I'm trying to distribute a sandboxed macOS app with a PacketTunnelProvider (system extension) via direct distribution (outside of AppStore).
The app and the extension both use the same app group, using the new group.com.XXXX.YYYY format detailed here for 10.15+ https://developer.apple.com/forums/thread/721701
I've also followed the instructions below to get around the quirk of not being able to directly process it via XCode: https://developer.apple.com/forums/thread/737894
I've re-signed with Developer ID certificate, all that is smooth and successfully notarized.
However upon running the app I get:
"My.app" would like to access data from other apps.
Checking ~/Library/Containers ~/Library/Group Containers
I see the correct files folders have been created before I select Don't Allow and Allow.
My app does not access any files or folders outside of the sandboxed directories.
- How can I prevent this from happening?
- In order to diagnose further, how to diagnose exactly which files/folder the app is trying to access that is causing this problem?