Entitlements confer specific capabilities or security permissions to your iOS or macOS app.
At a Glance
Set entitlement values in order to enable iCloud, push notifications, Apple Pay, and App Sandbox. Each entitlement has a default value, which in most cases disables the capability associated with the entitlement. When you set an entitlement, you are overriding the default by providing an appropriate key-value pair.
iCloud entitlements let you enable the use of iCloud data storage for your iOS or macOS app.
You set iCloud entitlement values on a target-by-target basis in your Xcode project.
Push notifications let your app alert the user even when your iOS or macOS app is not executing.
You set push notification entitlement values as part of configuring your development and distribution provisioning profiles.
Apple Pay and PassKit Entitlements enable in-app payments using Apple Pay, and allow your app to access passes from the PassKit library.
App Sandbox entitlements let you enable the security feature called sandboxing for your macOS app. (In iOS, all apps are sandboxed automatically, so these sandboxing entitlements do not apply.)
By carefully enabling only the resource access that you need, you minimize the potential for damage if malicious code successfully exploits your app. You set App Sandbox entitlement values on a target-by-target basis in your Xcode project.
You can set many entitlements using the Summary tab of the Xcode target editor. Other entitlements require editing a target’s entitlements property list file. Finally, a few entitlements are inherited from the iOS provisioning profile used to run the app.
The sort of value to associate with an entitlement key depends on the key. Many entitlement keys take Boolean values. For entitlements defined in a property list in an Xcode project, a Boolean entitlement value is either
<false/>. Some entitlement keys take a string or an array of strings as a value. Refer to the chapters in this document for specifics on the values to apply to the various entitlement keys.
To use any entitlement keys, you must code sign your app because an app’s entitlements are built in to its code signature.
Enable iCloud for Sharing Data Among Devices
Xcode’s target editor contains two fields that let you enable iCloud document and key-value storage for your app.
Enable Push Notifications for Alerting the User
You can send push notifications to users, by way of the Apple Push Notification service (APNs), to let users know your app has information for them. To enable the receiving of such notifications in your app, request the appropriate entitlement within your development and distribution provisioning profiles.
Enable Apple Pay and Access to Passes
You can accept in-app payment for goods and services. You can also access your passes in Wallet. Additional entitlements allow the suppression of the Apple Pay interface when working near NFC or other RF readers, and in-app provisioning of payment cards.
Enable App Sandbox to Minimize Damage from Malicious Code
Employ Xcode’s target editor to turn on and configure App Sandbox for targets in an macOS project.
Use App Sandbox Temporary Exceptions, If Needed
If you are unable to transition your entire app to App Sandbox in a single release, you can employ special temporary-exception entitlements.
Understand where entitlements fit into the development process by reading App Programming Guide for iOS or Mac App Programming Guide.
You set iCloud and App Sandbox entitlement values using Xcode. For an introduction to Xcode, read Xcode User Guide.
When adding iCloud features to your app, be sure to read iCloud Design Guide.
When adding push notification capability to your app, refer to Local and Remote Notification Programming Guide.
When configuring your sandbox, use this document in concert with App Sandbox Design Guide.