siriknowledged

executablemacOS395.7 KBx86_64, arm64

System diagnostic collector — gathers and submits device health and usage telemetry

Collects diagnostic data including symptoms, analytics, and device state information, then submits reports to Apple endpoints. Accesses location data as a system bundle without user prompts and syncs diagnostic information through iCloud. Maintains private storage areas for collected data and manages communication through 7 XPC services for inter-process coordination. Makes outgoing network connections to transmit telemetry and accesses additional file paths beyond standard sandboxed locations. Runs as an Apple-signed system component with no direct user interface.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 395.7 KB
UUID: CAEE22E1-DCA7-370C-AF89-8E9A54F8814B
Analyzed: 2026-04-09T10:04:26Z
CDHash: 911e21cceec57b0223d1732f27018756ddbdd80db66b4532382733e3dcd05db9

Capabilities

LocationAccess location as a system bundle (no user prompt)

com.apple.locationd.effective_bundle [object Object]

NetworkMake outgoing network connections

com.apple.security.network.client [object Object]

NetworkiCloud data sync

/System/Library/Frameworks/CloudKit.framework/Versions/A/CloudKit

StoragePrivate storage area access

com.apple.private.security.storage.CoreKnowledge [object Object]

StoragePrivate storage area access

com.apple.private.security.storage.FindMy [object Object]

StoragePrivate storage area access

com.apple.private.security.storage.MobileAssetGenerativeModels [object Object]

StoragePrivate storage area access

com.apple.private.security.storage.SiriVocabulary [object Object]

StorageException: access additional file paths

com.apple.security.exception.files.absolute-path.read-only

/private/var/MobileAsset//private/var/db/assetsubscriptiond/

StorageException: access additional file paths

com.apple.security.exception.files.home-relative-path.read-write

/Library/com.apple.internal.ck//Library/UnifiedAssetFramework//Library/Caches//Library/Caches/com.apple.feedbacklogger/

IpcRestricted application group access

com.apple.private.security.restricted-application-groups

group.com.apple.siri.findmy

IpcShared application group container access

com.apple.security.application-groups

group.com.apple.siri.findmy

AnalyticsSubmit symptom diagnostic reports

com.apple.symptom_diagnostics.report [object Object]

Frameworks10

Foundation CoreKnowledge AssistantServices UnifiedAssetFramework ApplePushService CloudKit libobjc.A.dylib libSystem.B.dylib CoreFoundation SiriEntityMatcher

Entitlements110

App.InstalledApp <dict>

App.IntentVocabulary.CustomCarName <dict>

App.IntentVocabulary.CustomCarProfileName <dict>

App.IntentVocabulary.CustomContactGroupName <dict>

App.IntentVocabulary.CustomContactName <dict>

App.IntentVocabulary.CustomMediaAudiobookAuthorName <dict>

App.IntentVocabulary.CustomMediaAudiobookTitle <dict>

App.IntentVocabulary.CustomMediaMusicArtistName <dict>

App.IntentVocabulary.CustomMediaPlaylistTitle <dict>

App.IntentVocabulary.CustomMediaShowTitle <dict>

App.IntentVocabulary.CustomNotebookItemGroupName <dict>

App.IntentVocabulary.CustomNotebookItemTitle <dict>

App.IntentVocabulary.CustomPaymentsAccountNickname <dict>

App.IntentVocabulary.CustomPaymentsOrganizationName <dict>

App.IntentVocabulary.CustomPhotoAlbumName <dict>

App.IntentVocabulary.CustomPhotoTag <dict>

App.IntentVocabulary.CustomVoiceCommandName <dict>

App.IntentVocabulary.CustomWorkoutActivityName <dict>

App.IntentVocabulary.GlobalMediaAudiobookAuthor <dict>

App.IntentVocabulary.GlobalMediaAudiobookTitle <dict>

App.IntentVocabulary.GlobalMediaMusicArtistName <dict>

App.IntentVocabulary.GlobalMediaPlaylistTitle <dict>

App.IntentVocabulary.GlobalMediaShowTitle <dict>

App.Intents.IndexedEntity <dict>

App.Intents.IndexedEnum <dict>

App.Shortcut.Entity <dict>

App.Shortcut.Phrase <dict>

AppleIntelligence.Reporting.AssetDeliveryLog.ModelCatalog <dict>

AppleIntelligence.Reporting.AssetDeliveryLog.UnifiedAssetFramework <dict>

Calendar.Event <dict>

CarPlay.RadioStation <dict>

Contacts.Contact <dict>

FindMy.Device <dict>

Fitness.Guest <dict>

Health.Medication <dict>

HomeKit.Home <dict>

HomeKit.HomeServiceArea <dict>

Location.SignificantLocation <dict>

MediaLibrary.Media <dict>

Podcasts.Podcast <dict>

Siri.PrivateLearning.Contact <dict>

Siri.PrivateLearning.Media <dict>

SiriEntityMatcher <dict>

UserAccount.Identity <dict>

aps-connection-initiatetrue

com.apple.AppleIntelligence.Reporting.AssetDeliveryLog.ModelCatalog <dict>

com.apple.AppleIntelligence.Reporting.AssetDeliveryLog.UnifiedAssetFramework <dict>

com.apple.CoreRoutine.LocationOfInteresttrue

com.apple.application-identifier com.apple.siriknowledged

com.apple.assistant.settingstrue

com.apple.authkit.client.internaltrue

com.apple.authkit.client.privatetrue

com.apple.developer.aps-environment production

com.apple.developer.device-information.user-assigned-device-nametrue

com.apple.developer.homekittrue

com.apple.developer.icloud-container-environment Production

com.apple.developer.icloud-container-identifiers

com.apple.siri.knowledge

com.apple.developer.icloud-services

com.apple.findmy.findmylocate.friendshipservicetrue

com.apple.findmy.findmylocate.locationservicetrue

com.apple.findmy.findmylocate.settingstrue

com.apple.frontboard.launchapplicationstrue

com.apple.generativeexperiences.availabilityServicetrue

com.apple.icloud.searchpartyd.beaconmanagertrue

com.apple.icloud.searchpartyd.beaconsharing.accesstrue

com.apple.icloud.searchpartyd.ownersessiontrue

com.apple.locationd.effective_bundletrue

com.apple.private.accounts.allaccountstrue

com.apple.private.aps-connection-initiatetrue

com.apple.private.assets.accessible-asset-types

com.apple.MobileAsset.Trial.Siri.SiriDialogAssets com.apple.MobileAsset.Trial.Siri.SiriExperienceCam com.apple.MobileAsset.Trial.Siri.SiriTextToSpeech com.apple.MobileAsset.Trial.Siri.SiriFindMyConfigurationFiles com.apple.MobileAsset.Trial.Siri.SiriUnderstandingAsrAssistant com.apple.MobileAsset.Trial.Siri.SiriUnderstandingAsrHammer com.apple.MobileAsset.Trial.Siri.SiriUnderstandingAttentionAssets com.apple.MobileAsset.Trial.Siri.SiriUnderstandingMorphun com.apple.MobileAsset.Trial.Siri.SiriUnderstandingNL com.apple.MobileAsset.Trial.Siri.SiriUnderstandingNLOverrides com.apple.MobileAsset.UAF.Siri.TextToSpeech

com.apple.private.assets.bypass-asset-types-checktrue

com.apple.private.assets.change-daemon-configtrue

com.apple.private.attribution.implicitly-assumed-identity <dict>

com.apple.private.calendar.calaccessdtrue

com.apple.private.cloudkit.serviceNameForContainerMap <dict>

com.apple.private.cloudkit.systemServicetrue

com.apple.private.contactstrue

com.apple.private.feedbackloggertrue

com.apple.private.homekittrue

com.apple.private.homekit.assistant-identifierstrue

com.apple.private.intelligenceplatform.client-identifier com.apple.siriknowledged

com.apple.private.intelligenceplatform.use-cases <dict>

com.apple.private.security.restricted-application-groups

group.com.apple.siri.findmy

com.apple.private.security.storage.CoreKnowledgetrue

com.apple.private.security.storage.FindMytrue

com.apple.private.security.storage.MobileAssetGenerativeModelstrue

com.apple.private.security.storage.SiriVocabularytrue

com.apple.private.tcc.allow

kTCCServiceLiverpool kTCCServiceAddressBook kTCCServiceWillow kTCCServiceMediaLibrary kTCCServiceCalendar

com.apple.private.tcc.manager.access.read

com.apple.rootless.storage.coreknowledgetrue

com.apple.security.application-groups

group.com.apple.siri.findmy

com.apple.security.exception.files.absolute-path.read-only

/private/var/MobileAsset//private/var/db/assetsubscriptiond/

com.apple.security.exception.files.home-relative-path.read-write

/Library/com.apple.internal.ck//Library/UnifiedAssetFramework//Library/Caches//Library/Caches/com.apple.feedbacklogger/

com.apple.security.exception.shared-preference.read-only

com.apple.AppSupport com.apple.triald com.apple.mobilecal com.apple.siri.inference.EntityMatcher com.apple.siri.vocabulary

com.apple.security.exception.shared-preference.read-write

com.apple.siri.morphun com.apple.itunescloud com.apple.UnifiedAssetFramework com.apple.IntelligenceTasks com.apple.SiriEntityMatcher

com.apple.security.files.user-selected.read-onlytrue

com.apple.security.network.clienttrue

com.apple.security.personal-information.addressbooktrue

com.apple.siri.embeddedspeechtrue

com.apple.siri.knowledge com.apple.siri.knowledge2

com.apple.siri.orchestration.capabilitiestrue

com.apple.symptom_diagnostics.reporttrue

com.apple.trial.client

351 401 406 409 750 751 753 755 757 961 1000 1210 1630 1701

mode read-write

value /usr/libexec/siriknowledged

Interesting Strings

Bundle IDs(221)

com.apple.application-identifier com.apple.authkit.client.private com.apple.private.feedbacklogger !com.apple.authkit.client.internal !com.apple.security.network.client

File Paths(20)

#/private/var/db/assetsubscriptiond/0 )/Library/Caches/com.apple.feedbacklogger/0 /Library/Caches//Library/UnifiedAssetFramework//Library/com.apple.internal.ck/

telemetry(8)

"com.apple.siri.analytics.assistant $com.apple.symptom_diagnostics.report <key>com.apple.symptom_diagnostics.report</key><string>com.apple.assistant.analytics</string><string>com.apple.siri.analytics.assistant</string>

URLs & Endpoints(5)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><string>com.apple.compilers.llvm.clang.1_0</string>https://www.apple.com/appleca/0

Network Surfaceentitled

Networking Frameworks

CoreFoundation Foundation

Endpoints(13)

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Hostnamemacosx26.1.internal

Hostname3App.IntentVocabulary.CustomMediaAudiobookAuthorName

Hostname0App.IntentVocabulary.CustomNotebookItemGroupName

Hostname2App.IntentVocabulary.CustomPaymentsAccountNickname

Hostname3App.IntentVocabulary.CustomPaymentsOrganizationName

Hostname9AppleIntelligence.Reporting.AssetDeliveryLog.ModelCatalog

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

DNA Capability Vector

Location

1

Keychain

0

Network

2

Storage

6

Hardware

0

IPC

3

Analytics

1

Security

0

System

0

Behavioral Profile

URL Endpoints

5

Telemetry Strings

8

File Paths

20

Bundle IDs

221

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code3074dda061ceb399f4838e8f3cbb29605ac43fefbe4d406fa68aae989a339c88

Importsa471c89d4e390d99c0d66449439147810867e3bc72657339821e274d3e80a601

Frameworks2e3926fe19d60417ad56ad85b536af86da0d421e4b6388d087d0ede22c701c87

Classes470f94331bacfddbb0bb30c7dcee2bf7529393220153483677390367c74017ed

Entitlements16db5014bae36d05aec8c781ef243cccd4fb257c024e9ff11ca754583fbf6d81

Symbolsf1f966385645069bd5399dc707452970fbd533fee48837f6e8b91017eeda9014

Static Libraries0 / 236 functions identified

Functions(236)

0x100001080-[CKSiriSettingsMonitor .cxx_destruct]

0x1000010c4-[CKSiriSettingsMonitor siriSettingsDidChange]

0x1000011ecsub_1000011ec

0x1000012b8sub_1000012b8

0x1000012c0sub_1000012c0

0x1000012ccsub_1000012cc

0x100001418sub_100001418

0x1000016d8sub_1000016d8

0x1000017f0sub_1000017f0

0x1000017f8sub_1000017f8

0x100001800-[CKSiriSettingsMonitor init]

0x10000189c+[CKSiriSettingsMonitor sharedInstance]

0x10000193csub_10000193c

0x100001978sub_100001978

0x100001a58sub_100001a58

0x100001bf8sub_100001bf8

0x100001ea0sub_100001ea0

0x100001ef4sub_100001ef4

0x100002010-[CKNCloudKitDataStore mergeRecordsWithDictionary:deletedRecordKeys:containsAllChanges:]

0x100002218sub_100002218

Imports153 symbols from 10 dylibs

libSystem.B.dylib47 libobjc.A.dylib31 CloudKit24 CoreFoundation19 Foundation12

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

assetsubscriptiond

knowledge-agent

videosubscriptionsd

BTLEServerAgent