How can you determine what entitlements an app is using


I keep getting the same rejection reason from Apple MAS - viz:

[quote]We found that your app uses a deprecated sandbox entitlement: -

Please revise your app to use the following entitlement: [/quote]

I am using AppWrapper to wrap and set the entitlements and was pretty sure I was not using the incorrect settings.

Does anyone know how to test a wrapped app to determine which entitlements it is requesting - i.e. much the same test that Apple must be using to determine whether or not to reject my app? It would be great to test these directly, rather than having to wait 10-15 days for Apple to test them for me.


codesign -d --entitlements :- “Payload/”

security -D -i “Payload/”

Okay, this one is notoriously hard. Basically, Apple replaced their temporary entitlement with a new one, but forgot to add any functionality to it!

If App Wrapper 3, go the “Apple Script” section of the “Capabilities” pane. Then double click the application, mail in this instance. There is a checkbox for Legacy entitlements and there should be several items listed, I’m not at my machine with App Wrapper at the moment, so I can’t double check, but the items should be something like.


You need to have these listed and the legacy checkbox selected.

Now you have to write to the reviewer at Apple and tell him that you need the Legacy entitlement to allow usage of Apple Mail in older versions of the OS. Write a nice polite note, and save it somewhere on your computer, because you’ll need to use this note evverytime you submit an update to Apple.

Alternatively, if you just want to create an e-mail that is pre-addressed and with content you can use the ShowURL function in Xojo and create a “mailto:” link. Then you don’t need the stupid entitlement.

If you want to create an e-mail with a file attached (i.e. for sharing such file). Then use the NSWorkspace launchWithApplication function. If you have MBS the code should be there already, or if you’re using MacOSLib. If you’re using neither, then I can write out the declares for you.

Ideally, it will be less hassle if you can avoid Apple Script as this seems to be something that Apple is trying to phase out.

Thanks Horst and Sam
I’ve be rejected twice now, including an appeal, despite using what I believe is the correct entitlement and a polite note.
In fact, worse still, I added the entitlements via AppWrapper for scripting mail, but actually don’t use them as I am using the ShowURL method.
I shall remove all AppleScripts and entitlements, and try again.

This is another great way to get rejected. Do not ask for entitlements you don’t use.

It seems to me that in general Apple Scripting is a no-no with a Sandbox application, even though there are two entitlements for it. Some people have been lucky enough, while others have failed to earn the grace of the App Store reviewer.

Yes indeed Tim, that was my duh moment. I’ve now removed the entitlements so hopefully the problem will go away (another 11 day wait).

And yes Sam, it does seem that Apple rejected the app purely based on the request for legacy entitlements for scripting Mail.