General: TN3151 Choosing the right networking API Networking Overview document — Despite the fact that this is in the archive, this is still really useful. TLS for App Developers DevForums post Choosing a Network Debugging Tool documentation WWDC 2019 Session 712 Advances in Networking, Part 1 — This explains the concept of constrained networking, which is Apple’s preferred solution to questions like How do I check whether I’m on Wi-Fi? TN3135 Low-level networking on watchOS Adapt to changing network conditions tech talk Foundation networking: DevForums tags: Foundation, CFNetwork URL Loading System documentation — NSURLSession, or URLSession in Swift, is the recommended API for HTTP[S] on Apple platforms. Network framework: DevForums tag: Network Network framework documentation — Network framework is the recommended API for TCP, UDP, and QUIC on Apple platforms. Network Extension (including Wi-Fi on iOS): See Network Extension Resources Wi-Fi Fundamentals Wi-Fi on macOS: DevForums tag: Core WLAN Core WLAN framework documentation Wi-Fi Fundamentals Secure networking: DevForums tags: Security Apple Platform Security support document Preventing Insecure Network Connections documentation — This is all about App Transport Security (ATS). Available trusted root certificates for Apple operating systems support article Requirements for trusted certificates in iOS 13 and macOS 10.15 support article About upcoming limits on trusted certificates support article Apple’s Certificate Transparency policy support article Technote 2232 HTTPS Server Trust Evaluation Technote 2326 Creating Certificates for TLS Testing QA1948 HTTPS and Test Servers Miscellaneous: More network-related DevForums tags: 5G, QUIC, Bonjour On FTP DevForums post Using the Multicast Networking Additional Capability DevForums post Investigating Network Latency Problems DevForums post Local Network Privacy FAQ DevForums post Extra-ordinary Networking DevForums post Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

The latest version of macOS 15 is unable to retrieve the SSID. We need to consult with Apple regarding this issue: Question: Is there a way for macOS to silently retrieve the SSID and BSSID? If special permissions are required, can company devices with MDM/ABM installed retrieve them silently?

In macOS Sequoia, I want to open programmatically the Local Network pane in Settings > Privacy & Security. But I can't find the pane ID.

Since we migrated to Xcode 15.4, we are facing a crash of one of our application on Intel machines due to a missing symbol error: Symbol not found: _$s7Network13NWPathMonitorCMa This symbol is used by one of our internal SPM packages, targeting macOS 10.13, but the code using it is tagged @available(macOS 10.14.0, *). After investigating, I can fix this crash by targeting 10.14 instead of 10.13 in package manifest. Sadly, this is not an option, as this SPM is used by products that supports macOS 10.13. The linked libraries reported by otool differs significantly between the build targetting 10.13 and the build targetting 10.15: The build targetting 10.13 weakly links links to /System/Library/Frameworks/Network.framework/Versions/A/Network The build targetting 10.15 does not link to Network.framework, but does link (not wealky) to a library that didn't appear before /usr/lib/swift/libswiftNetwork.dylib In previous builds that were performed by Xcode 14, the produced binary was weakly linking to @rpath/libswiftNetwork.dylib What can I do to work around this problem introduced by Xcode 15 ?

Hello, I'm doing some test and I dowload the sample from here https://developer.apple.com/documentation/networkextension/local_push_connectivity/receiving_voice_and_text_communications_on_a_local_network Everything works correctly and the phones are able to exchange messages without problems and the server sends pushes to the devices. Now I would like to modify the server so that, when it sends the push to the mobile device, it can change the sound or add other information as is possible when using APN. Now I would like to modify the server so that, when it sends the push to the mobile device, it can change the sound or add other information as is possible when using APN. Is there any way to send a payload like for APN? Thank's Omar

Hello everyone, Can someone help me understand how the following code works? let params = NWParameters(tls: tlsOptions, tcp: tcpOptions) params.requiredInterfaceType = .cellular connection = NWConnection(to: connectionHostPort, using: params) Does this configuration guarantee that all network calls made using the connection will always use cellular data? What happens if both WiFi and cellular are connected simultaneously? Is there any underlying UNIX library which can confirm this? TIA arup[dot]s[at]icloud[dot]com

I'm trying to sign an app to run locally because development provisioning does not work for unspecified reasons. I'm adding NSAllowsLocalNetworking to the app transport security section of the entitlements and the result is that the selection to sign the app locally vanishes from the signing section in Xcode. I need to access a local web application which does not provide HTTPS. I'm not only very confused about this but actually pretty ******. Is this once again Apple playing games for absolutely no reason? Why can't I build and run an application on my system that does not have to do anything with Apple, the app store, customers or anything? This is just for me and I cannot make it work.

Since Apple Multipeer framework does not really work without crashes, I implemented my own multipeer with the Network.framework. like let tcpOptions = NWProtocolTCP.Options.createDefault() let parameters = NWParameters(tls: NWProtocolTLS.Options(), tcp: tcpOptions) parameters.setDefaultSettings() let browser = NWBrowser( for: .bonjour( type: config.bonjourServiceType, domain: nil ), using: parameters ) and extension NWParameters { func setDefaultSettings() { self.includePeerToPeer = true self.requiredInterfaceType = .wifi self.preferNoProxies = true } } extension NWProtocolTCP.Options { static func createDefault() -> NWProtocolTCP.Options { let tcpOptions = NWProtocolTCP.Options() tcpOptions.enableKeepalive = true tcpOptions.keepaliveIdle = 10 // 10 seconds keepalive interval tcpOptions.noDelay = true // Disable Nagle's algorithm for low latency return tcpOptions } } it works well up to approx. 30 meter outside with free view. What's the max range for the peer to peer via bonjour? And is there a way to get longer distance than 30 meter?

I have 3 functions to run in series , all have api calls to make but 2nd function has multiple api call and after all api of 2nd function is executed and saved to Core Data then 3rd function is called . Then after 3rd function again all functions are called I want all this to work when app in background . i am currently using begin background task and end background task

I'm looking to see if there's any suggested libraries / frameworks to use for transferring files between Macs. The setup is a few dozen Macs (each with 10g networking) and a custom app that handles the transfer of files between them on a local network. I looked into raw TCP sockets but the file sizes will make this tricky. Some files can be up to 150gb. Maybe SFTP to AFP? But not sure how this looks in code and I know I don't want to be mounting computers in finder - ideally it's an app that hosts it's own server to handle the transfers. Any insight on this would be helpful. Thanks!

macOS popup a dialog "Allow App to find devices on local networks?" to ask Local Network permission. I would like to analyze when it popup and how it impacts my app user scenario. But this dialog only popup when Local Network privacy list not contain this app, once user pressed allow / don't allow, it won't popup again. System Settings UI does not support removing Local Network permission, so I tried this command but not working. tccutil reset All There is also a post mentions that it does not work: https://developer.apple.com/forums/thread/757949 Is there a way to remove this privacy settings? I don't want to reinstall macOS to test it.

I’m developing an app for IPTV where users can add their own links to TV channels and watch them through the app. Since not all IPTV links use HTTPS, I’ve set NSAllowsArbitraryLoads to true in the Info.plist. Apple mentions that if you set this to true, you need to provide an explanation. What kind of explanation do they require, and how should I provide it? Thanks!

I am trying to connect to localhost:8081 from simulator, but it is unable to connect with following logs: info 12:07:49.167248+0530 com.apple.WebKit.Networking nw_resolver_host_resolve_callback [C8.1] flags=0x40000003 ifindex=0 error=NoSuchRecord(-65554) hostname=localhost. addr=IN6ADDR_ANY ttl=60 info 12:07:49.167310+0530 com.apple.WebKit.Networking nw_resolver_host_resolve_callback [C8.1] flags=0x40000002 ifindex=0 error=NoSuchRecord(-65554) hostname=localhost. addr=INADDR_ANY ttl=108002 Macos 14.6.1 iOS simulator version 17.5 Som observations localhost:8081 does not load on simulator but 0.0.0.0:8081 loads fine, also 127.0.0.0:8081 loads fine on simulator. My laptop is a managed device with network filter Switching network sometimes fixes the issue. Restarting laptop sometimes fixes the issue. localhost:8081 opens find on laptop, but not on simulator. Contents of my laptop's /etc/hosts: ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost

My team and I have created an iPhone application that receives and utilizes sensor data from a separate raspberrypi-powered device. The iPhone app does not function without the use of the sensor data. How will the App Reviewers be able to test the application when submitting to the App Store?

Hello Folks, Can we capture below information for connected WIFI { AdapterType SSIDName DefaultAuthenticationAlgorithm DefaultCipherAlgorithm SecurityEnabled ConnectionStatus VpnConnectionStatus BssType NetworkConnectable NumberOfSSIDs ProfileName Bssid FrequencyType SignalQuality }

Hi, We are working with a small QUIC POC, in which the macbook pro is the server and the vision pro the client (we use it to test QUIC's functionality). We have below logic to send small buffers (128k) using only one stream because we want the data to arrive in order and reliably as QUIC guarantees: private func createDummyData() { dummyData.append(Data(bytes: &frameNumber, count: MemoryLayout<UInt64>.size)) frameNumber += 1 } private func sendDataToClient() { createDummyData() let start = Date() Thread.sleep(forTimeInterval: 0.015) outgoingConnection?.sendBuffer(dummyData) { [weak self] in let interval = Date().timeIntervalSince(start) print("--> frame #: \(String(describing: self?.frameNumber)), send took: \(interval) seconds") self?.dummyData.removeLast(8) self?.sendDataToClient() } } As you can see we are waiting for the completion handler to call the next send operation. We needed to add a delay (0.015) because even when the data is arriving in order, we are not receiving a considerable amount of buffer on the client side. If we remove the delay, this is the way we are receiving our data. By the way, we are including a frame number (1,2,3,4....) on each buffer so we know which one arrived at the client : Connected to QUIC bi-di tunnel id: 0... Timestamp: 00:42:40.413, Buffer received... Frame number: 0, received... Timestamp: 00:42:40.414, Buffer received... Frame number: 1, received... Timestamp: 00:42:40.416, Buffer received... Frame number: 29, received... Timestamp: 00:42:40.416, Buffer received... Frame number: 30, received... Timestamp: 00:42:40.418, Buffer received... Frame number: 43, received... Timestamp: 00:42:40.418, Buffer received... Frame number: 52, received... Timestamp: 00:42:40.422, Buffer received... Frame number: 65, received... Timestamp: 00:42:40.424, Buffer received... Frame number: 80, received... Timestamp: 00:42:40.426, Buffer received... Frame number: 90, received... As you can see, we have received frames number 0 and 1 but after that we received # 29 and then jumps from 30 to 43 and 52 and 65. Again, if we introduce the delay this is not the case, is not fixing it but at least there are not that many losses. We thought QUIC had an internal sending queue in which every frame is waiting to be sent and it will be delivered reliably. Kindly let us know what are we missing.

While it is possible to create an IPPROTO_DIVERT socket and bind a divert port successfully, I couldn't find any command piece neither in pf manuel page nor in the web for diverting packets like divert-to, divert etc. My questions: Is packet divert mechanism still active in Sonomo ? If so, what is the correct rule syntax for PF for diverting packets on a specific port?

I'm trying to figure out how to debug failure to successfully resolve DNS queries. I have an app that installs a network extension as a system extension. Then, the system extension spawns a second process via posix_spawn. This second process fails to resolve DNS queries, but the initial system extension process can connect to a URL involving the same hostname. In mDNSResponder I see: 2024-08-23 11:01:30.313470+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56090] DNSServiceCreateConnection START PID[70515](coder) 2024-08-23 11:01:30.313857+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56091] DNSServiceQueryRecord(15000, 0, <mask.hash: 'sUpGaOtvrWLwu6toEcVb1g=='>(e8da8e0d), A) START PID[70515](coder) 2024-08-23 11:01:30.314945+0400 0x2336 Debug 0x0 1320 0 mDNSResponder: (Network) [com.apple.network:] -[NWConcrete_nw_path_evaluator dealloc] AE46B126-E438-4804-B030-F0E337AED7A0 2024-08-23 11:01:30.315004+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [Q18806] InitDNSConfig: Setting StopTime on the uDNS question 0x13d356ce0 <mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='> (Addr) 2024-08-23 11:01:30.315051+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56091->Q18806] Question for <mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='> (Addr) assigned DNS service 1461 2024-08-23 11:01:30.315075+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [Q18806] DetermineUnicastQuerySuppression: Query suppressed for <mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='> Addr (blocked by policy) 2024-08-23 11:01:30.316901+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56091->Q18806] GenerateNegativeResponse: Generating negative response for question <mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='> (Addr) 2024-08-23 11:01:30.316953+0400 0x2336 Debug 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56091] QueryRecordOpCallback: Suppressed question <mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='> (Addr) 2024-08-23 11:01:30.316984+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56091->Q18806] DNSServiceQueryRecord(<mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='>(e8da8e0d), A) RESULT ADD interface 0: (mortal, DNSSEC Indeterminate)<mask.hash: 'fy5Hgf26/rhBtId5NoaY9A=='> So, my query is getting "suppressed" by mDNSResponder, blocked by policy. It doesn't seem to matter what DNS name my 2nd process queries---they are all suppressed. What policies does mDNSResponder enforce? How can I figure out why my queries are being suppressed?

Hi Team, Is there a way to disable secure DNS in macOS that is set at the OS level, like 8.8.8.8, which supports secure DNS on ports 443 and 853?

It does not seem to be stored in the system or user TCC database? Having a way to programatically grant the permission to a given app without user interaction, for example when automatically provisioning a CI node for macOS testing (with SIP disabled, so full disk access available), would be nice. Filed as FB14878596

When using the following API, is it expected that the app would require both incoming and outgoing permissions with App Sandbox? public func sendto(_: Int32, _: UnsafeRawPointer!, _: Int, _: Int32, _: UnsafePointer<sockaddr>!, _: socklen_t) -> Int Since I'm only sending UDP broadcasts, I would have expected outgoing to be sufficient. Thanks!