App Group Not working as intended after updating to macOS 15 beta.

I have an app (currently not released on App Store) which runs on both iOS and macOS. The app has widgets for both iOS and macOS which uses user preference (set in app) into account while showing data. Before upgrading to macOS 15 (until Sonoma) widgets were working fine and app was launching correctly, but after upgrading to macOS 15 Sequoia, every time I launch the app it give popup saying '“Kontest” would like to access data from other apps. Keeping app data separate makes it easier to manage your privacy and security.' and also widgets do not get user preferences and throw the same type of error on Console application when using logging. My App group for both iOS and macOS is 'group.com.xxxxxx.yyyyy'. I am calling it as 'UserDefaults(suiteName: Constants.userDefaultsGroupID)!.bool(forKey: "shouldFetchAllEventsFromCalendar")'. Can anyone tell, what am I doing wrong here?

Answered by antarian in 802735022

I was able to confirm Quinn's suggested work-around does indeed work! I created a separate copy of the entitlements file for macOS and changed just the com.apple.security.application-groups setting in the macOS version so that the first part of the string is our team ID (instead of "group"). Then I added a macOS variant for both Debug and Release for the "Code Signing Entitlements" in build settings and set the new values to the macOS version of the entitlements file I just created.

Now I'm no longer getting that annoying alert when I run the macOS version! I also confirmed that the iOS version of my app still works as before.

So I am still struggling with this issue. My issue is slightly different than most people in that I am not as much worried about Mac/iOS interoperability but just that when a user launches the next version of my app, they don't get the alert to allow the app to have access to the data.

My shipping Mac app stores it's data in an app group so that my internal extensions can also access the same data. This app group is named group.<mycompany>.<myappname>. This has been done for years and works great. It also works fine on Sequoia (for currently shipping version).

However, when I build the app with Xcode 16, I am now getting the alert. The alert happens even before my app delegate is loaded so it appears by just having the app group listed in my entitlements (or info.plist) is causing the alert.

Therefore, even if I wanted to migrate the user's data to a new location, they would still get the alert until all users migrated and I could do a new release removing the entitlement.

To be clear, on Sequoia 15.0.1 and using released Xcode 16, I am still getting this alert when building for the App Store (Test Flight) or direct distribution.

@colink, it sounds like you might have solved this for Test Flight builds but unclear what you did to do this.

Any help on this would be greatly appreciated!!! //Ray

raymo, two questions:

  • Is your app distributed via the Mac App Store? Or do you distribute it directly using Developer ID signing?

  • Is this a Mac Catalyst app? Or just a standard Mac app?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

OK.

The group. prefix isn’t historically appropriate for macOS. I talk about this in detail in App Groups: macOS vs iOS: Fight!.

However, if you’re already shipping an app that way then you’ll want to maintain compatibility. The good news is that this should be possible. Quote the System Integrity Protection section of the macOS Sequoia 15 Release Notes:

the app must use FileManager to get the app group container path and meet one of the following requirements:

  • the app is deployed through Mac App Store
  • the app group identifier is prefixed with the app’s Team ID
  • or the app group identifier is authorised by a provisioning profile embedded within the app.

Your app will fall enough case 1.

There are two challenges here:

  • This doesn’t help during development. You continue to hit those popups.

  • Prior to macOS 15.1 (currently a release candidate), you can’t test this with TestFlight. See the System Integrity Protection section of the macOS Sequoia 15.1 RC Release Notes.

Oh, and if your app group ID isn’t registered with the Developer website, do that now.

ps It’s better to reply as a reply rather than in the comments; see Quinn’s Top Ten DevForums Tips for this and other tips.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

OK thank you!!

I was able to test with 15.1 via Test Flight and it worked! (That is, no alert).

I can live with development issue by using a team identifier for my dev builds.

And group ID is registered,

Thanks again! //Ray

macOS Sequoia has started to fully control security.

The issue is with App Groups in xCode.

The app developer in xCode should go to the section (repeat for each target):

Signing & Capabilities → Targets → TARGET_NAME → App Groups → App Group

in which he should specify the following:

$(TeamIdentifierPrefix)myFirm.myName

A fictitious ID like this does not work:

myGroupID.myFirm.myName

And in the program code he should specify the real group ID (in numbers)

let storeDirectory = FileManager.default.containerURL(
    forSecurityApplicationGroupIdentifier: “0123456789.myFirm.myName”
)

After recompiling the app, the problem disappears.

App Group Not working as intended after updating to macOS 15 beta.
 
 
Q