I am creating a Privacy manifest file and have a question about adding to NSPrivacyTrackingDomains. For example, if I am using Firebase for two purposes, analytics and crashes, if I specify the Firebase domain as NSPrivacyTrackingDomains and the user rejects the tracking, will the crash information etc. also stop being sent?

In the ESF framework, if I set up a process through audit token mute. Will the creation and corresponding child processes of this process also be mute mute. mute process A. process A creates a child process B. Whether the child process B is mute？

I'm looking over data use categories for the privacy manifest here https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests My app retrieves information such as OS Version, OS Name, locale info for the reason analytics. It also retrieves cellular infomation and device information for the reason app functionality. For this, I think it falls under "Other Data types" and the value "NSPrivacyCollectedDataTypeOtherDataTypes" in the privacy manifest. Do we need to specify further what that "other" data type is? How do I add "OS Information" or "Device Information" as part of the entry for "NSPrivacyCollectedDataTypeOtherDataTypes" in the manifest? Thanks

I refer to Google's ESF project code to handle NOTIFY events, but after my notifyQueue is set to QOS_CLASS_BACKGROUND, the process memory gets larger when a lot of events occur. Is there any way to fix this without affecting performance The code is as follows： notifyQueue = dispatch_queue_create("notify",dispatch_queue_attr_make_with_qos_class(DISPATCH_QUEUE_CONCURRENT_WITH_AUTORELEASE_POOL,QOS_CLASS_BACKGROUND, 0)); if (msg->action_type == ES_ACTION_TYPE_NOTIFY) { es_message_t *copied_msg = [self copy_message:msg]; if (!copied_msg) { return; } dispatch_async(self->_notifyQueue, ^{ @autoreleasepool { [self handle:copied_msg]; [self free_message:copied_msg]; } }); }

I'm developing a mental wellness app, and I need to get user's screentime and app usage data and send it to my flask backend for analytics. Is it possible on iphone right now? I've looked into ScreenTime and DeviceActivity frameworks, but they're really poor in terms of examples and documentation, so I'm not sure if this is actually possible or not.

I wanted to delete the old data of the device by how do i do /var/Keychains/keychain-2.db DELETE FROM genp WHERE agrp<>'apple' which I tried many times but always got errors. I don't know what to do. Can you help me?

We are trying to get access to Endpoint security entitlement for our enterprise app that uses Endpoint Security Extension but after almost 5 month and over 3 requests there is no response from Apple. We kindly asked Apple for entitlement because we have to distribute our application to our customer ASAP. I need some information around this issue. What the reason ? How can I contact support for my requests? Thanks in advance

I'm trying to implement passkeys in my multiplatform (iOS/macOS) app, and it works on iOS, but on macOS I get the following errors: ASAuthorizationController credential request failed with error: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1004 "(null)" Passkey authorization failed. Error: The operation couldn’t be completed. Application with identifier <identifier omitted> is not associated with domain <domain omitted> The associated domain is correctly configured, since it works on iOS. Adding ?mode=developer also doesn't resolve the problem.

Hi I've been running after a problem on my iOS app, I'm creating hundreds of keypairs with SecKeyCreateRandomKey for several different usernames, in this case, different identifiers kSecAttrApplicationTag. After I create the key pairs I extract the public keys using SecItemCopyMatching, again, hundreds of them. Problem is, without a logic explanation, some of those keys cannot be extracted. After running after the issue for hours, I noticed that EVERY time I try to extract a public key and the identifier have exactly 87 chars, the public key cannot be found. Doesn't matter the content or names used on the identifier, every time the length hits 87, SecItemCopyMatching returns -25300 is this some kind of limitation that is not explained on the documentation? thanks digging deeply I noticed several identifier sizes fail to extract the key: [982:69528] key with 7 chars is invalid [982:69528] key with 23 chars is invalid [982:69528] key with 39 chars is invalid [982:69528] key with 55 chars is invalid [982:69528] key with 71 chars is invalid [982:69528] key with 87 chars is invalid [982:69528] key with 103 chars is invalid [982:69528] key with 119 chars is invalid [982:69528] key with 135 chars is invalid [982:69528] key with 151 chars is invalid [982:69528] key with 167 chars is invalid [982:69528] key with 183 chars is invalid [982:69528] key with 199 chars is invalid [982:69528] key with 215 chars is invalid [982:69528] key with 231 chars is invalid [982:69528] key with 247 chars is invalid [982:69528] key with 263 chars is invalid [982:69528] key with 279 chars is invalid [982:69528] key with 295 chars is invalid

When trying to open an app that uses Local Authentication (FaceID) the auth process does not start right away, 3-4 times trying to auth is needed in order to get authenticated with the method the user has selected (FaceID), this is happening with many apps and seems that there's no a workaround. [Edited by Moderator]

ES_EVENT_TYPE_NOTIFY_CREATE doesnt get triggerd if i copy a file to iPhone connected to mac device. Also, ES_EVENT_TYPE_NOTIFY_MOUNT doesnt get triggered when an iphone is connected to a macos device

Is there a way to find out when the set of keychains changes? ie, when a keychain is added or removed? I searched here and grepped through the headers in Security.framework but nothing leaped out at me -- which could just mean I missed something, as happens frequently. (This is on macOS.)

Hey Apple team (and eskimo 🙏), Our FinTech app uses iCloud Keychain shared web credentials to store a secure encryption password in iCloud Keychain. Some of our new users seem to run into an issue where the app fails to successfully create a shared web credential. All users are required to have the following two settings enabled: Settings --&gt; Passwords --&gt; Password Options --&gt; Autofill from iCloud Passwords &amp; Keychain Settings --&gt; Apple D - -&gt; iCloud - -&gt; Passwords and Keychain --&gt; 'Sync this iPhone' The issue appears to resolve itself when the user restarts their iPhone. We've had this bug 3 times now and would like to understand the root cause. We have a couple hypotheses: iOS is failing to verify that the domain for the shared web credential is valid via &lt;domain&gt;/.well-known/apple-app-site-association (and then restarting triggers reverification) Users were on a version of iOS where it was bugged (and then restarting finally completed an update to a new version). We've verified that the bug happened on 17.0.2 with one user (until they updated and it fixed itself)

Having tried to gain access to the total daily screen time API using the text/code from the below thread, we were unable to get any data access. Has anyone else had the same issue and any resolutions? Not looking for application limits, just statistics to inform user through our 3rd party application. Thanks for any guidance around areas we can attempt https://developer.apple.com/documentation/deviceactivity/deviceactivitydata/activitysegment

The "documentation" is poorly worded.

hi,there are some questions about Privacy manifest 1.why do we just see the information about app's manifest in PrivacyReport after app has been archived,that does not contain our SDK's manifest info.but our frameworks that app contains have manifest. 2.does every SDK need to add manifest if this SDK collects user data or uses API? 3.there is list of third-part-sdk https://developer.apple.com/support/third-party-SDK-requirements/ ,if we use an SDK not listed and the sdk has collected use data or used api that need to display reason,should we add manifest file?

I'm trying to log Endpoint Security events to os_log. I'd be grateful if someone could confirm that using the --oslog option with eslogger actually writes event data to the system log. If I monitor with sudo eslogger exec fork exit I see events at the command line, yet if I add the --oslog option, I don't see those events when monitoring the log with sudo log stream --predicate 'subsystem == "com.apple.eslogger"'. Nor do I see them if I filter in the Console app on just the subsystem "com.apple.eslogger". Have I missed out something with my work? Any help appreciated. Thanks.

On recent macOS versions(Sonoma or previous), if system.login.screensaver is updated to use “authenticate-session-owner-or-admin” then fancy screensaver is not coming up, instead we are seeing only black screensaver ( black screen). Note: Observed we are getting fancy screensavers with this setting on macOS BigSur. Can you please let us know if this is an intentional change from macOS or we have any settings to enable to get fancy screensavers with recent macOS versions? Thanks &amp; Regards, Tata Chaitanya

We have implemented a Notification Service Extension in our app to handle remote notification and access keychain to get certificate and identity to refresh network relay configuration. Using SecItemCopyMatching to get SecIdentityRef works when device is unlocked. Whenever push notification arrives and device is locked, our notification service extension failed to access keychain to get identity reference with error code -25308 errSecInteractionNotAllowed. It looks like keychain is locked when device is locked. Is there a way to make keychain unlocked?

Hello, I am creating CryptotokenKit persistent token extension for macOS using Xcode on Sonoma. The goal is to support external crypto provider over network (with API calls). I created a bare minimum app and a new target “Persistent Token Extension”. Before I go into specific implementation, I wanted to check if my extension/token initialises correctly. My understanding is that once the host app is started and the extension is registered by the OS, future queries for digital identities should check with it as well. I tried is accessing mTLS website with Safari and Firefox that require client certificates, as well running custom application using SecItemCopyMatching to query the keychain for identities. However, Token / TokenDriver seem to not initialize (logging never executes). Am I missing something here? pluginkit sees the extension: $ pluginkit -vvvvmi demo.TokenApp.TokenExt demo.TokenApp.TokenExt(1.0) Path = /Users/alexander/Library/Developer/Xcode/DerivedData/TokenApp-dzulesgoanwnacguirprimnipibk/Build/Intermediates.noindex/Previews/TokenApp/Products/Debug/TokenApp.app/Contents/PlugIns/TokenExt.appex UUID = 617526E8-987A-493F-A9E3-6295FF5AB00D Timestamp = 2024-01-19 13:13:35 +0000 SDK = com.apple.ctk-tokens Parent Bundle = /Users/alexander/Library/Developer/Xcode/DerivedData/TokenApp-dzulesgoanwnacguirprimnipibk/Build/Intermediates.noindex/Previews/TokenApp/Products/Debug/TokenApp.app Display Name = TokenExt Short Name = TokenExt Parent Name = TokenApp Platform = macOS Token.swift: import CryptoTokenKit import OSLog class Token: TKToken, TKTokenDelegate { private let log = Logger(subsystem: "demo.tokenapp", category: "Token"); func createSession(_ token: TKToken) throws -> TKTokenSession { log.log(level: .info, "Token.createSession") return TokenSession(token:self) } } TokenDriver.swift: import CryptoTokenKit import OSLog class TokenDriver: TKTokenDriver, TKTokenDriverDelegate { private let log = Logger(subsystem: "demo.tokenapp", category: "TokenDriver"); func tokenDriver(_ driver: TKTokenDriver, tokenFor configuration: TKToken.Configuration) throws -> TKToken { log.log(level: .info, "TokenDriver.tokenDriver") return Token(tokenDriver: self, instanceID: configuration.instanceID) } }