My app Mocawave is a music player distributed through the Mac App Store. It declares specific audio document types (public.mp3, com.microsoft.waveform-audio, public.mpeg-4-audio, public.aac-audio) in its CFBundleDocumentTypes with a Viewer role.
When a user sets Mocawave as the default app for audio files and double-clicks an MP3 downloaded from the internet (which has the com.apple.quarantine extended attribute), macOS displays the alert:
"Apple could not verify [filename] is free of malware that may harm your Mac or compromise your privacy."
This does not happen when:
- Opening the same file via NSOpenPanel from within the app
- Opening the same file with Apple's Music.app or QuickTime Player
The app is:
- Distributed through the Mac App Store
- Sandboxed (com.apple.security.app-sandbox)
- Uses com.apple.security.files.user-selected.read-write entitlement
The file being opened is a regular audio file (MP3), not an executable. Since the app is sandboxed and distributed through the App Store, I expected it to have sufficient trust to open quarantined data files without triggering Gatekeeper warnings — similar to how Music.app and QuickTime handle them.
Questions:
- Is there a specific entitlement or Info.plist configuration that allows a sandboxed Mac App Store app to open quarantined audio files without this alert?
- Is this expected behavior for third-party App Store apps, or could this indicate a misconfiguration on my end?
Environment: macOS 15 (Sequoia), app built with Swift/SwiftUI, targeting macOS 13+.
