Category: Apple Developer News

On March 29, 2021, token and certificate-based HTTP/2 connections to the Apple Push Notification service must incorporate the new root certificate (AAACertificateServices 5/12/2020) which replaces the old GeoTrust Global CA root certificate. To ensure a seamless transition and to avoid push notification delivery failures, verify that both the old and new root certificates for the HTTP/2 interface are included in the Trust Store of each of your notification servers before March 29.

Note that Apple Push Notification service SSL provider certificates issued to you by Apple do not need be to updated at this time.

Learn more about connecting to APNs

If you’re a productivity-minded person, there’s only one thing better than crossing something off your to-do list: Crossing everything off your to-do list.

Quentin Zervaas knows this well — so well he turned the concept into Streaks. The app tracks the number of consecutive days you’ve completed a task and securely syncs your history across iPhone, iPad, Apple Watch, and Mac via iCloud.

What you complete — whether walking the dog, working out, or meditating — is up to you. The idea is to stay driven to check off those to-dos every day. The App Store spoke to Zervaas from his hometown of Adelaide, South Australia, where he and Streaks cocreator Isaac Forman are working to keep up their winning streak.

Streaks gamifies your to-do list: Can you hit all six tasks every day?

How did you get the idea for Streaks?
As a small business owner, I would do certain things each day — bookkeeping, sending support emails. I was also trying to write a book and struggling. Eventually I adopted the strategy “I want to get something done every single day, whether it’s a sentence, a paragraph, or a page.”

I was tracking everything in a text editor until I thought, “I build apps; I could probably make this nicer.” Isaac Forman and I whipped up a prototype that looks pretty much as Streaks does now, just without the colors and icons.

How did you land on Streaks tracking six tasks per day?
I found if I did four or five tasks, a sixth — even if it was completely unrelated — needed to be done too. I just wanted to finish it. So I would put the more difficult one at the end. That gamification really motivates you to get everything done.

What’s the most surprising request you’ve received?
One of the key features is there aren’t any boundaries on the tasks you can add. There are probably 500 icons the app will suggest based on what you type as your task, so I get a lot of icon requests. Someone recently asked us to add a Viking helmet. Maybe they’re a costume designer or they’re playing an online game, I’m not sure.

You won an Apple Design Award in 2016. How did you celebrate? As it happened, I was getting married the weekend before WWDC that year. We got married, got to the airport at 6 a.m. the next day, and headed off on the 19-hour plane ride to San Francisco. My wife wasn’t thrilled with that, but luckily we got to travel around the city, Napa, and Sonoma, so it worked out OK.

What’s the best advice you’ve received? Before Streaks I was working on public transportation apps; someone said to me, “You’re doing this now, but it won’t be your last business.” That’s a good mindset for independent developers: Remember, there’s always something new on the horizon.

Originally published on the App Store.

Learn more about Streaks on the App Store

Learn more about the App Store Small Business Program

Designing apps for Apple platforms just got easier. Now you can quickly lay out your app for macOS Big Sur or tvOS 14 using new design templates, components, guides, and more. All major macOS and tvOS components, such as buttons, segmented controls, alerts, menus, and other controls, are included. In addition, the updated iOS 14 and iPadOS 14 design resources for Sketch have been rebuilt to support color variables, and include numerous minor improvements and bug fixes.

View resources

SKAdNetwork 2.2. This update supports view-through attribution for advertisement formats such as video, audio, and interactive advertisements. This allows you to display your choice of advertising formats and measure which creatives are most effective, while preserving user privacy.

Private Click Measurement. iOS 14.5 and iPadOS 14.5 bring Private Click Measurement to apps, in addition to the web. Advertising networks can now measure the effectiveness of advertisement clicks within iOS or iPadOS apps that navigate to a website. This information can be used to understand which advertisements drive conversions (such as purchases or signups) — while maintaining user privacy.

Get started by building and testing your apps with the beta versions of Xcode 12.5, iOS 14.5, and iPadOS 14.5.

Learn more about SKAdNetwork

Learn more about Private Click Measurement

Download the latest betas

Sometimes a good idea hits you like a splash of cold water.

Fares Ksebati cocreated MySwimPro in 2015 to provide a deep pool of aquatic workout videos for like-minded athletes. The app syncs with Apple Health to keep your swimming and workout data secure. With 2021 being an Olympic year, he and cofounder Adam Oxner are poised to make even bigger waves: “Swimming gets a lot of public notoriety every four years,” says Ksebati.

We spoke to Ksebati, a three-time U.S. Masters swimming champion, about the power of incremental change and what every entrepreneur should know before diving into app development.

No pool? MySwimPro has hundreds of dryland videos to help swimmers stay in shape.

How did you start creating apps? Before launching MySwimPro in 2015, I worked at four different startups and was always coaching swimming on the side. At the time, there was really nothing that addressed swimmers, so that’s when the light-bulb moment happened.

If you work on something you understand intimately, it’s a lot easier because you have that intuition, that unique lens. I’m a swimmer and a coach, but above all I’m a swimming nerd. I not only understand it but I care about it.

How is the MySwimPro team structured these days?
Our HQ is technically in Ann Arbor, but we have team members across the United States and a few countries like Turkey and Ukraine. The app is in nine languages, and we were able to do most of that in-house because we speak almost a dozen languages on our team, which is really unique.

What do you do as a team to stay motivated? Go to the pool! I literally went for a swim two hours ago. Because we’re a fitness brand, it’s part of our culture to take a break in the middle of the day. I want everybody to feel comfortable doing that, even if they’re not swimming.

What’s been the most challenging time for your team, and how did you get through it?
Back in March, when pools were closing, we thought, “OK, this could be two or three years, but we can’t sit around and do nothing.” So we took action very quickly, creating 200 dryland videos and eight training programs. We went to my brother’s house and rearranged his living room into an at-home fitness facility.

What do you know now that you wish you’d known when you started?
That it’s really important to be consistent, that it takes time to develop, and that if you can just be a little bit better every single day, the compounding impact is absolutely insane. We’ve been at this for five years, which is more than 1,800 days, and we’re trying to be at least 1 percent better each day.

Originally published on the App Store.

Learn more about MySwimPro on the App Store

Learn more about the App Store Small Business Program

Late last year, to give you additional time to prepare, we had temporarily deferred the requirement to use AppTrackingTransparency when requesting permission to track users and access device advertising identifiers. This requirement now goes into effect starting with the upcoming beta update, and will roll out to everyone in early spring with an upcoming release of iOS 14, iPadOS 14, and tvOS 14. We encourage you to verify your app’s implementation of AppTrackingTransparency as soon as possible. Without the user’s permission, you will not be allowed to track them and the device’s advertising identifier value will be all zeros.

In an upcoming release of iOS and iPadOS, we will enhance SKAdNetwork and add Private Click Measurement support for apps, allowing advertising networks to better attribute advertisements that display within apps on these platforms. Private Click Measurement enables the measurement of ad campaigns that direct users to websites while preserving user privacy. Additional details are coming soon.

Learn more about user privacy and data use

If your app sends or receives data over the network, it’s critical to preserve the privacy and integrity of a person’s information and protect it from data breaches and attacks. You should use the Transport Layer Security (TLS) protocol to protect content in transit and authenticate the server receiving the data.

When you connect through TLS, the server provides a certificate or certificate chain to establish its identity. You can further limit the set of server certificates your app trusts by pinning their public-key identities in your app. Here’s how to get started.

When to use pinning

By default, when your app connects to a secure TLS network, the system evaluates server trustworthiness by default. Most apps can meet their security requirements by relying on this behavior; however, certain apps may need to further limit the set of trusted certificates.

For example, your app may need to meet regulatory requirements that determine which specific Certificate Authorities (CAs) can be trusted. While Apple platforms ensure by default that only trustworthy CAs are involved, your app can use identity pinning to further limit the set of CAs to those associated with a particular government or organization.

Pinning cannot loosen the trust requirements of your app — it can only tighten them. You still always need to meet the system’s default trust requirements when using public-key certificates involved in a TLS network connection.

Note: When you’ve configured your app to expect a specific set of public keys for a given server, it will refuse to connect to that server unless those public keys are involved. As a result, if the server deploys new certificates that alter the public keys, your app will refuse to connect. At that point, you’ll need to update your app with a pinning configuration that reflects the new set of public keys.

Think long term

If you want to use identity pinning in your app, consider creating a long-term strategy that accounts for both planned and unplanned events so that you can prevent pinning failures.

Your app can proactively provide a great experience by pinning the public keys of CAs, instead of servers. This way, you can deploy server certificates that contain new public keys signed by the same CA without the need for pinning configuration updates.

You can also consider pinning more than one public key, especially when pinning server identities. This way, your app will still be able to connect to configured servers even if they revoke or rotate certificates.

Additionally, plan to provide a fallback experience in your app if it’s unable to connect to a server in the event of a pinning failure. First, think of ways your app experience may be impacted, and come up with mitigating solutions for any negative side effects. Can the app still function without making that connection, and can you provide someone with a temporary recovery path?

You’ll also want to plan for an eventual recovery path. One way you can address pinning failures is through a new pinning configuration, delivered via app update. Consider whether that’s an option given the use cases of your app.

We highly recommend simulating various events and potential failure points when testing your app by acquiring additional public-key certificates for this purpose and varying the configuration of your server accordingly.

How to pin CA public keys

A pinned CA public key must appear in a certificate chain either in an intermediate or root certificate. Pinned keys are always associated with a domain name, and the app will refuse to connect to that domain unless the pinning requirement is met.

As an example, to require the presence of a specific CA public key when connecting to the example.org domain name, you can add the following entries to the Info.plist file of your app.

NSAppTransportSecurity
NSPinnedDomains example.org NSIncludesSubdomains NSPinnedCAIdentities SPKI-SHA256-BASE64 r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=

<key>NSAppTransportSecurity</key>
<dict> <key>NSPinnedDomains</key> <dict> <key>example.org</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSPinnedCAIdentities</key> <array> <dict> <key>SPKI-SHA256-BASE64</key> <string>r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=</string> </dict> </array> </dict> </dict>
</dict>

In this example, the pinned public key is associated with example.org and also subdomains such as math.example.org and history.example.org, but it won’t be associated with advanced.math.example.org, or ancient.history.example.org.

The public key is expressed as the Base64-encoded SHA-256 digest of an X.509 certificate’s DER-encoded ASN.1 Subject Public Key Info structure. Assuming the following PEM-encoded public-key certificate, stored in file ca.pem, you can calculate its SPKI-SHA256-BASE64 value with the openssl command.

-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE----- $ cat ca.pem | openssl x509 -inform pem -noout -outform pem -pubkey | openssl pkey -pubin -inform pem -outform der | openssl dgst -sha256 -binary | openssl enc -base64

To introduce redundancy into your pinning configuration, you can associate multiple public keys with a domain name.

<key>NSAppTransportSecurity</key>
<dict> <key>NSPinnedDomains</key> <dict> <key>example.org</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSPinnedCAIdentities</key> <array> <dict> <key>SPKI-SHA256-BASE64</key> <string>r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=</string> </dict> </array> </dict> <key>example.net</key> <dict> <key>NSPinnedLeafIdentities</key> <array> <dict> <key>SPKI-SHA256-BASE64</key> <string>i9HaIScvf6T/skE3/A7QOq5n5cTYs8UHNOEFCnkguSI=</string> </dict> <dict> <key>SPKI-SHA256-BASE64</key> <string>i9HaIScvf6T/skE3/A7QOq5n5cTYs8UHNOEFCnkguSI=</string> </dict> </array> </dict> </dict>
</dict>

For example, to pin multiple public keys for the example.net server certificate, you would add individual entries as items in an array to the Info.plist file of your app. To satisfy the pinning requirement for a connection to example.net, the server certificate must include one of those keys.

Resources

NSAppTransportSecurity

App Clip Codes are customizable Apple-designed markers built to launch your App Clip. When someone scans your App Clip Code, it will bring up your App Clip or, if the person already has your app installed, will directly launch into a specific part of your app. Each code has a distinct design: It’s immediately recognizable, unique to each App Clip, and provides people with a secure and reliable way to trigger your experience. Codes can even incorporate an NFC tag, allowing people to open an App Clip by simply holding their iPhone nearby without needing to scan it through the Camera app.

You can easily make App Clip Codes and customize them to match your company’s brand or internal designs. Here’s how you can create new codes and pick the right code for the experience you want to provide to your customers.

Plan for your App Clip experience

To create new App Clip Codes, use the App Clip Code Generator. When you make a new code, you can choose its colors, assign a custom URL that resolves for your app, and decide whether to create a code that supports NFC (Near Field Communication).

Single vs multiple App Clip Codes
If you’ve created a single App Clip for your app, you can make a single App Clip Code so that everyone who scans the code gets the same information. For example, if you own a restaurant, placing the same App Clip Code at every table can bring up an App Clip with your digital menu and payment options. Every instance of the single code delivers the same experience.

You can also duplicate the same App Clip Code for use on items like hardware packaging: For instance, if you have a product that requires an in-app setup experience, you can add the same App Clip Code to your packaging to bring your customers directly to the setup experience or interactive instruction manual. As with the restaurant example, you’re always bringing customers to the same experience within your app, so you only need to create a single unique App Clip Code and duplicate it across your material.

If you offer multiple App Clips or advanced App Clip experiences, you can create unique codes for each experience. For example, if you have an app for your restaurant and want to offer an App Clip for ordering takeout on your advertising as well as a different App Clip for people ordering at your restaurant’s outdoor tables, you can create discrete App Clip Codes for each that invoke different parts of the app.

Should you use NFC?
People can interact with App Clip Codes in two ways: Scan Only or NFC. Scanned codes work when someone uses the Barcode reader or the Camera app on iPhone or iPad to view the code, which then delivers a customized URL they can tap on that brings them into the app. In contrast, NFC-integrated codes let people simply hold their device near an App Clip Code to invoke the App Clip.

While you have the flexibility to choose either type to best suit your needs, we recommend using an NFC-integrated App Clip Code whenever someone can easily physically access your App Clip Code. Examples include:

• On a restaurant tabletop
• Near point-of-sale hardware systems
• In a storefront window
• On easily-accessible signage
• On a gift card, coupon, or other offer

If you integrate an NFC tag with your App Clip code, be sure to use a Type 5 NFC tag at least 35mm in diameter (or equivalent) to ensure the best experience.

Learn more about designing for NFC

If your code is displayed digitally or in an area where NFC doesn’t make sense, use the Scan Only version. Examples include:

• On distant posters or street advertising
• On signage behind a counter or otherwise out of reach
• In digital materials such as an email or social media images

Customize the look of your App Clip Code
To make your App Clip Code stand out, you can customize the foreground and background color and create something consistent with your app or company’s brand. App Store Connect provides both default App Clip Code colors and an option for selecting your own colors. Note that if you choose the latter option, Apple will automatically generate the third color in the App Clip Code to ensure sufficient contrast for an accurate scanning experience.

Create your App Clip Code

Once you’re ready to make your own App Clip Codes, you can get started in App Store Connect or through Apple’s command line tools. App Clip Codes are easy to create, letting you get your App Clip experiences up and running and helping people quickly access the right parts of your app at the right moment.

Resources

Learn more about designing App Clip Codes

Explore App Clips

Help people experience the right parts of your app at the exact moment they need them. We’ll explain how to design and build an App Clip — a small part of your app that focuses on a specific task — and make it easily discoverable. Learn how to focus your App Clip on short and fast…

Configure and link your App Clips

App Clips are small parts of an app that offer a streamlined, direct experience and help people get what they need at the right time. Learn how you can invoke an App Clip through real-world experiences like App Clip Codes, NFC, and QR codes, or have them appear digitally through apps like Maps or…

When you create a Safari Web Extension, you can help people get common online tasks done more quickly and efficiently — all while using the same extension model and APIs found in extensions for Google Chrome, Mozilla Firefox, and Microsoft Edge browsers.

If you have an existing web extension you’d like to prepare for distribution in the Mac App Store, it’s easy to to get started with the converter tool in Xcode 12. Here’s how to go about it.

Meet Safari Web Extensions

When you create a Safari Web Extension, you can help people get common online tasks done more quickly and efficiently. We’ll show you how to build a new Safari Web Extension and host it on the App Store, as well as how to use the safari-web-extension-converter tool to migrate existing extensions…

Learn more about Safari App Extensions

Convert an extension

Before getting started, make sure you’ve installed the latest versions of Xcode 12, Command Line Tools, and Safari 14. When ready, you can then run the following command in the Terminal app:

xcrun safari-web-extension-converter /path/to/my/extension/

The converter tool will search for your extension’s manifest at ./path/to/my/extension/manifest.json and generate a default configuration for your Xcode project. If the configuration appears correct, type yes at the prompt and press the Return key. If not, type no and you can enter the converter tool’s interactive mode to customize the configuration.

Note: Verify your keys
During the conversion process, safari-web-extension-converter will look through your manifest for any keys that aren’t supported by your installed version of Safari. If Xcode finds any issues, the app will display a warning message. If you receive this, consider whether the affected keys are critical for your extension to function. You may still be able to leave these keys in place and have everything run smoothly, but be sure to test your extension to confirm.

Adjust a converted extension in Xcode

Safari Web Extensions require a container app so that you can easily distribute your extension on the Mac App Store. As part of the conversion process, Xcode automatically creates and opens a container app project that contains your extension files. From here, you can test your extension, make any necessary code changes, update your extension’s icon, and upload your container app for distribution through the Mac App Store.

Test, test, and test again
While inside your Xcode project, you can build and run your extension by either pressing Command-R or the Play button in the upper left portion of the screen.

Your container app has a button to open Safari Extensions preferences. Select this button to open Safari and enable your extension in the browser.

Note: If this is your first time testing an extension through Xcode, you’ll need to enable support for unsigned extensions in Safari. To do so, follow these steps:

1. Open Safari.
2. Select Safari > Preferences.
3. Navigate to the Advanced tab.
4. Check the ”Show Develop menu in menu bar” checkbox.
5. Navigate to the Develop menu and select ”Allow Unsigned Extensions.” You may have to enter your admin password to make changes.

Make any code changes
By default, your Xcode project references your extension’s existing content as well as native Swift or Objective-C code to create the container app. After testing, you can make any needed changes to this project; any alterations you make will automatically show up as part of your Safari Web Extension the next time you build your Xcode project.

Update your icon
Xcode will use any extension icons listed in your manifest as your app icon, which will also display on your Mac App Store listing. Because Safari Web Extension icons are typically smaller, however, you may want to update to a higher-resolution version of this image for the best look.

To change your icons, select the Assets.xcassets folder in the Xcode sidebar, then drag the new icons into the appropriately-sized image wells.

Add any additional files to your Xcode project
If you need to add additional resources or code files to your extension after conversion — for example, images used by your user interface or other dependencies missed during conversion — you will also need to manually include these files in your Xcode project.

To do so, select any additional files in Finder and drag them into the Resources folder within your Xcode project, located in the left sidebar. Uncheck ’Copy items if needed’ in the file dialog to make sure these files automatically associate with your app.

Distribute your extension

When you’re ready to share your extension, sign in with your Apple Developer account to App Store Connect and upload the container app to for distribution. Remember to review the App Store guidelines before submitting to the Mac App Store; Apple reviews all extensions and extension updates to verify they work reliably.

Learn more about submitting extensions to the Mac App Store