Hi, I am testing out an update for my app in macOS Sonoma. I first installed the App Store version of my app on the device running macOS Sonoma, and it ran fine. I then installed an updated version of my app through TestFlight (built with macOS Ventura SDK), but when I run this updated version, I get prompted ”MyApp differs from previously opened versions. Are you sure you want to open it?". Why is this happening? Is this warning only because the app is updated through TestFlight, or do I need to do something to prevent this warning from happening when I update my app through the App Store? I see this mentioned in an Apple security update:: App Sandbox now associates your macOS app with its sandbox container using its code signature. The operating system asks the person using your app to grant permission if it tries to access a sandbox container associated with a different app. For more information, see Accessing files from the macOS App Sandbox. My app is already sandboxed, and I'm not trying to access a different app's sandbox container, just my own. For the TestFlight build, it probably also uses the same Release configuration that the App Store build uses. I might have changed my provisioning profiles recently because they expired. Would that affect this and cause a prompt to be showed? Would love to know more about this prompt and how to avoid it. Thanks.

On iOS 17 beta 1 or previous iOS versions, the [LAContext canEvaluatePolicy:error:] method works well without requiring the NSFaceIDUsageDescription key in the plist. However, when iOS 17 beta 2 (21A5268h) released, we notice some crash issues related to TCC_CRASHING_DUE_TO_PRIVACY_VIOLATION. The crash termination reason suggests that an NSFaceIDUsageDescription key must be included in the plist file, providing a string value explaining to the user how the app uses Face ID data. It is important to note that we do not actually require this permission. It is challenging to reproduce this issue, as it occurs sporadically without clear triggering conditions. These problems are likely associated with changes made to the LocalAuthentication or TCC frameworks within Apple's beta system. Thread 1: 0 libsystem_kernel.dylib 0x00000001e6a68ba0 semaphore_wait_trap + 8 1 libdispatch.dylib 0x00000001a8a3e89c _dispatch_sema4_wait + 28 (lock.c:139) 2 libdispatch.dylib 0x00000001a8a3ef4c _dispatch_semaphore_wait_slow + 132 (semaphore.c:132) 3 LocalAuthentication 0x00000001d51349b8 -[LAClient _checkIdResultForTCC:synchronous:error:retryBlock:finally:] + 500 (LAClient.m:383) 4 LocalAuthentication 0x00000001d5135828 __64-[LAClient evaluatePolicy:options:uiDelegate:synchronous:reply:]_block_invoke_2 + 180 (LAClient.m:547) 5 CoreFoundation 0x00000001a0dd65b4 __invoking___ + 148 6 CoreFoundation 0x00000001a0d83a0c -[NSInvocation invoke] + 428 (NSForwarding.m:3399) 7 Foundation 0x000000019fdffdf4 __NSXPCCONNECTION_IS_CALLING_OUT_TO_REPLY_BLOCK__ + 16 (NSXPCConnection.m:170) 8 Foundation 0x000000019fdd1f64 -[NSXPCConnection _decodeAndInvokeReplyBlockWithEvent:sequence:replyInfo:] + 520 (NSXPCConnection.m:316) 9 Foundation 0x00000001a050eb5c __88-[NSXPCConnection _sendInvocation:orArguments:count:methodSignature:selector:withProxy:]_block_invoke_5 + 188 (NSXPCConnection.m:1662) 10 Foundation 0x000000019fd965fc -[NSXPCConnection _sendInvocation:orArguments:count:methodSignature:selector:withProxy:] + 2244 (NSXPCConnection.m:1679) 11 CoreFoundation 0x00000001a0d82c0c ___forwarding___ + 1008 (NSForwarding.m:3634) 12 CoreFoundation 0x00000001a0de79d0 _CF_forwarding_prep_0 + 96 13 LocalAuthentication 0x00000001d513573c __64-[LAClient evaluatePolicy:options:uiDelegate:synchronous:reply:]_block_invoke + 204 (LAClient.m:546) 14 LocalAuthentication 0x00000001d5134fe4 __47-[LAClient _performSynchronous:callId:finally:]_block_invoke + 504 (LAClient.m:446) 15 libdispatch.dylib 0x00000001a8a3e300 _dispatch_client_callout + 20 (object.m:561) 16 libdispatch.dylib 0x00000001a8a4dce8 _dispatch_sync_invoke_and_complete + 56 (queue.c:1071) 17 LocalAuthentication 0x00000001d5134dac -[LAClient _performSynchronous:callId:finally:] + 196 (LAClient.m:465) 18 LocalAuthentication 0x00000001d5135634 -[LAClient evaluatePolicy:options:uiDelegate:synchronous:reply:] + 296 (LAClient.m:545) 19 LocalAuthentication 0x00000001d513f38c -[LAContext _evaluatePolicy:options:synchronous:reply:] + 188 (LAContext.m:373) 20 LocalAuthentication 0x00000001d513f084 -[LAContext _evaluatePolicy:options:log:cid:synchronous:reply:] + 388 (LAContext.m:348) 21 LocalAuthentication 0x00000001d5124268 -[LAContext _evaluatePolicy:options:log:cid:error:] + 272 (LAContext.m:402) 22 LocalAuthentication 0x00000001d5123fec -[LAContext canEvaluatePolicy:error:] + 276 (LAContext.m:548) .... Thread 24 Crashed: 0 libsystem_kernel.dylib 0x00000001e6a78394 __terminate_with_payload + 8 1 libsystem_kernel.dylib 0x00000001e6a9aca0 abort_with_payload_wrapper_internal + 136 (terminate_with_reason.c:106) 2 libsystem_kernel.dylib 0x00000001e6a9acb4 abort_with_payload + 16 (terminate_with_reason.c:124) 3 TCC 0x00000001c1471928 __TCC_CRASHING_DUE_TO_PRIVACY_VIOLATION__ + 172 (TCC.c:563) 4 TCC 0x00000001c14720a0 __TCCAccessRequest_block_invoke_7 + 600 (TCC.c:707) 5 TCC 0x00000001c146f154 __tccd_send_message_block_invoke + 624 (TCC.c:0) 6 libxpc.dylib 0x0000000208d09b14 _xpc_connection_reply_callout + 116 (serializer.c:119) 7 libxpc.dylib 0x0000000208cfc484 _xpc_connection_call_reply_async + 80 (connection.c:881) 8 libdispatch.dylib 0x00000001a8a3e380 _dispatch_client_callout3 + 20 (object.m:587) 9 libdispatch.dylib 0x00000001a8a5bb04 _dispatch_mach_msg_async_reply_invoke + 344 (mach.c:3102) 10 libdispatch.dylib 0x00000001a8a50d40 _dispatch_root_queue_drain_deferred_item + 336 (queue.c:7011) 11 libdispatch.dylib 0x00000001a8a50628 _dispatch_kevent_worker_thread + 500 (queue.c:6484) 12 libsystem_pthread.dylib 0x0000000208ca8e88 _pthread_wqthread + 344 (pthread.c:2635) 13 libsystem_pthread.dylib 0x0000000208ca8bf0 start_wqthread + 8

The updated Photos access dialog in iOS 17 states: Photos may contain metadata, such as location, depth information, or captions. How do I access the caption a user added to a photo in my app? This wasn’t possible in iOS 16, is there new API in 17? I previously requested this ability via metadata in FB10205012 and via PHAsset in FB8244665. If it remains inaccessible I’ve submitted FB12437093 to request captions be removed from this wording.

Another common method for cross-website tracking are unique identifiers embedded into URLs, for example, in query parameters. To give people control over where they can be tracked, another new protection is removal of tracking parameters as part of browser navigation, and when copying a link. When a tracking parameter is detected, What is the detection rule of the request browser?