:1956) 20 libboringssl.dylib 0x00000001d2c7f22c bssl::ssl_run_handshake(bssl::SSL_HANDSHAKE*, bool*) + 376 (handshake.cc:764) 21 libboringssl.dylib 0x00000001d2c8cd90 SSL_do_handshake + 80 (ssl_lib.cc:874) 22 libboringssl.dylib 0x00000001d2c8caec boringssl_session_handshake_continue + 108 (boringssl_session.m:262) 23 libboringssl.dylib 0x00000001d2c743e0 nw_protocol_boringssl_handshake_negotiate + 120 (protocol_boringssl.m:803) 24 libboringssl.dylib 0x00000001d2c715d4 nw_boringssl_read + 3144 (protocol_boringssl.m:700) 25 libboringssl.dylib 0x00000001d2c708e0 nw_protocol_boringssl_input_available + 348 (protocol_boringssl.m:1435) 26 libusrtcp.dylib 0x00000002155f6554 nw_protocol_tcp_wake_read + 396 (protocol_tcp.c:324) 27 libusrtcp.dylib 0x00000002155f504c nw_protocol_tcp_input_flush + 108 (protocol_tcp.c:2034) 28 Network 0x00000001a1ecc2b8 nw_channel_update_input_source(nw_channel*, nw_protocol*, bool) + 7872 (channel.cpp:1483) 29 Network 0x00000001a2824180 invocation function for block in nw_channel_create(nw_context*, unsigned char*, unsigned int, void*, unsigned int, bool, bool, bool*) + 72 (channel.cpp:2545) 30 libdispatch.dylib 0x00000001a987add4 _dispatch_client_callout + 20 (object.m:576) 31 libdispatch.dylib 0x00000001a987e2d8 _dispatch_continuation_pop + 600 (queue.c:321) 32 libdispatch.dylib 0x00000001a98921c8 _dispatch_source_latch_and_call + 420 (source.c:596) 33 libdispatch.dylib 0x00000001a9890d8c _dispatch_source_invoke + 832 (source.c:961) 34 libdispatch.dylib 0x00000001a9884284 _dispatch_workloop_invoke + 1756 (queue.c:4570) 35 libdispatch.dylib 0x00000001a988dcb4 _dispatch_root_queue_drain_deferred_wlh + 288 (queue.c:6998) 36 libdispatch.dylib 0x00000001a988d528 _dispatch_workloop_worker_thread + 404 (queue.c:6592) 37 libsystem_pthread.dylib 0x00000001fd960f20 _pthread_wqthread + 288 (pthread.c:2665) 38 libsystem_pthread.dylib 0x00000001fd960fc0 start_wqthread + 8 (:-1)

Hi Team, I have developed a smartcard driver which is working fine when inserting USB mouse, So here is the process I followed for smartcard driver Smartcard driver(IFdHandler) has info.plist which contains vendor Id and product ID attributes Mentioned vendor Id and product ID of USB mouse which one is going to be connected to device(Mac) in info.plist, Build the IFDdriver and replace it to path - /usr/local/libexec/SmartCardServices/drivers/ Once Inserting USB mouse I am getting smart card pairing notification on Mac This scenario is working fine and able to achieve following changes on Mac device - Getting Smart card notification for pairing on Mac device After Pairing , Password field on Login Screen changes to PIN field But I want smartcard driver(IFDHandler) to be trigger via bluetooth connection from iPhone or android instead via USB Is there any way to achieve This? Reference for USB driver smart card driver - https://github.com/frankmorgner/vsmartcard/blob/master/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c

I'm building an iOS app using Swift, designed to run on iOS 16 and later and I'm curious about accessing battery health information directly from the device. Specifically, I'm interested in retrieving details such as the maximum battery capacity and app usage statistics for my application. Is it possible to programmatically obtain this data within my app? Any guidance would be helpful. Thank you for your assistance!"

Our product includes a sudo plugin so we can apply user-defined policies to manage privileged access to command line programs. We’ve been getting reports where the plugin sometimes doesn't get invoked and the sudo command falls back to its default behavior. This seems to only be happening intermittently, but when the issue does occur, this message appears in the Console: Library Validation failed: Rejecting '/usr/local/libexec/sudo/<our_plugin>.so' (Team ID: <OURTEAMID>, platform: no) for process 'sudo(<pid>)’ (Team ID: N/A, platform: yes), reason: mapping process is a platform binary, but mapped file is not I recall a previous discussion of this message (that I can’t locate now), which explained that although the host process has library validation disabled, the code flow raises an error anyway, so that the host process can detect it and bypass the validation to load the plugin. It looks like that's what sudo is doing: it has the private entitlement com.apple.private.security.clear-library-validation and makes the appropriate system call when the plugin initially fails to load [1] — but apparently this isn't working reliably for our sudo plugin. We’ve observed that restarting the Mac generally resolves the issue, at least for a while. This resembles the “classic symptom of a code signing oddity” where the signature is cached and the Mach-O image is rewritten rather than replaced (as documented in Updating Mac Software). But our software uses an Installer package for updates as well as initial installation, and the Installer is documented as not having this issue, so I believe the problem lies somewhere else. I’m running out of ideas; are there any other avenues I should investigate? Thanks for any help. [1] This is described in an article called "About com.apple.private.security.clear-library-validation"; I can't link to it directly from the developer forums, but it can easily be found by searching for the title.

Hi, Is this possible? I would like to: Store a biometrically secured key in the Secure Enclave. Do multiple cryptographic operations using that key in a short period of time (say 5 seconds), not all at once. Only do one FaceID for that set. For the time I've only gotten either multiple flashing FaceId requests or the operations failing. Is it possible to set a time limit in which the first FaceID authentication is accepted? Should I do something else? Thanks!

Hi everyone, I wanted to ask if anybody knows what the current status is about the declaration of required reasons APIs. Before May 1, when I uploaded a new build to the App Store Connect and added it to a group with external testers, I got a notification by email like the following: ITMS-91053: Missing API declaration - Your app’s code in the [...] file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. In an article published by Apple (https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api) it is even statet that that after May 1, apps that do not comply are not accepted by the App Store Connect. According to my interpretation, even the upload should be rejected. I am currently in the process to add a privacy manifest and add the declarations. For testing purposes, I wanted to add the declarations step by step and see where I still need to fix anything. My problem is, that the warnings by apple are not beeing sent anymore. I have uploaded a new build after May 1 with no privacy manifest and therefore no API declarations, it was accepted by App Store Connect and even passed the review for an external testers group. Does anybody have information about the following questions? Did Apple shift the deadline? How can I trigger the warning emails again so that I know what to fix and see, when my app is compliant? Thanks in advance!

I added Privacy manifest for my app and submit it to review and apple reject my app with what comment ITMS-91054: Invalid API category declaration - The PrivacyInfo.xcprivacy for the “Frameworks/SmartlookAnalytics.framework/SmartlookAnalytics” file contains “Disk Space” as the value for a NSPrivacyAccessedAPIType key, which is invalid. Values for NSPrivacyAccessedAPIType keys in any privacy manifest must be valid API categories. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. i look at the package manifest and all looks fine (attached image). Maybe somebody saw that issue - and may tell me how can i fix it.

Hello, I am trying to enumerate all ways on macOS for launching an application when a user opens a session. Please note i am not looking for a way which requires root or sudo privileges. I have found this: ~/Library/LaunchAgents/ Login Items (in macOS System Settings) But are there others ? Thanks

In our implementation of Platform SSO, we would like to show custom UI in both the beginDeviceRegistration call as well as the beginUserRegistration call. It works fine in the beginDeviceRegistration call when we use presentRegistrationViewController. When we try to apply the same logic in beginUserRegistration, the ViewController's view.window object is nil and thus using it to house our custom UI doesn't work. I'm not sure if this is an implementation flaw on our part or if presentRegistrationViewController is only intended to be used in beginDeviceRegistration. The call is only mentioned in the context of registering devices, which makes us wonder if it is limited to that. Any help would be appreciated!

I created a custom PAM module following this and It works fine with etc/pam.d/sudo but doesn't work with etc/pam.d/authorization and etc/pam.d/login. sudo # sudo: auth account password session auth include sudo_local auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so auth sufficient pam_smartcard.so auth required pam_opendirectory.so account required pam_permit.so password required pam_deny.so session required pam_permit.so authorization # authorization: auth account auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so auth optional pam_krb5.so use_first_pass use_kcminit no_auth_ccache auth optional pam_ntlm.so use_first_pass auth sufficient pam_smartcard.so use_first_pass account required pam_opendirectory.so Is it even allowed to add a custom PAM to \etc\pam.d\login or etc\pam.d\authorization ? Is it possible to create a mechanism with custom logic and replace it with<string>builtin:authenticate,privileged</string> in system.login.console authorization right ? Note: I have also tried moving the .so file to /usr/lib/pam but it failed even after disabling SIP.

Hello, It is possible to restrict Documents folder access with TCC. But when an applications shows a standard "file open" dialog, it is possible to access this directory to open a file. macOS allows file access in this case because it is an intentional action from user. So i suppose there is a kind of whitelist for all files path opened through "file open" dialog. I would like to know how i can access this whitelist and how i can remove entries. Thanks

I am trying to pass smart card PIN from a custom auth plugin with tag kAuthorizationEnvironmentPassword. I added pam_smartcard.so to login stack (\etc\pam.d\login) but the changes do not take place. # login: auth account password session auth sufficient pam_smartcard.so auth optional pam_krb5.so use_kcminit auth optional pam_ntlm.so try_first_pass auth optional pam_mount.so try_first_pass auth required pam_opendirectory.so try_first_pass account required pam_nologin.so account required pam_opendirectory.so password required pam_opendirectory.so session required pam_launchd.so session required pam_uwtmp.so session optional pam_mount.so What could possible be going wrong in this ? Also is there an API to trigger authorization_ctk from a custom auth plugin to work with smart card ?

We’ve observed a couple of concerning alterations in the passkey registration and authentication behaviour in iOS 17.4.1: During passkey registration, “excludeCredentials” property is ignored. Existing passkey is silently overwritten and no error is reported from navigator.credentials.create (both, Safari and Chrome). However, according to W3 spec when “excludeCredentials” is present in the PublicKeyCredentialCreationOptions - “The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter.” PublicKeyCredentialCreationOptions we use: "credCreateOptions": { "rp": { "name": "RP name" }, "user": { "name": "username", "id": "abcd" }, "challenge": "56elsKE5pKgEECg-fJpLl3gF33ACRSVBl00Mn03JAIk", "pubKeyCredParams": [ { "type": "public-key", "alg": -7 } ], "excludeCredentials": [ { "type": "public-key", "id": “abcd” } ], "authenticatorSelection": { "authenticatorAttachment": "platform", "userVerification": "required" }, "hints": [ "client-device" ], "attestation": "direct", "extensions": null } } This behaviour is different from what is observed on iOS 17.3.1 where the registration call to navigator.credentials.create with the same options produces the following error: “At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator” During passkey login flow, iOS 17.4.1 ignores "hints": [ "client-device" ] According to https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create#client-device, hints specify what authentication UI the user-agent should provide for the user. “client-device” requests the user authenticates using their own device, such as a phone. Here’s our PublicKeyCredentialRequestOption: "credRequestOptions": { "challenge": "xk_wd1BaVue7mOZ-UM_KVj6Z4AmGxf12_7H1Gilq01I", "timeout": 300000, "allowCredentials": [ { "type": "public-key", "id": “abcd”, "transports": [ "internal" ] } ], "userVerification": "required", "hints": [ "client-device" ], "extensions": null } } However, iOS 17.4.1 gives user an option to sign in with another device . On iOS 17.3.1, the request to navigator.credentials.get with the same same PublicKeyCredentialRequestOption presents the UI screen without the “Sign In with Another Device” option. Is that a bug on iOS 17.4.1 or intended behaviour? This does not follow the official specs and different from the other platforms like Android. Is there any documentation around this change on iOS 17.4.1? That would be helpful.

Suppose I received a Privacy Manifest from Apple in the process of reviewing the app. I used "UserDefaults" and "File timestamp APIs" among the APIs, and I didn't add Privacymanifest. And there is nothing in the mail other than "UserDefaults" and "File timestamp APIs". And so is the code. If I remove all the code related to "UserDefaults" and "File timestamp APIs" from the library in this situation, is it okay not to add "Privacy Manifest" from the library as well?? The library can be FrameWork or Static Library.

I have a question about the privacy manifest including the process, that is Do I need to declare a privacy manifest file for the SDKs that Apple is not listed in their list? Let's take an example, I have two SDK's like SDK1, SDK2 used in my app and both the SDK's used the "NSUserDefaults" privacy part and both the SDK's are not listed in the Apple list and also both SDK's did not have their own privacy manifest file. Now, the questions are, Do I need to include Privacy Manifest file to both the SDK's? OR Can I add one Privacy Manifest file in the app-specific then Xcode will combine OR use thisPprivacy Manifest file for the SDK's too? Thanks!

This page indicates https://support.apple.com/en-in/guide/deployment/dep0a2cb7686/web that some usage of fdesetup command line tool is deprecated such as turning on FV using username/password. However, I don't see any proper information about which options from the fdesetup tool are deprecated and which are still valid? Any pointers for that? Thanks, N

I'm noticing a trend in 'foreign' home security products that they want to combination of QR code scanning, and home router connections for 'Easy Setups'. The iOS apps that have to be used with these products require the user to enter their home WiFi password directly into the app. Such apps also commonly request location data. If unencrypted router passwords, and the Location data of the router are being captured and sent back to the manufacturer, this would be very very bad. Of the few things I've put on the App Store, Apple went through my code with a fine tooth comb looking for things that went against their protocols and had to do multiple revisions to bring them in line. Although frustrating at the time, I was pleased to know this kind of screening happened. I've heard Apple won't allow apps to do key logging/capture. Fantastic. Is the the handling of our home network credentials also heavily scrutinised before thing are allowed on the Apple Store?

We develop an iOS SDK that allows developers to add VoIP capability to their iOS applications. For post-call quality analysis and debugging purposes we do collect SDK API usage and call quality data and send them back through internal HTTP API endpoint, therefore we need to disclose the domain in the privacy manifest. However we do not collect any Personally Identifiable Information and definitely have no intent to use these data for tracking the users like the examples described in https://developer.apple.com/app-store/user-privacy-and-data-use/. Our question is, do we need to set the “NSPrivacyTracking” key to “true” in the privacy, or our SDK actually is not tracking from the Privacy Manifest’s perspective and simply disclosing the data collection type/purpose as well as the domain is sufficient?