Hi. We're writing Authorization Plugin and started with NullAuthPlugin compilation. When tried to run it on VM (Sonoma 14.6, SIP enabled), we're going into the following issue: `2025-03-08 13:38:20.699503-0800 0xdcb0 Error 0x0 0 0 kernel: (AppleMobileFileIntegrity) [com.apple.MobileFileIntegrity:library_validation_failure] Library Validation failed: Rejecting '/Library/Security/SecurityAgentPlugins/NullAuthPlugin.bundle/Contents/MacOS/NullAuthPlugin' (Team ID: ABCD12EF34, platform: no) for process 'SecurityAgentHel(2094)' (Team ID: N/A, platform: yes), reason: mapping process is a platform binary, but mapped file is not' As I understand, the platform binary is the one signed with Apple signature, which indeed is unavailable for us. How can we avoid this issue and run the plugin? Perhaps we're missing some build setting requirement?

Hi Apple, Currently we want to have enhancement for SMS OTP that we want to implement OTP Autofill, But after do some research we're stuck with option that the OTP only show in keyboard suggestion, is there any way for making OTP is automatically filled without user have to click the keyboard suggestion when receiving the SMS. Thanks Best Regards, Admiral Sultano Harly.

We are using ASWebAuthenticationSession with apps on IoS to achieve SSO between apps. The IdP for authentication (OIDC) is an on-premise and trusted enterprise IdP based on one of the leading products in the market. Our problem is that the user is prompted for every login (and logouts) with a consent dialogue box: “AppName” wants to use “internal domain-name” to Sign In This allows the app and website to share information about you. Cancel Continue” I have read in various places that Apple has a concept of “Trusted domains” where you can put an “Apple certified” static web-page on the IdP. This page needs to contain specific metadata that iOS can verify. Once a user logs in successfully a few times, and if the IdP is verified as trusted, subsequent logins would not prompt the consent screen. Question: I struggle to find Apple documentation on how to go about a process that ends with this “Apple certified web-page” on our IdP”. Anyone who has experience with this process, or who can point me in some direction to find related documentation?

Hey, there are plans to design a government app. When a citizen will login they will see their passport, driving license etc... What is the solution of avoiding mandatory in-app user data deletion?

Hi, We're in the process of implementing Apple's App Integrity, but am getting stalled due to missing documents. Can anyone assist with this? We've been following https://developer.apple.com/documentation/devicecheck/validating-apps-that-connect-to-your-server to make the necessary updates, but have come up short with where the document references decoding the Attestation Object. Can we get more information here and how the decoding process work?

Due to business requirements, we need to transfer our app Gem Space for iOS from our current Apple Developer account to a new account. We have a major concern regarding our users and the data associated with the app. The user data is currently stored using an App Group with the identifier, for example: "group.com.app.sharedData" According to some information we’ve found, it might be possible to complete the transfer by removing the App Group from the old account and creating a new one with the same identifier in the new account. However, other sources suggest that App Group containers are owned by the specific team, and data stored in the container may become inaccessible after the app is transferred to a different team. This raises concerns about the possibility of users losing access to their data after updating the app from the new account. Could you please clarify the expected behavior of App Groups in this case? Do we need to perform any kind of data migration, and if so, could you please provide detailed guidance on how to do it safely and without impacting user data access?

Hi community, I'm wondering how can I request the permission of "System Audio Recording Only" under the Privacy & Security -> Screen & System Audio Recording via swift? Did a bunch of search but didn't find good documentation on it. Tried another approach here https://github.com/insidegui/AudioCap/blob/main/AudioCap/ProcessTap/AudioRecordingPermission.swift which doesn't work very reliably.

Hi all, I’m building a macOS-native C++ trading bot, compiled via Xcode. It sends REST API requests to a crypto exchange (Bitvavo) that require HMAC-SHA256 signatures using a pre-sign string (timestamp + method + path + body) and an API secret. Here’s the issue: • The exact same pre-sign string and API secret produce valid responses when signed using Python (hmac.new(secret, msg, hashlib.sha256)), • But when I generate the HMAC signature using C++ (HMAC(EVP_sha256, ...) via OpenSSL), the exchange returns an invalid signature error. Environment: • Xcode 15.3 / macOS 14.x • OpenSSL installed via Homebrew • HMAC test vectors match Python’s output for basic strings (so HMAC lib seems correct) Yet when using the real API keys and dynamic timestamped messages, something differs enough to break verification — possibly due to UTF-8 encoding, memory alignment, or newline handling differences in the Xcode C++ runtime? Has anyone experienced subtle differences between Python and C++ HMAC-SHA256 behavior when compiled in Xcode? I’ve published a GitHub repo for reproducibility: 🔗 https://github.com/vanBaardewijk/bitvavo-cpp-signature-test Thanks in advance for any suggestions or insights. Sascha

I’ve been running into an issue for over a day when trying to create a Sign in with Apple key. Each time I attempt to download it, I’m redirected to a page that displays an error and provides no further guidance. I’ve contacted Support and haven’t yet received a reply. I’ve also tried across multiple browsers (Chrome, Safari, Firefox), including incognito modes. Any ideas on how to resolve this? We’re currently stuck and would appreciate guidance.

Hi there, I'm trying to use SFAuthorizationPluginView in order to show some fields in the login screen, have the user click the arrow, then continue to show more fields as a second step of authentication. How can I accomplish this? Register multiple SecurityAgentPlugins each with their own mechanism and nib? Some how get MacOS to call my SFAuthorizationPluginView::view() and return a new view? Manually remove text boxes and put in new ones when button is pressed I don't believe 1 works, for the second mechanism ended up calling the first mechanism's view's view() Cheers, -Ken

It seems it is not possible to give a CLI app (non .app bundle) full disk access in macOS 26.1. This seems like a bug and if not that is a breaking change. Anybody seeing the same problem? Our application needs full disk access for a service running as a LaunchDaemon. The binary is located in a /Library subfolder.

I have Authorisation Plugin which talks using XPC to my Launch Daemon to perform privileged actions. I want to protect my XPC service narrowing it to be called from known trusted clients. Now since I want authorisation plugin code which is from apple to call my service, I cannot use my own team id or app group here. I am currently banking on following properties of client connection. Apple Team ID : EQHXZ8M8AV Bundle ID starting with com.apple. Client signature verified By Apple. This is what I have come up with. func isClientTrusted(connection: NSXPCConnection) -> Bool { let clientPID = connection.processIdentifier logInfo("🔍 Checking XPC Client - PID: \(clientPID)") var secCode: SecCode? var secStaticCode: SecStaticCode? let attributes = [kSecGuestAttributePid: clientPID] as NSDictionary let status = SecCodeCopyGuestWithAttributes(nil, attributes, [], &secCode) guard status == errSecSuccess, let code = secCode else { logInfo("Failed to get SecCode for PID \(clientPID)") return false } let staticStatus = SecCodeCopyStaticCode(code, [], &secStaticCode) guard staticStatus == errSecSuccess, let staticCode = secStaticCode else { logInfo("Failed to get SecStaticCode") return false } var signingInfo: CFDictionary? let signingStatus = SecCodeCopySigningInformation(staticCode, SecCSFlags(rawValue: kSecCSSigningInformation), &signingInfo) guard signingStatus == errSecSuccess, let info = signingInfo as? [String: Any] else { logInfo("Failed to retrieve signing info") return false } // Extract and Verify Team ID if let teamID = info["teamid"] as? String { logInfo("XPC Client Team ID: \(teamID)") if teamID != "EQHXZ8M8AV" { // Apple's official Team ID logInfo("Client is NOT signed by Apple") return false } } else { logInfo("Failed to retrieve Team ID") return false } // Verify Bundle ID Starts with "com.apple." if let bundleID = info["identifier"] as? String { logInfo("XPC Client Bundle ID: \(bundleID)") if !bundleID.hasPrefix("com.apple.") { logInfo("Client is NOT an Apple system process") return false } } else { logInfo("Failed to retrieve Bundle Identifier") return false } // Verify Apple Code Signature Trust var trustRequirement: SecRequirement? let trustStatus = SecRequirementCreateWithString("anchor apple" as CFString, [], &trustRequirement) guard trustStatus == errSecSuccess, let trust = trustRequirement else { logInfo("Failed to create trust requirement") return false } let verifyStatus = SecStaticCodeCheckValidity(staticCode, [], trust) if verifyStatus != errSecSuccess { logInfo("Client's signature is NOT trusted by Apple") return false } logInfo("Client is fully verified as Apple-trusted") return true } Q: Just wanted community feedback, is this correct approach?

Hello, I have encountered several challenges related to System Integrity Protection (SIP) state detection and code signing requirements. I would like to seek clarification and guidance on the proper approach to programmatically determine the SIP state. Here are the issues I’ve encountered: XPC Code Signing Check APIs: APIs like setCodeSigningRequirement and setConnectionCodeSigningRequirement do not work when SIP disabled and that's ok given what SIP is. LaunchCodeRequirement API: When using Process.launchRequirement, the LaunchCodeRequirement API does not function anymore when SIP disabled. The IsSIPProtected requirement behaves in a way that is not clearly documented -- it appears to only apply to pre-installed Apple apps. Legacy APIs: Older APIs like SecCodeCheckValidity are likely to be non-functional, though I haven’t had the chance to validate this yet. Private API Concerns: So to mitigate those limitations I prefer my app to not even try to connect to untrusted XPC or launch untrusted Processes when SIP is disabled. The only way to determine SIP state I could find is a low-level C function csr_get_active_config. However, this function is not declared in any publicly available header file, indicating that it is a private API. Since private APIs cannot be used in App Store-distributed apps and are best avoided for Developer ID-signed apps, this does not seem like a viable solution. Given these limitations, what is the recommended and proper approach to programmatically determine the SIP state in a macOS application? Any insights or guidance would be greatly appreciated. Thank you!

Hello, When using ASWebAuthenticationSession with an HTTPS callback URL (Universal Link), I receive the following error: Authorization error: The operation couldn't be completed. Application with identifier jp.xxxx.yyyy.dev is not associated with domain xxxx-example.go.link. Using HTTPS callbacks requires Associated Domains using the webcredentials service type for xxxx-example.go.link. I checked Apple’s official documentation but couldn’t find any clear statement that webcredentials is required when using HTTPS callbacks in ASWebAuthenticationSession. What I’d like to confirm: Is webcredentials officially required when using HTTPS as a callback URL with ASWebAuthenticationSession? If so, is there any official documentation or technical note that states this requirement? Environment iOS 18.6.2 Xcode 16.4 Any clarification or official references would be greatly appreciated. Thank you.

Hi everyone, I’m looking for clarification on best practices for storing API keys in an iOS app — for example, keys used with RevenueCat, PostHog, AWS Rekognition, barcode scanners, and similar third-party services. I understand that hard-coding API keys directly in the app’s source code is a bad idea, since they can be extracted from the binary. However, using a .plist file doesn’t seem secure either, as it’s still bundled with the app and can be inspected. I’m wondering: What are Apple’s recommended approaches for managing these kinds of keys? Does Xcode Cloud offer a built-in or best-practice method for securely injecting environment variables or secrets at build time? Would using an external service like AWS Secrets Manager or another server-side solution make sense for this use case? Any insights or examples of how others are handling this securely within Apple’s ecosystem would be greatly appreciated. Thanks for considering my questions! — Paul

I've been spending days trying to solve the memory leak in a small menu bar application I've wrote (SC Menu). I've used Instruments which shows the leaks and memory graph which shows unreleased allocations. This occurs when someone views a certificate on the smartcard. Basically it opens a new window and displays the certificate, the same way Keychain Access displays a certificate. Whenever I create an SFCertificateView instance and set setDetailsDisclosed(true) - a memory leak happens. Instruments highlights that line. import Cocoa import SecurityInterface class ViewCertsViewController: NSViewController { var selectedCert: SecIdentity? = nil override func viewDidLoad() { super.viewDidLoad() self.view = NSView(frame: NSRect(x: 0, y: 0, width: 500, height: 500)) self.view.wantsLayer = true var secRef: SecCertificate? = nil guard let selectedCert else { return } let certRefErr = SecIdentityCopyCertificate(selectedCert, &secRef) if certRefErr != errSecSuccess { os_log("Error getting certificate from identity: %{public}@", log: OSLog.default, type: .error, String(describing: certRefErr)) return } let scrollView = NSScrollView() scrollView.translatesAutoresizingMaskIntoConstraints = false scrollView.borderType = .lineBorder scrollView.hasHorizontalScroller = true scrollView.hasVerticalScroller = true let certView = SFCertificateView() guard let secRef = secRef else { return } certView.setCertificate(secRef) certView.setDetailsDisclosed(true) certView.setDisplayTrust(true) certView.setEditableTrust(true) certView.setDisplayDetails(true) certView.setPolicies(SecPolicyCreateBasicX509()) certView.translatesAutoresizingMaskIntoConstraints = false scrollView.documentView = certView view.addSubview(scrollView) // Layout constraints NSLayoutConstraint.activate([ scrollView.leadingAnchor.constraint(equalTo: view.leadingAnchor), scrollView.trailingAnchor.constraint(equalTo: view.trailingAnchor), scrollView.topAnchor.constraint(equalTo: view.topAnchor), scrollView.bottomAnchor.constraint(equalTo: view.bottomAnchor), // Provide certificate view a width and height constraint certView.widthAnchor.constraint(equalTo: scrollView.widthAnchor), certView.heightAnchor.constraint(greaterThanOrEqualToConstant: 500) ]) } } https://github.com/boberito/sc_menu/blob/dev_2.0/smartcard_menu/ViewCertsViewController.swift Fairly simple.

Hello, Thanks for the new video on Memory Integrity Enforcement! Is the presented app's sample code available (so that we can play with it and find & fix the bug on our own, using Soft Mode)? Thanks in advance!

I have reached out to support and they simply tell me they are unable to help me, first redirecting me to generic Apple support, after following up they provided the explanation that they only handle administrative tasks and to post on the forums. I am unable to change my App Tracking Transparency it provides no real error, though network traffic shows a 409 HTTP response from the backend API when trying to save. Here is a screenshot of the result when trying to save. Does anyone have any suggestions on how to get this resolved? I've commented back to the reviewers and they simply provided help documentation. I have a technical issue and am unable to get anyone to help resolve this.

Hello I have a problem with provisionprofile file. I have created Identifier with Sign in with Apple capability turned on, created Profile with Developer ID selected and now I try to export archive with generated Developer ID provision file but it says "Profile doesn't support Sign in with Apple" Also interesting thing that default provisions like macOS App Development Mac App Store Connect don't show such error when I try to export archive Maybe this problem is only related to Developer ID provision and Direct Distribution doesn't support Sign in with Apple, but I havent found proves about this idea

Hi,is there an option to mark the file or folder or item stored in user defaults ... not to be backed up when doing unencrypted backup in iTunes?We are developing iOS app that contains sensitive data. But even if we enable Data Protection for the iOS app it can be backed up on mac unencrypted using iTunes. Is there a way to allow backing up content only if the backup is encrypted?