Sandboxed macOS app with system extension, app groups, getting data permission issue

I'm trying to distribute a sandboxed macOS app with a PacketTunnelProvider (system extension) via direct distribution (outside of AppStore).

The app and the extension both use the same app group, using the new group.com.XXXX.YYYY format detailed here for 10.15+ https://developer.apple.com/forums/thread/721701

I've also followed the instructions below to get around the quirk of not being able to directly process it via XCode: https://developer.apple.com/forums/thread/737894

I've re-signed with Developer ID certificate, all that is smooth and successfully notarized.

However upon running the app I get:

"My.app" would like to access data from other apps.

Checking ~/Library/Containers ~/Library/Group Containers

I see the correct files folders have been created before I select Don't Allow and Allow.

My app does not access any files or folders outside of the sandboxed directories.

  1. How can I prevent this from happening?
  2. In order to diagnose further, how to diagnose exactly which files/folder the app is trying to access that is causing this problem?
Answered by mklnz5 in 853433022

Ah I found the issue, one of the Provisioning Profiles became "Invalid" randomly, even though it's not expired.

Accepted Answer

Ah I found the issue, one of the Provisioning Profiles became "Invalid" randomly, even though it's not expired.

Sandboxed macOS app with system extension, app groups, getting data permission issue
 
 
Q