Entitlement values for the Enhanced Security and the Additional Runtime Platform Restrictions

I recently turned on the enhanced security options for my macOS app in Xcode 26.0.1 by adding the Enhanced Security capability in the Signing and Capabilities tab. Then, Xcode adds the following key-value sets (with some other key-values) to my app's entitlements file.

	<key>com.apple.security.hardened-process.enhanced-security-version</key>
	<integer>1</integer>
	<key>com.apple.security.hardened-process.platform-restrictions</key>
	<integer>2</integer>

These values appear following the documentation about the enhanced security feature (Enabling enhanced security for your app) and the app works without any issues.

However, when I submitted a new version to the Mac App Store, my submission was rejected, and I received the following message from the App Review team via the App Store Connect.

Guideline 2.4.5(i) - Performance

Your app incorrectly implements sandboxing, or it contains one or more entitlements with invalid values. Please review the included entitlements and sandboxing documentation and resolve this issue before resubmitting a new binary.

  • Entitlement "com.apple.security.hardened-process.enhanced-security-version" value must be boolean and true.
  • Entitlement "com.apple.security.hardened-process.platform-restrictions" value must be boolean and true.

When I changed those values directly in the entitlements file based on this message, the app appears to still work. However, these settings are against the description in the documentation I mentioned above and against the settings Xcode inserted after changing the GUI setting view.

So, my question is, which settings are actually correct to enable the Enhanced Security and the Additional Runtime Platform Restrictions?

Entitlement values for the Enhanced Security and the Additional Runtime Platform Restrictions
 
 
Q