My app is rejected by
2.3 Apps that do not perform as advertised by the developer will be rejected
It said that the file copied into "~/Library/Fonts" failed.
It works when test by myself, I find that it will get permission fail when using the sandbox mode, did Apple reviewer will accept this feedback?
thanks
Apps must work in the sandbox no exceptions allowed.
A sandboxed application cannot write to ~/Library/Fonts.
Either store the font in the app bundle and use it from there, or put up a standard file dialog asking the user to grant permission to write to ~/Library/Fonts by selecting it.
If you get stuck doing either of those ask a specific question on them showing what you've tried. Such a question is unlikely to be seen as off topic.
HTH
Related
I am on OSX 10.14, XCode 10, objective-c
I am currently developing a workflow for explaining the user why he needs to accept automation for my app, explaining how to manually activate it and so on.
For testing reasons it would be great to remove my listed app in the system preferences so i can test this process multiple times.
E.g. in the picture: How can i completely remove Google Chrome for example?
EDIT:
Im not able to open the TCC database where this information is stored:
These permissions are stored in the TCC database, for your current user:
~/Library/Application Support/com.apple.TCC/TCC.db
This is a SQLite database, so you can edit them with the editor of your choice.
The table is called access.
Applications listed in Automation will have kTCCServiceAppleEvents as service.
You can simply remove them and save the database.
EDIT
This is not the global TCC database stored in /Library, which is protected by SIP.
Note the ~, meaning it's in your user's folder: /Users/xxx/Library/...
This one is editable even with SIP enabled.
EDIT 2
So looks like the local TCC database is also protected.
Filesystem protection is only affective for apps built against the macOS 10.14 SDK - that's why I was able to edit it with some third party client.
So I guess the only solution is to disable SIP unfortunately.
I can confirm that the database can be edited if SIP is removed, both with sqlite3 as well as UI tools like SQLiteManager.
How do I setup the pubnub cocoa objective-c client api to NOT store anything on the keychain? Is it possible to store the keys on the Application Support folder instead? When I am using XCode the keychain messagebox modal appears three times even when I press the 'Always Allow' button. It stops for a while but then after a few minutes it asks me again the same way again.
I've checked on my side and it really requested password for each read from Keychain. Tried to find solution and after system reboot, tried again - it requested for password one or three times and then just keep working. As for now, there is no option to configure client without Keychain usage.
Earlier Keychain worked like well after single password input. Looks like one of system updates broke how system interact with developed applications.
Maybe it is somehow related to security and checking "Automatically manage signing" and specifying proper profiles will help you (I'm unable to check this, since Keychain gives me access w/o asking password now since I marked awlays).
Keychain used to store few fields: publish sequence number, uuid, and push token. It had been added to Keychain to survive application re-install.
We will review macOS Keychain usage and if it will be allowed, we will add ability to use file-based data storage (maybe by default for macOS).
I am writing an application that when is running should modify SystemConfiguration to set system wide proxy.
I know it is possible to do that using "Authorization Services" framework provided by Apple, however I see that it keeps asking for a user password to allow changes.
On the other hand I have 3rd party application (not the one I am writing) that does the same, but does not require user password. The application is not even written in Objective-C, but written in FreePascal (FPC) instead. Unfortunately I have no source code for this application to see how it does this trick.
I know I should be able to achieve the same (system config changes without sudo password) by either having Privileged Helper Tool supplied with the application (and perhaps install it on first run) or by going even nastier and loading a kext.
However I see that this application does neither of above. It only performs system calls and no password asked! I am completely puzzled how did they achieve that and would like to find a way to do the same.
So the question is - how to achieve complete "no password asked" for changing System Configuration on Mac OS X with an application?
PS: Application I have at hand runs as user, not root. And there is no modifications to sudoers neither.
This is silly, but after 2 days straight of searching for a solution I found that there is no special code nor any tricks required.
This is easily done via setting setuid bit to binary that requires escalated privilege and calling setuid(0) in the code before doing operations that require privilege (not sure if second part is necessary).
Relevant links:
Apple documentation
Related question on SO
PS: This works basically on any Unix-like system (BSD, Linux Solaris etc) with one details - this does not work on scripts (the ones that require hash-bang #! in order to execute interpreter) with exception of Solaris, where it seems to work just fine.
I am having a mac app in which I am deleting some data from user's Home directory.
My app is rejected saying the below reason.
The app only finds files in the ~/Downloads folder. It would be appropriate to have the user grant access to the Home folder.
So I used NSOpenPanel for asking the access from the user but I have no idea about how to give access to user's hidden folders.
EDIT
I have successfully enabled sandboxing for my app but now on allow button, what should I do?
Please guide me on this...
Any help will be highly appreciated.
Thanks in advance...
I spent some time researching this and I can say that if you want an easy solution for being able to access files outside your app's sandbox, it's just not going to be possible.
And even if you were willing to work on a tougher, more technical solution, it is still likely to not be possible.
You should look at this section in the Apple's App Sandbox Design Guide entitled "Accessing User Data", specifically this bit:
If your app requires access to the user’s home directory in order to
function, let Apple know about your needs using the Apple bug
reporting system. In addition, be sure to follow the guidance
regarding entitlements provided on the iTunes Connect website.
The next paragraph says the same thing about other app's preferences. Since you're trying to manipulate -- or delete -- other app's files, you're going to have to ask Apple for permission and/or guidance to do this.
If this were my problem, the only workaround I might possibly attempt would be to come up with might involve Security-Scoped Bookmarks and Persistent Resource Access, but as you can see from the linked documentation, it's not trivial to setup.
Summed up: if you want your app to remain sandboxed, you may need to rethink what you are trying to accomplish.
More information can be found in this related question.
lately my facebook account got disabled as a 'bad app developer' without any warning. The thing is all of the apps, where I was listed as an admin got disabled, even though they didn't have any negative feedback. Some applications, where my collegues were listed as admins can be restored from their accounts (and they got enabled as they are working correctly). But there is one, where only I was listed as admin, and I can't find a way to send an appeal. There is a notice about a transfer process in the mail I received saying
For more information on recovering or transferring these applications, please visit our FAQ page: http://www.facebook.com/help?faq=17556
But the FAQ page says it can't be found.
Please can somebody point to a tutorial or step-by-step guide how to transfer the app to another account, so I can get enabled again.
Thanks many times.
As far as I am aware there is no way to recover/transfer the app to another account. All you can really do is set up a new app and point it to the same web address. That being said your account was disabled for a reason, so I would read up on the terms and conditions to find out exactly what you did wrong.