I just saw another post regarding bookmarks on iOS where an Apple engineer made the following statement:
macOS is better at enforcing the "right" behavior, so code that works there will generally work on iOS.
So I went back to my macOS code to double-check. Sure enough, the following statement:
let bookmark = try url.bookmarkData(options: .withSecurityScope)
fails 100% of the time.
I had seen earlier statements from other DTS Engineers recommending that any use of a URL be bracketed by start/stopAccessingSecurityScopedResource.
And that makes a lot of sense. If "start" returns true, then call stop. But if start returns false, then it isn't needed, so don't call stop. No harm, no foul.
But what's confusing is this other, directly-related API where a security-scoped bookmark cannot be created under any circumstances because of the URL itself, some specific way the URL was initially created, and/or manipulated?
So, what I'm asking is if someone could elaborate on what would cause a failure to create a security-scoped bookmark? What kinds of URLs are valid for creation of security-scoped bookmarks? Are there operations on a URL that will then cause a failure to create a security-scoped bookmark? Is it allowed to pass the URL and/or bookmark back and forth between Objective-C and Swift?
I'm developing a new macOS app for release in the Mac App Store. I'm initially getting my URL from an NSOpenPanel. Then I store it in a SQLite database. I may access the URL again, after a restart, or after a year. I have a login item that also needs to read the database and access the URL.
I have additional complications as well, but they don't really matter. Before I get to any of that, I get a whole volume URL from an NSOpen panel in Swift, then, almost immediately, attempt to create a security-scoped bookmark. I cannot. I've tried many different combinations of options and flows of operation, but obviously not all.
I think this started happening with macOS 26, but that doesn't really matter. If this is new behaviour in macOS 26, then I must live with it.
My particular use requires a URL to a whole volume. Because of this, I don't actually seem to need a security-scoped bookmark at all. So I think I might simply get lucky for now.
But this still bothers me. I don't really like being lucky. I'd rather be right. I have other apps in development where this could be a bigger problem. It seems like I will need completely separate URL handling logic based on the type of URL the user selects.
And what of document-scoped URLs? This experience seems to strongly indicate that security-scoped URLs should only ever be document-scoped. I think in some of my debugging efforts I tried document-scoped URLs. They didn't fix the problem, but they seemed to make the entire process more straightforward and transparent. Can a single metadata-hosting file host multiple security-scoped bookmarks? Or should I have a separate one for each bookmark?
But the essence of my question is that this is supposed to be simple operation that, in certain cases, is a guaranteed failure. There are a mind-bogglingly large number of potential options and logic flows. Does there exist a set of options and logic flows for which the user can select a URL, any URL, with the explicit intent to persist it, and that my app can save, share with helper apps, and have it all work normally after restart?
An update: I thought it would be enlightening to write a simple demonstration app. I did that and learned a few things.
Apple documentation describes two entitlements that are required for security scoped bookmarks. This document is strange. For one thing, the URL is under video applications. And it's ancient, referring to changes in macOS 10.7.3. It's also wrong. The entitlement "com.apple.security.files.bookmarks.app-scope" is not necessary and has no effect.
More importantly, the entitlement "com.apple.security.files.bookmarks.document-scope" is required for security scoped bookmarks with document scope. You'll get an error if you attempt to use them without this entitlement. Unfortunately, they also don't work at all. The entitlement error is straightforward and tells you that you need the entitlement. But then, when you provide it, all attempts fail with error 256 "Item URL disallowed by security policy". It does seem to be modifying the metadata of the reference URL, but then it just doesn't work. That's too bad. I prefer to have data where I can see it.
As far as security-scoped bookmarks and URLs, it's just really complicated now. It's impossible to create security-scoped bookmarks for certain URLs. I've only found two paths that are guaranteed failures: / and /System/Volumes/Data. These are kinda the same thing, but also kinda not. Unfortunately, if you allow the end user to select a directory, there's nothing stopping them from selecting these two locations.
My recommendation is to wrap a URL in a class that can manage both the start/stopAccessingSecurityScopedResource and when creating a security scoped bookmark, fall back to a standard bookmark (or just an absolute string) on failure and hope that's useable after restart.
Maybe this is just a bug in macOS 26 and it'll be fixed before launch. But even if this happens, this is obviously an API that's at risk for breakage.