General: DevForums tag: App Sandbox App Sandbox documentation App Sandbox Design Guide documentation — This is no longer available from Apple. There’s still some info in there that isn’t covered by the current docs but, with the latest updates, it’s pretty minimal (r. 110052019). Still, if you’re curious, you can consult an old copy [1]. App Sandbox Temporary Exception Entitlements archived documentation — To better understand the role of temporary exception entitlements, see this post. Embedding a Command-Line Tool in a Sandboxed App documentation Discovering and diagnosing App Sandbox violations (replaces the Viewing Sandbox Violation Reports DevForums post) Resolving App Sandbox Inheritance Problems DevForums post Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" [1] For example, this one archived by the Wayback Machine.

Hi, this is my app: https://macsyzones.com Here, a video that demonstrates my app: https://www.youtube.com/watch?v=0jNx3ZUD8Rw It's a very cute window management app with unique features. It needs Accessibility Permission but App Store requires App Sandbox enabled which makes to request Accessibility Permission impossible. How can I submit my app without App Sandbox enabled to Apple? Apple can review the code and build it themselves? There are apps that uses Accessibility Permissions on App Store as I can see. Hope you help to have my app on App Store, it will be very good. 😇 I hope you'll give my app a place on App Store. 🥳 Thank you.

Project Background: I developed a Mac project using Electron and VSCode Successfully uploaded the packaged pkg using Transporter, However, I will receive an email informing me that there are some issues with the project: ITMS-90296: App sandbox not enabled - The following executors must include the 'com. apple. security. app sandbox' entitlement with a Boolean value of true in the entitlement property list: [[com. electron. iflyrecclient. pkg/Payload/iFlytek Listen. app/Contents/MacOS/iFlytek Listen]] ITMS-90886: 'Cannot be used with TestFlight because the signature for the bundle at' iFlytek hears. app 'is missing an application identifier but has an application identifier in the provisioning profile for the bundle.' Bundles with application identifiers in the provisioning profile are expected to have the same identifier signed into the bundle in order to be eligible for TestFlight.' Here is my packaging process: Generate an app using the electron packager tool Sign the app using @ electron osx sign (version 1.3.1) After signing, use productbuild - component Yourappname App/Applications - sign "3rd Party Mac Developer Installer: * * * * * (XXXXXXXXXX)" Yourappname. pkg command generates pkg PS： For the second step, I have set sand box=true in both entitlents.plist and entitlents.macinheriting. plist. And after signing, using codesign -dvvv -- entitiements - /path to view the app file shows' checkbox=true ', and the [iFlytek Listen. app/Contents/MacOS/iFlytek Listen] file in the issue also exists. Using the Suspicious Package software to view pkg also has sandbox=true. A few months ago, I uploaded it once and the issues mentioned in the email did not appear. The only changes were the macOS system version number and the replacement of the signature with provisionprofileprovisionprofile. I have reviewed similar issues on the Apple Developer Forums, but have not been resolved

Hello! I encountered an issue while packaging and uploading the project to the Mac store. I received an email stating: ITMS-90296: App Sandbox not enabled - The following executors must include the 'com. apple. security. app sandbox' entitlement with a Boolean value of true in the entitlement property list: [[com. electron. iflyrecclient. pkg/Payload/iFlytek Listen. app/Contents/MacOS/iFlytek Listen]] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. Though you are not required to fix the following issues, we wanted to make you aware of them: ITMS-90886: 'Cannot be used with TestFlight because the signature for the bundle at' iFlytek hears. app 'is missing an application identifier but has an application identifier in the provisioning profile for the bundle.' Bundles with application identifiers in the provisioning profile are expected to have the same identifier signed into the bundle in order to be eligible for TestFlight.' But in my memory, the sandbox was set to true. I have also tried the methods in the forum, but they have not been resolved，I hope you can help me see what happened. Here are the specific situations I developed, This project is built and developed using electron9; The entire project was not developed using Xcode; The specific process of packaging into pkg is as follows: Step 1: Use an electron packager to package the app file Step 2: Use electron/osx sign to sign the entire app file (with options such as entitlement and provisioning profile configured) Step 3: Use the productbuild -- component Yourappname. app/Applications -- sign "3rd Party Mac Developer Installer: *** *** (XXXXXXXXXX)" Yourappname. pkg command to generate the pkg package Step 4: Upload to transporter The above operations were executed normally, and after the second step of signing, using the codesign dvvv -- entities -provided on the official website to query also showed that the sandbox was true. However, after the upload was successful, you will receive an email showing an issue, and the corresponding uploaded version cannot be found on the app connect website Hope to receive your answer. Wishing you good health and smooth work! PS: When generating the app, there is no sandbox related configuration in Info.Plist in the app content package. Is this normal? I checked the info.Plist of Google Chrome, Sogou Input Method and other software, and there is no sandbox configuration. Moreover, I tried manually adding it and then packaging it, but also encountered the same email problem.

When my macOS app (currently in TestFlight and set for Mac App Store distribution) tries to terminate another app, both terminate() and forceTerminate() consistently return false. However, I can retrieve a list of all running applications so some related APIs do work. I suspect this limitation is due to sandboxing. I have three questions: Is there any permission or entitlement I can add in Xcode to allow my app to terminate other applications? If no such permission exists, is there a way to guide users on how to launch my app (distributed through the Mac App Store) without sandboxing? For example, could they set it up to launch as a daemon or agent? If unsandboxing is impossible, would I need to create a separate target specifically without sandboxing? In other words, my MacOS app would communicate with my unsandboxed daemon that would do all the terminate()-ing?

Hello, It seems that an App Store version App uses a default sandbox configuration. However, my app contains multiple binaries, and I would like to apply additional sandbox restrictions to a specific binary. Is it possible to set different sandbox rules for different binaries within the same app? Thank you for your help!

Hello everyone, We develop an app called Unite (bundle ID: com.BZG.Unite), which allows users to create standalone macOS applications from websites. These user-generated apps are based on a backend browser template called DefaultApp (bundle ID: com.bzg.default.app). Here's how our setup works: Unite and DefaultApp: Both are signed with our Developer ID and include necessary provisioning profiles and entitlements. User-Created Apps: When a user creates an app with Unite, it generates a customized version of DefaultApp with the user's chosen name and settings. These apps are ad-hoc signed upon creation to reflect their unique identity. Issue Since updating to macOS 15, every time a user launches a created app, they encounter a persistent prompt asking for permission to access files outside the app's container. Granting full disk access in System Preferences suppresses the prompt, but this is not a practical solution for end-users. Upon launching a user-created app (e.g., "ExampleTest"), the following prompt appears: This prompt appears on every launch of the app. Steps to Reproduce On a Mac running macOS 15, create a new app using Unite (e.g., "ExampleTest"). Launch the newly created app. Observe the prompt requesting access to files outside the app's container. Close and relaunch the app; the prompt appears again. What We Have Tried Given that our apps use an app group (group.BZG.unite.sharedData) to share data between Unite, DefaultApp, and user-created apps, we believe this is triggering the prompt due to changes in System Integrity Protection (SIP) in macOS 15. We are further confident given that if the user does not allow access, the app does launch, but shows an error indicating that the created app was unable to access the data that is typically in the shared group. Here’s a summary of our troubleshooting efforts: 1. Adjusting App Group Configuration Ensured the app group name aligns with Apple's guidelines, including prefixing with the Team ID (teamid.group.BZG.unite.sharedData). Verified that the app group is correctly declared in the com.apple.security.application-groups entitlement. 2. Provisioning Profile Creation Generated provisioning profiles via Xcode and the Developer Console, ensuring the app group entitlement is included. Applied the provisioning profile to the user-created app during code signing. Despite these efforts, the issue continues. 3. Entitlements and Code Signing Created an entitlements file for the user-created app, mirroring the entitlements from DefaultApp, including: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>id.com.BZG.ExampleTest</string> <key>com.apple.developer.team-identifier</key> <string>id</string> <key>com.apple.security.application-groups</key> <array> <string>id.group.BZG.unite.sharedData</string> </array> <key>com.apple.security.app-sandbox</key> <true/> </dict> </plist> Signed the user-created app with our Developer ID and the provisioning profile Verified the entitlements 4. Reviewing System Logs Observed error messages indicating unsatisfied entitlements: message: com.BZG.ExampleTest: Unsatisfied entitlements: com.apple.security.application-groups **5. Consulting Documentation and WWDC Sessions ** Referenced post on App Groups in macOS vs iOS. Reviewed the macOS 15 Release Notes regarding SIP and app group container protection. Watched WWDC 2024 Session 10123: What's new in privacy, starting at 12:23. Questions Is there a way to authorize the com.apple.security.application-groups entitlement in the provisioning profile for ad-hoc signed apps? Given the SIP changes in macOS 15, how can we enable our ad-hoc signed, user-generated apps to access the app group container without triggering the persistent prompt? Are there alternative approaches to sharing data between the main app and user-generated apps that comply with macOS 15's SIP requirements? Is there anything to try that we're missing here to solve this? Any guidance on how to resolve this issue or workarounds to allow app group access without triggering the prompt would be greatly appreciated. Thank you for your assistance!

I have existing macOS application(pkg distribution) and now I need to release App Store version I need to move all files from "Documents/My App" to app container however container migration doesn't work in some cases I've tested TestFlight build: migration works fine if Mac uses Local Documents folder migration doesn't work if Mac uses iCloud Documents and Desktop folders Is there some way to fix this? container-migration.plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Move</key> <array> <string>${Documents}/My App</string> </array> </dict> </plist>

Hi, I have recently encountered an app with some odd behaviour and wanted to clarify some details about the way sandboxing works with iOS apps installed on a Mac. I am unsure whether this is due to a misunderstanding of system behaviour or whether this is a bug. The app was installed from the Mac App Store, designed for iPad. The developer of the app informed me that in lieu of a sign-in process, the app tries to persistently store a UUID of the user on the device so that when the app is deleted and reinstalled, the user is automatically logged in again. The developer says that two mechanisms are being used: 1) NSUserDefaults (via Flutter shared prefs) and 2) identifierForVendor. In the case of 1), my understanding is that these are managed by cfprefsd. Using the 'defaults domain' command, the domain of the app appears. However, there are no keys or values stored. Using the 'defaults write' and 'defaults read' and 'defaults delete' commands on that bundle identifier works as expected, but since it starts out empty, it cannot be read or deleted. Furthermore, the app's data is supposed to be sandboxed in /Library/Containers. When the app is uninstalled from Launchpad, I have confirmed that the folder is missing. When reinstalled, the app's settings and data are missing, but crucially, the cloud identifier is still persistent and is evident after 'setup'. In the case of 2), the developer documentation states that identifierForVendor changes when all apps from a developer have been removed from a device. The app in question is the only app that was installed from this developer, so logically this identifier should have changed when the app was deleted and reinstalled. I have confirmed that iCloud drive is not being used to store this data as there is no data in iCloud for this app. In any case, when the app is uninstalled and reinstalled, the app automatically logs the user into the "account" it was previously logged into, along with all of that user's data in the cloud. I have a sense that this type of persistent identifier tracking is what sandboxing was meant to address, but I am unsure why I have been unable to remove the UUID tag from my system. Any insight would be greatly appreciated!

Hello Apple Community, many thanks in advance for your help. My macOS app embeds a Python interpreter, compiled from source, including the Python executable and its associated libraries. The top-level app is built with Xcode 16.1 and it's written 100% in Swift6. For test purposes we are running the app on MacOS Sequoia 15.0, 15.1 and Sonoma 14.4. The app can be downloaded via TestFlight and Console app shows the next errors: Crash Reports python3.11 Application Specific Signatures: Unable to get bundle identifier for container id python3: Unable to get bundle identifier because Info.plist from code signature information has no value for kCFBundleIdentifierKey. tccd process error Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={TCCDProcess: identifier=[IDENTIFIER]], pid=62822, auid=502, euid=502, binary_path=[PATH TO SAMPLEAPP]]}, requesting={TCCDProcess: identifier=com.apple.appleeventsd, pid=577, auid=55, euid=55, binary_path=/System/Library/CoreServices/appleeventsd}, The next documents were helping a lot to reach the current state althought sometimes I was not sure how to apply them in this python interpreter context: Signing a daemon with a restricted entitlement Embedding a command-line tool in a sandboxed app XPC Rendezvous, com.apple.security.inherit and LaunchAgent Placing content in a bundle There are a lot of details that I will try to explain in the next lines. Once archived the app, it looks like this: SampleApp.app SampleApp.app/Contents SampleApp.app/Contents/Info.plist SampleApp.app/Contents/MacOS SampleApp.app/Contents/MacOS/SampleApp SampleApp.app/Contents/Resources SampleApp.app/Contents/Resources/Python.bundle And this is how Python.bundle looks like: Python.bundle/Contents Python.bundle/Contents/Info.plist Python.bundle/Contents/Resources Python.bundle/Contents/Resources/bin Python.bundle/Contents/Resources/bin/python3.11 <- Python executable Python.bundle/Contents/Resources/lib Python.bundle/Contents/Resources/lib/python3.11 <- Folder with python libraries This is the Info.plist associated with Python.bundle: <dict> <key>CFBundleIdentifier</key> <string>com.sampleapp.app.Python</string> <key>CFBundleName</key> <string>Python</string> <key>CFBundleVersion</key> <string>1.0</string> <key>CFBundlePackageType</key> <string>BNDL</string> </dict> For some reason Bundle Identifier is ignored. Created a Python target and added to the main app, I selected the Bundle template. In Python target I made the next customizations: Enabled the Skip Install (SKIP_INSTALL) build setting. Disabled the Code Signing Inject Base Entitlements Added entitlements com.apple.security.inherit to it, with a Boolean value of true. Tried to set Other Code Signing Flags (OTHER_CODE_SIGN_FLAGS) build setting to: $(inherited) -i $(PRODUCT_BUNDLE_IDENTIFIER) But I had to remove it because I could not get rid of this error "-i com.sampleapp.app.Python: No such file or directory" Created a python.plist and set it in the Packaging Build Settings section. I set Generate Info.plist File to No In this document: Embedding a command-line tool in a sandboxed app Says: "Add the ToolX executable to that build phase, making sure Code Sign On Copy is checked." But I could not do it to avoid duplicates, since the bundle itself contains the executable too. I'm not sure how to handle this case. Tried to add python3.11 executable in the bundle MacOS folder, but bundle executableURL returned nil and I could not use python from the code. This is how I get Python bundle from code: static var pythonBundle: Bundle? { if let bundlePath = Bundle.main.path(forResource: "Python", ofType: "bundle"), let bundle = Bundle(path: bundlePath) { return bundle } return nil } Created Python.entitlements with the next key-values: <key>com.apple.security.app-sandbox</key> <true/> and it is used in an Archive Post-action of SampleApp, in order to sign the python executable of Python.bundle as follows: codesign --force --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$DEVELOPER_ID_APPLICATION" "$ARCHIVE_PATH" The reason of using an Archive Post-action is becauses signing from a Python.bundle Build phase was generating errors related to Sandboxing. These are the entitlements to codesign SampleApp: <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-only</key> <true/> <key>com.apple.security.inherit</key> <true/> </dict> Most probably I was mixing concepts and it seems created some confusion. We would really love to get some advice, Thanks!

Context I'm working on a Mail.app plugin. I would like to disseminate plugin via AppStore. I'm interested in exposing a functionality to user enabling user to choose if plugin should apply to all or selected email account. My intention is to use AppleScript to get a list of available email accounts and expose the list to the end-user via SwiftUI Sourcing account information Apple Script I'm using the following AppleScript tell application "Mail" set accountDict to {} repeat with acc in accounts set accName to name of acc set accEmails to email addresses of acc set accountDict's end to {accName:accEmails} end repeat return accountDict end tell The above generates expected results when executed using Script Editor. Swift Implementation This is still incomplete but shows the overall plan. // // EmailAccounts.swift import Foundation enum EmailScriptError: Error { case scriptExecutionError(String) } struct EmailAccounts { func getAccountNames() -&gt; [String]? { let appleScriptSource = """ tell application "Mail" set accountDict to {} repeat with acc in accounts set accName to name of acc set accEmails to email addresses of acc set accountDict's end to {accName:accEmails} end repeat return accountDict end tell """ var error: NSDictionary? var accountNames: [String] = [] // Create script object, exit if fails guard let scriptObject = NSAppleScript(source: appleScriptSource) else { return nil } // Execute script and store results, nil on error let scriptResult = scriptObject.executeAndReturnError(&amp;error) if error != nil { return nil } // Iterate over results for index in 0...scriptResult.numberOfItems { if let resultEntry = scriptResult.atIndex(index) { if let resultString = resultEntry.stringValue { // Process result handling // accountNames.append(resultString) } } } return accountNames } } Questions Most important one, can I deploy the App on the App Store and use NSAppleScript as shown above? If yes can I use the script in the manner shown above or will I need to store the script in User &gt; Library &gt; Application Scripts location and source it from there. This is outlined in the Scripting from a Sandbox article by Craig Hockenberry, which I cannot link due to being hosted within a not-permitted domain. If yes what entitlements I need to give to the target. I understand that I wouldn't be able to use ScriptingBridge, which feels more robust but wouldn't permit me to deploy the app on the AppStore. My key objective is to programatically identify mail accounts available to Mail.app, if there is a wiser / easier way of doing that I would be more than receptive.

I'm trying to display my images in a tableView, I'm using NSFIleManager and NSDirectoryEnumerator to get all files in the current folder: NSString *path = @"/Users/eagle/Documents/avatars"; NSFileManager *fileManager = NSFileManager.defaultManager; NSDirectoryEnumerator *directoryEnum = [fileManager enumeratorAtPath:path]; NSString *file; while (file = [directoryEnum nextObject]) { // ... } the problem is that this line file = [directoryEnum nextObject] always returns nil, what gives? I already made sure that this folder has no subfolders and contains only images, so what's the problem here?

Hi Apple community, many thanks in advance for your help. My macOS app embeds a Python interpreter, compiled from source, including the Python executable and its associated libraries. We have tried compiling the project with Xcode 16.0 and 16.1 beta 2 over MacOS Sequoia 15.0 and 15.1 This is how the project looks like: SampleApp.app SampleApp.app/Contents SampleApp.app/Contents/MacOS SampleApp.app/Contents/MacOS/SampleApp SampleApp.app/Contents/MacOS/bin SampleApp.app/Contents/MacOS/bin/python3.11 SampleApp.app/Contents/Resources SampleApp.app/Contents/Resources/lib SampleApp.app/Contents/Resources/lib/python3.11 SampleApp.app/Contents/Resources/Info.plist Since we want to 'initially' distribute the app directly, Python binary is signed as follows: codesign --deep --force --options runtime --timestamp --sign "$DEVELOPER_ID_APPLICATION" "$BINARY_PATH" App entitlements contain the next entries: &amp;lt;key&amp;gt;com.apple.security.app-sandbox&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; &amp;lt;key&amp;gt;com.apple.security.files.downloads.read-write&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; &amp;lt;key&amp;gt;com.apple.security.files.user-selected.read-only&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; &amp;lt;key&amp;gt;com.apple.security.files.user-selected.read-write&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; &amp;lt;key&amp;gt;com.apple.security.network.client&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; &amp;lt;key&amp;gt;com.apple.security.network.server&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; The resulting app is signed with entitlements, notarised and stapled. Once the app is running, we can see the next error on Console: Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={TCCDProcess: identifier=[IDENTIFIER]], pid=58826, auid=502, euid=502, binary_path=[PATH]}, requesting={TCCDProcess: identifier=com.apple.appleeventsd, pid=824, auid=55, euid=55, binary_path=/System/Library/CoreServices/appleeventsd}, Python process is not running, we can't see any AMFI message. Next we added to Signing and Capabilities 'Apple Events' from Hardened Runtime section. The resulting app gets signed, notarised and stapled, but when running we get only the next errors: error 09:42:32.787744+0200 SampleApp Can't find or decode reasons error 09:42:32.787832+0200 SampleApp Failed to get or decode unavailable reasons Just in case it is relevant, this is how the app interacts with Python: process.executableURL = URL(fileURLWithPath: [PATH_TO_PYTHON_BIN]) process.environment = environment process.arguments = arguments process.standardOutput = pipe try process.run() process.waitUntilExit() We truly appreciate any guidance, help or advice. Thanks!!

Hello, with macOS Sequoia I've observed a sudden, substantial surge in reports about the Mac App Store version of my app Yoink no longer accepting files dropped to it, with the following message being logged in Console.app: 08:16:05.516307+0200 Yoink ---Yoink Error--- Could not create NSURL bookmark for /Users/<redacted>/Downloads/<redacted>/<redacted>.txt err: Error Domain=NSCocoaErrorDomain Code=256 "Failed to retrieve app-scope key" UserInfo={NSDebugDescription=Failed to retrieve app-scope key} The code line that causes this is the following: NSData *bmData = [fileURL bookmarkDataWithOptions:NSURLBookmarkCreationWithSecurityScope includingResourceValuesForKeys:nil relativeToURL:nil error:&err]; Sometimes a relaunch of Yoink, or a restart of the Mac resolves the issue, but only temporarily. Other times, even a restart doesn't work, but running tccutil reset All at.EternalStorms.Yoink in Terminal and then restarting the Mac works (again, temporarily). The trial version and Setapp versions of my app both work as expected, however. I myself cannot reproduce this issue, so any pointers would be greatly appreciated. (This might be considered a follow up to https://developer.apple.com/forums/thread/46583 , years back) Thanks a ton, – Matthias

Hi, so as I understand it is not possible to know what all possible sources of files are available on iOS using some api call (by sources I mean smb shares connected, iCloud, gdrive, etc), the only paths I can get are the app sandbox, app group container and the same on iCloud. I can get the list of mount points in macOS using getmntinfo(), app/group sandbox and apart from these whatever standard locations I have given access to to my sandboxed app. Are there other paths that I can get? I want to know how I can determine the volume given a user picks a file using a file picker. Say, they picked 10 files from gdrive and another 5 from local storage. If I encounter some errors on the files from gdrive I want to stop working on all 10 of them but to do that I need to be able to determine that that are on this particular volume. Is there a way to do this programmatically? Ex: gdrive on iOS : "/private/var/mobile/Containers/Shared/AppGroup/6208BBEE-24BF-4CC9-A9ED-846F987C0442/File Provider Storage/39822865/1P8WD1tWEaq81ZB_DodTTZhXm0p00QaF7/test.txt" on MacOS: "/Users/username/Library/CloudStorage/GoogleDrive-useremailid/My Drive"

Before updating to macOS 15 Sequoia, I used to be able to create file bookmarks with this code: let openPanel = NSOpenPanel() openPanel.runModal() let url = openPanel.urls[0] do { let _ = try url.bookmarkData(options: [.withSecurityScope]) } catch { print(error) } Now I get an error Error Domain=NSCocoaErrorDomain Code=256 "Failed to retrieve app-scope key" These are the entitlements: com.apple.security.app-sandbox com.apple.security.files.user-selected.read-write com.apple.security.files.bookmarks.app-scope Strangely, my own apps continued working, after updating to macOS 15 some days ago, until a few moments ago. Then it seems that all of a sudden my existing bookmarks couldn't be resolved anymore, and no new bookmarks could be created. What could be the problem?

I'm using the SwiftUI .fileImporter() modifier to present a file open panel to the user, and then I access the returned file URL using String(contentsOf:encoding:). Then I get an error, "The file “order_history.csv” couldn’t be opened because you don’t have permission to view it." The thing is, my app (recently created in Xcode 16.1 beta from macOS template) has the User Selected File entitlement set to "Read Only." It should allow reading such a file, should it not?

I am trying to open external/mounted storage in Finder. I simply just want to show the root directory. I have tried multiple things, none worked. NSWorkspace.shared.open() Does work when opening the user's disk (e.g. Macintosh HD), but when comes to any of the external storages a warning appears: "The application "ABC" does not have permission to open "Folder Name". Now, the app ha been granted all permissions in the preferences (Full Disk Access + Files and Folders). Furthermore, I don't even need or care of accessing this directory from within my app. I want the Finder to open it. I am using com.apple.security.files.user-selected.read-only and testing on MacOS: 14.6.1

Hi, I developed a utility app that allows monitoring system activity and usage. It is a sandboxed app distributed via the Mac App Store. Because in the sandbox I cannot fetch enough data about system activity (like processor temperature, fans, etc.), I developed a little Helper app (non-sandboxed), which currently is distributed via my website, and to enable extra features it provides, the user is asked to download and install it manually (it installs itself as a daemon). I'm looking for ways to improve the user experience. Ideally, it would be a button inside the main app, which would download and install the helper app, without asking the user to do more than pressing a button. As far as I understand, in the previous versions of macOS, it would be possible with privileged helpers and SMJobBless, but those are deprecated APIs now. Another way I tried, is simply downloading the installer app from the website, but opening it programmatically from the main app is tricky since it cannot remove it from the quarantine, in other words, it fails with "operation not permitted". Any advice is appreciated!

My app, which has been on the Mac App Store for many years, has an update being blocked by App review. The only change made is a bug fix (documented in the release notes). First rejection: Said I was using an entitlement I didn't need. My response: I explained the feature that required the entitlement. App goes back in review and gets rejected again for completely different reasons. They don't want me to write files in my App Sandbox container and instead write them in a more traditional user facing location (like in the Documents folder). They keep sending me a link to the "App Sandbox Design Guide" in the Documentation Archive (which appears to redirect to a different page?) and are quoting a section that is nowhere to be found in the link they send me (on the page I'm redirected to). I keep explaining to them that I cannot write outside my sandbox container and that this isn't my choice. And they keep rejecting my app and sending me a broken link to the "App Sandbox design guide." It isn't my fault that I have to write to my sandboxed container by default or have a non-functioning app. In any case, I don't understand why a bug fix update is being held up and I'm getting some vague instructions about possibly having to design some long winded explanation to the user in some ridiculously complicated onboarding process about choosing a folder in a save panel, why you have to choose the folder in the save panel (because I need your permission), OR just quit the app you just bought because it'll otherwise do nothing if you don't choose a folder in the save panel. Users got enough panels to deal with. At the very least App review shouldn't send me broken links from the Documentation Archive. So I'm using my sandbox container by default (because by default I cannot do anything else). I've been doing this for a long time and I don't understand why it is suddenly a problem. What is my sandboxed container for if I can't write to it? If documentation such as the "App Sandbox Design Guide" is still relevant and important why is it being archived anyway ? The link redirects I cannot find the section the reviewer is citing in the provided link. I don't mind being asked to do something to improve the app but I've wasted a lot of time trying to satisfy app review in the past only to misinterpret what they actually are asking me to do causing more wasted time and energy and not getting a whole lot in return. And I don't think it's fair to block a bug fix update.

This post is in response to the information on app groups posted here: https://developer.apple.com/forums/thread/721701 I have a multi-platform (macOS and iOS) app that uses an app group to store the Core Data database, so that extensions and widgets can also access the database. It seems to be impossible to add an app group in Xcode that doesn't start with group.. When I use the team identifier as detailed here , Xcode prepends group. to the app group identifier. So far, I've simply been using an app group identifier that looks like this: group.com.example.MyAppName. This has worked on macOS and iOS. However, I noticed that when the app launches on macOS 15, the user is shown a dialog that says " would like to access data from other apps." If the user selects "Don't Allow", the app will crash, since it can't access the Core Data database located in the app group directory. How can I work around this, considering that this is a multi-platform app, and both the iOS and macOS versions need to store the Core Data database in the app group directory? What is the proper way to configure app groups for multi-platform apps?