General: DevForums tag: App Sandbox App Sandbox documentation App Sandbox Design Guide documentation — This is no longer available from Apple. There’s still some info in there that isn’t covered by the current docs but, with the latest updates, it’s pretty minimal (r. 110052019). Still, if you’re curious, you can consult an old copy [1]. App Sandbox Temporary Exception Entitlements archived documentation — To better understand the role of temporary exception entitlements, see this post. Embedding a Command-Line Tool in a Sandboxed App documentation Discovering and diagnosing App Sandbox violations (replaces the Viewing Sandbox Violation Reports DevForums post) Resolving App Sandbox Inheritance Problems DevForums post Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" [1] For example, this one archived by the Wayback Machine.

I am developing a macOS word-processing app that should be distributed via the Apple App Store. Some of the app's functions like generating HTML and PDF exports should be automatable via Shortcuts and via shell scripts. To support the latter, I plan to include a command line tool inside the app that can be called from the Terminal or a shell script. The tool should be able to instruct the main app to then perform the desired commands. A well-known AppStore app that uses this design is BBEdit which also contains multiple command line tools that offer functionality from the main app to users of the Terminal. My technical questions now are: Should the command line tool executable be sandboxed and if yes, how? Even after many trials, I have not found a way to make a working sandboxed command line tool. If a sandboxed tool is started from the Terminal, it is immediately terminated with an exception in _libsecinit_appsandbox.cold.12. I am aware of the Apple developer documentation article Embedding A Helper Tool In A Sandboxed App, but it addresses a different architecture in which the helper tool is started from the main app and therefore is able to inherit its sandbox. BBEdit is only sandboxing the main app, but not its embedded command line tools and is still allowed in the App Store. Is this the way to go for me as well or does BBEdit get some special treatment in the App Store? How can the command line tool pass the permission to access files to the main app? As my main app is sandboxed, it needs explicit permission from the user to be able to access files. Users of a command line tool give this permission by providing file paths as arguments. How can I pass these permissions along to the main app? BBEdit is able to do this even when the user has not given it full-disk access. I know that it is using Apple Events for the communication between the command line tool and the main app, but I am not sure how this allows to pass permissions. Can anyone shed light on how to implement a solution here? Thanks!

Hi, I am trying to build a command line app that read local mov files and print the text to the terminal. When I open the file with VNImageRequestHandler(url: url), where the url is a hardcode path to my desktop file, the terminal reports CRImage Reader Detector was given zero-dimensioned image (0 x 0). Anyone can help? Thanks!

Greetings! I want to add my pre-compiled binary of v2ray to my application so I can activate it in background as a proxy and run stuff through it. I've codesigned it via: codesign -s - -i production.myproject.v2ray -o runtime --entitlements v2ray.entitlements -f v2ray Contents of entitlements file: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.downloads.read-write</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> </dict> </plist> Originally I ran it like this without sandboxing from my main target app: guard let v2rayPath = Bundle.main.path(forResource: "v2ray", ofType: nil) else { throw NSError(domain: "ProxyController", code: 1, userInfo: [NSLocalizedDescriptionKey: "V2Ray binary not found in bundle"]) } let task = Process() task.executableURL = URL(fileURLWithPath: v2rayPath) task.arguments = ["-config", configURL.path] // Redirect output for debugging let pipe = Pipe() task.standardOutput = pipe task.standardError = pipe``` And it ran flawlessly. Now it refuses to start. Any help, pointers or examples of such usage will be greatly appreciated

Hello, first time poster here. I'm struggling to find any info/documentation on why bluetooth game controllers DON'T require bluetooth entitlement when app sandboxing is enabled but do require USB. any pointers would be much appriciated Chris

Firstly, I realise that Kexts are deprecated. And for my needs, user-space IOKit from an application might be more than I’ll ever need, but I can’t help ensuring I’ve got all my ducks in a row while I’m designing an app. I noticed in the above Kext deprecation notice that it’s more about specific APIs that are deprecated rather than the kext mechanism itself (no mention of IOKit kernel APIs there). Along with the fact that a reboot would be required and various other policy changes. While reading up on System Extensions and the various newer tools, DriverKit, Endpoint Security etc, I’ve noticed there’s no mention of this “IOKit Driver” target/deliverable in the Xcode template chooser. It looks like, from the requirements, that DriverKit is aimed at hardware manufacturers, with a need to request the DriverKit entitlement for development. With respect to Apple’s internal Kext deprecation roadmap, how safe is it to build a product that relies on using an IOKit Driver and are there any requirements similar to DriverKit? Would a developer need to request an entitlement? If I developed an app using user-space IOKit and, for illustration purposes let’s say I also included an IOKit Driver in the app bundle. If I used the IOKit API, including header file constants only (no digging around in the IORegistryExplorer for non-public keys), as Apple intends them to be used, would this fall foul of any App Store rules that anyone is aware of? Put another way, would making use of an IOKit Driver disqualify my app from being distributed via the App Store, similar to an Endpoint Security extension? As an aside, there are a lot of API in the ES Framework that could be used to build apps that have nothing to do with Endpoint Security. File system related apps for example. It’s a shame there isn’t an enhanced middle ground between FSEvents and Endpoint Security framework.

there is a functional issue that I hope to receive your help Background: When my app is running, it will monitor the USB devices currently connected to the Mac and obtain the hid related configurations for each USB device, such as: {vendorId: 10168, productId: 493, path: 'IOService:/ AppleACPIPl...HIDDevice@14210000 0 serialNumber: '20002E8C', manufacturer: 'ThingM', product: 'blink(1) mk2', release: 2, interface: -1, usagePage: 65280, usage: 1} Originally running normally, but in sandbox mode, I found that there were some missing information in obtaining device information, specifically the path of each USB device obtained (e.g. 'IOService:/ AppleACPIPl...HIDDevice@14210000 0 ') are all lost (with empty content), but they can be obtained in non sandbox environments. Do i need any additional permissions for this? PS: I have been keeping it on: com. apple. security. device. usb

I have a werid case that shouldn't happen according to https://forums.developer.apple.com/forums/thread/706390 I have an audio unit which runs in FCP and I want it to launch a sandboxed app as a child process. If I sign the child app with just "com.apple.security.app-sandbox" entitlement it crashes with SYSCALL_SET_PROFILE error. According to the article referenced above: "This indicates that the process tried to setup its sandbox profile but that failed, in this case because it already has a sandbox profile." This makes sense because audio units run in a sandboxed environment (in AUHostingService process). So I added "com.apple.security.inherit" to the entitlements plist and now I get "Process is not in an inherited sandbox." error. According to the article referenced above: "Another cause of a trap within _libsecinit_appsandbox is when a nonsandboxed process runs another program as a child process and that other program’s executable has the com.apple.security.app-sandbox and com.apple.security.inherit entitlements. That is, the child process wants to inherit its sandbox from its parent but there’s nothing to inherit." And this doesn't make sense at all. The first error indicates the child process is trying to create a sandboxed environment within a parent sandboxed environment while the second error indicates there's no a parent sandboxed environment... I specifically checked the child process has "com.apple.security.app-sandbox" and "com.apple.security.inherit" entitlements only. If I remove all entitlements from the child process it launches and runs fine from the audio unit plugin. And if I remove "com.apple.security.inherit" but leave "com.apple.security.app-sandbox" I can successfully launch the app in standalone mode (in Finder). For the testing puroses I use a simple Hello World desktop application generated by XCode (Obj-C). Does anybody have an idea what can be the reason for such a weird behavior?

If a user applies for and is approved for a subscription refund by Apple, we understand that the developer can receive a server notification of "REFUND." However, this notification doesn't include the refund amount. Therefore, we thought about linking the refund amount information output in the financial report "All Countries or Regions (Detailed)" with individual end-user transaction information. However, it seems that this report doesn't have a transaction ID, and the records appear to be aggregated daily. Is there any way we can find out how much was refunded to which user for individual refunds? If a user applies for a subscription refund from Apple, are there cases where only a part of the plan, rather than the full amount, is refunded?

I've written a little utility targeting Mac, for personal use. In it, I need to be able to select a file from an arbitrary location on my drive. I have the "user selected file" entitlement added, and I have added my application to "Full Disk Access." But I still get a permissions error when I select a file with the file-open dialog (via .fileImporter). I dragged the application from the Xcode build directory to Applications before adding it to Full Disk Access. Any ideas?

I am developing a macOS app that requires the ability to create new files in the same directory as a user-selected file, but I am encountering permission issues due to the App Sandbox restrictions. While the user can select a file (e.g., a.jpg) using a standard open panel, I cannot create an adjacent file (e.g., a.jxl) in the same folder because the sandbox only grants access to the selected file, not to other files in the directory. I understand that full disk access might be an option, but it requires user intervention and isn't suitable for this case. Is there any way to extend access to other files in the directory (including those not selected by the user) while remaining within the App Sandbox environment?

Hi, this is my app: https://macsyzones.com Here, a video that demonstrates my app: https://www.youtube.com/watch?v=0jNx3ZUD8Rw It's a very cute window management app with unique features. It needs Accessibility Permission but App Store requires App Sandbox enabled which makes to request Accessibility Permission impossible. How can I submit my app without App Sandbox enabled to Apple? Apple can review the code and build it themselves? There are apps that uses Accessibility Permissions on App Store as I can see. Hope you help to have my app on App Store, it will be very good. 😇 I hope you'll give my app a place on App Store. 🥳 Thank you.

Project Background: I developed a Mac project using Electron and VSCode Successfully uploaded the packaged pkg using Transporter, However, I will receive an email informing me that there are some issues with the project: ITMS-90296: App sandbox not enabled - The following executors must include the 'com. apple. security. app sandbox' entitlement with a Boolean value of true in the entitlement property list: [[com. electron. iflyrecclient. pkg/Payload/iFlytek Listen. app/Contents/MacOS/iFlytek Listen]] ITMS-90886: 'Cannot be used with TestFlight because the signature for the bundle at' iFlytek hears. app 'is missing an application identifier but has an application identifier in the provisioning profile for the bundle.' Bundles with application identifiers in the provisioning profile are expected to have the same identifier signed into the bundle in order to be eligible for TestFlight.' Here is my packaging process: Generate an app using the electron packager tool Sign the app using @ electron osx sign (version 1.3.1) After signing, use productbuild - component Yourappname App/Applications - sign "3rd Party Mac Developer Installer: * * * * * (XXXXXXXXXX)" Yourappname. pkg command generates pkg PS： For the second step, I have set sand box=true in both entitlents.plist and entitlents.macinheriting. plist. And after signing, using codesign -dvvv -- entitiements - /path to view the app file shows' checkbox=true ', and the [iFlytek Listen. app/Contents/MacOS/iFlytek Listen] file in the issue also exists. Using the Suspicious Package software to view pkg also has sandbox=true. A few months ago, I uploaded it once and the issues mentioned in the email did not appear. The only changes were the macOS system version number and the replacement of the signature with provisionprofileprovisionprofile. I have reviewed similar issues on the Apple Developer Forums, but have not been resolved

Hello! I encountered an issue while packaging and uploading the project to the Mac store. I received an email stating: ITMS-90296: App Sandbox not enabled - The following executors must include the 'com. apple. security. app sandbox' entitlement with a Boolean value of true in the entitlement property list: [[com. electron. iflyrecclient. pkg/Payload/iFlytek Listen. app/Contents/MacOS/iFlytek Listen]] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. Though you are not required to fix the following issues, we wanted to make you aware of them: ITMS-90886: 'Cannot be used with TestFlight because the signature for the bundle at' iFlytek hears. app 'is missing an application identifier but has an application identifier in the provisioning profile for the bundle.' Bundles with application identifiers in the provisioning profile are expected to have the same identifier signed into the bundle in order to be eligible for TestFlight.' But in my memory, the sandbox was set to true. I have also tried the methods in the forum, but they have not been resolved，I hope you can help me see what happened. Here are the specific situations I developed, This project is built and developed using electron9; The entire project was not developed using Xcode; The specific process of packaging into pkg is as follows: Step 1: Use an electron packager to package the app file Step 2: Use electron/osx sign to sign the entire app file (with options such as entitlement and provisioning profile configured) Step 3: Use the productbuild -- component Yourappname. app/Applications -- sign "3rd Party Mac Developer Installer: *** *** (XXXXXXXXXX)" Yourappname. pkg command to generate the pkg package Step 4: Upload to transporter The above operations were executed normally, and after the second step of signing, using the codesign dvvv -- entities -provided on the official website to query also showed that the sandbox was true. However, after the upload was successful, you will receive an email showing an issue, and the corresponding uploaded version cannot be found on the app connect website Hope to receive your answer. Wishing you good health and smooth work! PS: When generating the app, there is no sandbox related configuration in Info.Plist in the app content package. Is this normal? I checked the info.Plist of Google Chrome, Sogou Input Method and other software, and there is no sandbox configuration. Moreover, I tried manually adding it and then packaging it, but also encountered the same email problem.

When my macOS app (currently in TestFlight and set for Mac App Store distribution) tries to terminate another app, both terminate() and forceTerminate() consistently return false. However, I can retrieve a list of all running applications so some related APIs do work. I suspect this limitation is due to sandboxing. I have three questions: Is there any permission or entitlement I can add in Xcode to allow my app to terminate other applications? If no such permission exists, is there a way to guide users on how to launch my app (distributed through the Mac App Store) without sandboxing? For example, could they set it up to launch as a daemon or agent? If unsandboxing is impossible, would I need to create a separate target specifically without sandboxing? In other words, my MacOS app would communicate with my unsandboxed daemon that would do all the terminate()-ing?

Hello, It seems that an App Store version App uses a default sandbox configuration. However, my app contains multiple binaries, and I would like to apply additional sandbox restrictions to a specific binary. Is it possible to set different sandbox rules for different binaries within the same app? Thank you for your help!

Hello everyone, We develop an app called Unite (bundle ID: com.BZG.Unite), which allows users to create standalone macOS applications from websites. These user-generated apps are based on a backend browser template called DefaultApp (bundle ID: com.bzg.default.app). Here's how our setup works: Unite and DefaultApp: Both are signed with our Developer ID and include necessary provisioning profiles and entitlements. User-Created Apps: When a user creates an app with Unite, it generates a customized version of DefaultApp with the user's chosen name and settings. These apps are ad-hoc signed upon creation to reflect their unique identity. Issue Since updating to macOS 15, every time a user launches a created app, they encounter a persistent prompt asking for permission to access files outside the app's container. Granting full disk access in System Preferences suppresses the prompt, but this is not a practical solution for end-users. Upon launching a user-created app (e.g., "ExampleTest"), the following prompt appears: This prompt appears on every launch of the app. Steps to Reproduce On a Mac running macOS 15, create a new app using Unite (e.g., "ExampleTest"). Launch the newly created app. Observe the prompt requesting access to files outside the app's container. Close and relaunch the app; the prompt appears again. What We Have Tried Given that our apps use an app group (group.BZG.unite.sharedData) to share data between Unite, DefaultApp, and user-created apps, we believe this is triggering the prompt due to changes in System Integrity Protection (SIP) in macOS 15. We are further confident given that if the user does not allow access, the app does launch, but shows an error indicating that the created app was unable to access the data that is typically in the shared group. Here’s a summary of our troubleshooting efforts: 1. Adjusting App Group Configuration Ensured the app group name aligns with Apple's guidelines, including prefixing with the Team ID (teamid.group.BZG.unite.sharedData). Verified that the app group is correctly declared in the com.apple.security.application-groups entitlement. 2. Provisioning Profile Creation Generated provisioning profiles via Xcode and the Developer Console, ensuring the app group entitlement is included. Applied the provisioning profile to the user-created app during code signing. Despite these efforts, the issue continues. 3. Entitlements and Code Signing Created an entitlements file for the user-created app, mirroring the entitlements from DefaultApp, including: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>id.com.BZG.ExampleTest</string> <key>com.apple.developer.team-identifier</key> <string>id</string> <key>com.apple.security.application-groups</key> <array> <string>id.group.BZG.unite.sharedData</string> </array> <key>com.apple.security.app-sandbox</key> <true/> </dict> </plist> Signed the user-created app with our Developer ID and the provisioning profile Verified the entitlements 4. Reviewing System Logs Observed error messages indicating unsatisfied entitlements: message: com.BZG.ExampleTest: Unsatisfied entitlements: com.apple.security.application-groups **5. Consulting Documentation and WWDC Sessions ** Referenced post on App Groups in macOS vs iOS. Reviewed the macOS 15 Release Notes regarding SIP and app group container protection. Watched WWDC 2024 Session 10123: What's new in privacy, starting at 12:23. Questions Is there a way to authorize the com.apple.security.application-groups entitlement in the provisioning profile for ad-hoc signed apps? Given the SIP changes in macOS 15, how can we enable our ad-hoc signed, user-generated apps to access the app group container without triggering the persistent prompt? Are there alternative approaches to sharing data between the main app and user-generated apps that comply with macOS 15's SIP requirements? Is there anything to try that we're missing here to solve this? Any guidance on how to resolve this issue or workarounds to allow app group access without triggering the prompt would be greatly appreciated. Thank you for your assistance!

I have existing macOS application(pkg distribution) and now I need to release App Store version I need to move all files from "Documents/My App" to app container however container migration doesn't work in some cases I've tested TestFlight build: migration works fine if Mac uses Local Documents folder migration doesn't work if Mac uses iCloud Documents and Desktop folders Is there some way to fix this? container-migration.plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Move</key> <array> <string>${Documents}/My App</string> </array> </dict> </plist>

Hi, I have recently encountered an app with some odd behaviour and wanted to clarify some details about the way sandboxing works with iOS apps installed on a Mac. I am unsure whether this is due to a misunderstanding of system behaviour or whether this is a bug. The app was installed from the Mac App Store, designed for iPad. The developer of the app informed me that in lieu of a sign-in process, the app tries to persistently store a UUID of the user on the device so that when the app is deleted and reinstalled, the user is automatically logged in again. The developer says that two mechanisms are being used: 1) NSUserDefaults (via Flutter shared prefs) and 2) identifierForVendor. In the case of 1), my understanding is that these are managed by cfprefsd. Using the 'defaults domain' command, the domain of the app appears. However, there are no keys or values stored. Using the 'defaults write' and 'defaults read' and 'defaults delete' commands on that bundle identifier works as expected, but since it starts out empty, it cannot be read or deleted. Furthermore, the app's data is supposed to be sandboxed in /Library/Containers. When the app is uninstalled from Launchpad, I have confirmed that the folder is missing. When reinstalled, the app's settings and data are missing, but crucially, the cloud identifier is still persistent and is evident after 'setup'. In the case of 2), the developer documentation states that identifierForVendor changes when all apps from a developer have been removed from a device. The app in question is the only app that was installed from this developer, so logically this identifier should have changed when the app was deleted and reinstalled. I have confirmed that iCloud drive is not being used to store this data as there is no data in iCloud for this app. In any case, when the app is uninstalled and reinstalled, the app automatically logs the user into the "account" it was previously logged into, along with all of that user's data in the cloud. I have a sense that this type of persistent identifier tracking is what sandboxing was meant to address, but I am unsure why I have been unable to remove the UUID tag from my system. Any insight would be greatly appreciated!

Hello Apple Community, many thanks in advance for your help. My macOS app embeds a Python interpreter, compiled from source, including the Python executable and its associated libraries. The top-level app is built with Xcode 16.1 and it's written 100% in Swift6. For test purposes we are running the app on MacOS Sequoia 15.0, 15.1 and Sonoma 14.4. The app can be downloaded via TestFlight and Console app shows the next errors: Crash Reports python3.11 Application Specific Signatures: Unable to get bundle identifier for container id python3: Unable to get bundle identifier because Info.plist from code signature information has no value for kCFBundleIdentifierKey. tccd process error Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={TCCDProcess: identifier=[IDENTIFIER]], pid=62822, auid=502, euid=502, binary_path=[PATH TO SAMPLEAPP]]}, requesting={TCCDProcess: identifier=com.apple.appleeventsd, pid=577, auid=55, euid=55, binary_path=/System/Library/CoreServices/appleeventsd}, The next documents were helping a lot to reach the current state althought sometimes I was not sure how to apply them in this python interpreter context: Signing a daemon with a restricted entitlement Embedding a command-line tool in a sandboxed app XPC Rendezvous, com.apple.security.inherit and LaunchAgent Placing content in a bundle There are a lot of details that I will try to explain in the next lines. Once archived the app, it looks like this: SampleApp.app SampleApp.app/Contents SampleApp.app/Contents/Info.plist SampleApp.app/Contents/MacOS SampleApp.app/Contents/MacOS/SampleApp SampleApp.app/Contents/Resources SampleApp.app/Contents/Resources/Python.bundle And this is how Python.bundle looks like: Python.bundle/Contents Python.bundle/Contents/Info.plist Python.bundle/Contents/Resources Python.bundle/Contents/Resources/bin Python.bundle/Contents/Resources/bin/python3.11 <- Python executable Python.bundle/Contents/Resources/lib Python.bundle/Contents/Resources/lib/python3.11 <- Folder with python libraries This is the Info.plist associated with Python.bundle: <dict> <key>CFBundleIdentifier</key> <string>com.sampleapp.app.Python</string> <key>CFBundleName</key> <string>Python</string> <key>CFBundleVersion</key> <string>1.0</string> <key>CFBundlePackageType</key> <string>BNDL</string> </dict> For some reason Bundle Identifier is ignored. Created a Python target and added to the main app, I selected the Bundle template. In Python target I made the next customizations: Enabled the Skip Install (SKIP_INSTALL) build setting. Disabled the Code Signing Inject Base Entitlements Added entitlements com.apple.security.inherit to it, with a Boolean value of true. Tried to set Other Code Signing Flags (OTHER_CODE_SIGN_FLAGS) build setting to: $(inherited) -i $(PRODUCT_BUNDLE_IDENTIFIER) But I had to remove it because I could not get rid of this error "-i com.sampleapp.app.Python: No such file or directory" Created a python.plist and set it in the Packaging Build Settings section. I set Generate Info.plist File to No In this document: Embedding a command-line tool in a sandboxed app Says: "Add the ToolX executable to that build phase, making sure Code Sign On Copy is checked." But I could not do it to avoid duplicates, since the bundle itself contains the executable too. I'm not sure how to handle this case. Tried to add python3.11 executable in the bundle MacOS folder, but bundle executableURL returned nil and I could not use python from the code. This is how I get Python bundle from code: static var pythonBundle: Bundle? { if let bundlePath = Bundle.main.path(forResource: "Python", ofType: "bundle"), let bundle = Bundle(path: bundlePath) { return bundle } return nil } Created Python.entitlements with the next key-values: <key>com.apple.security.app-sandbox</key> <true/> and it is used in an Archive Post-action of SampleApp, in order to sign the python executable of Python.bundle as follows: codesign --force --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$DEVELOPER_ID_APPLICATION" "$ARCHIVE_PATH" The reason of using an Archive Post-action is becauses signing from a Python.bundle Build phase was generating errors related to Sandboxing. These are the entitlements to codesign SampleApp: <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-only</key> <true/> <key>com.apple.security.inherit</key> <true/> </dict> Most probably I was mixing concepts and it seems created some confusion. We would really love to get some advice, Thanks!

Context I'm working on a Mail.app plugin. I would like to disseminate plugin via AppStore. I'm interested in exposing a functionality to user enabling user to choose if plugin should apply to all or selected email account. My intention is to use AppleScript to get a list of available email accounts and expose the list to the end-user via SwiftUI Sourcing account information Apple Script I'm using the following AppleScript tell application "Mail" set accountDict to {} repeat with acc in accounts set accName to name of acc set accEmails to email addresses of acc set accountDict's end to {accName:accEmails} end repeat return accountDict end tell The above generates expected results when executed using Script Editor. Swift Implementation This is still incomplete but shows the overall plan. // // EmailAccounts.swift import Foundation enum EmailScriptError: Error { case scriptExecutionError(String) } struct EmailAccounts { func getAccountNames() -&gt; [String]? { let appleScriptSource = """ tell application "Mail" set accountDict to {} repeat with acc in accounts set accName to name of acc set accEmails to email addresses of acc set accountDict's end to {accName:accEmails} end repeat return accountDict end tell """ var error: NSDictionary? var accountNames: [String] = [] // Create script object, exit if fails guard let scriptObject = NSAppleScript(source: appleScriptSource) else { return nil } // Execute script and store results, nil on error let scriptResult = scriptObject.executeAndReturnError(&amp;error) if error != nil { return nil } // Iterate over results for index in 0...scriptResult.numberOfItems { if let resultEntry = scriptResult.atIndex(index) { if let resultString = resultEntry.stringValue { // Process result handling // accountNames.append(resultString) } } } return accountNames } } Questions Most important one, can I deploy the App on the App Store and use NSAppleScript as shown above? If yes can I use the script in the manner shown above or will I need to store the script in User &gt; Library &gt; Application Scripts location and source it from there. This is outlined in the Scripting from a Sandbox article by Craig Hockenberry, which I cannot link due to being hosted within a not-permitted domain. If yes what entitlements I need to give to the target. I understand that I wouldn't be able to use ScriptingBridge, which feels more robust but wouldn't permit me to deploy the app on the AppStore. My key objective is to programatically identify mail accounts available to Mail.app, if there is a wiser / easier way of doing that I would be more than receptive.