I was able to resolve this. The workaround was to store data in ~/Library/Containers/[app identifier] Read/write operations appear to work in these folders for Sandbox. Is this the recommended best-practice?

Thank you Quinn ! I was able troubleshoot most issues. The application launches and working fine , the challenge now facing is that the application is getting a block (by sandbox?) when attempts to write log inside the .app container. When app runs without sandbox it works ok. So I suspect it is a sandbox permission issue (not POSIX perms). Question: Is there are proper location for app required data that needs persistence & read/write, that sandbox will allow? Here is Here is the structure of the ".app" . The log files are in the /app path. Read operations are working fine. It is write that are blocked. drwxr-xr-x 9 alejandro admin 288 Feb 12 18:49 . drwxr-xr-x 3 alejandro admin 96 Feb 12 18:49 .. -rw-r--r-- 1 alejandro admin 1367 Feb 12 18:49 Info.plist drwxr-xr-x 3 alejandro admin 96 Feb 12 18:55 MacOS -rw-r--r-- 1 alejandro admin 8 Feb 12 18:49 PkgInfo drwxr-xr-x 3 alejandro admin 96 Feb 12 18:49 Resources drwxr-xr-x 3 alejandro admin 96 Feb 12 18:49 _CodeSignature drwxr-xrwx 8 alejandro admin 256 Feb 12 18:49 app drwxr-xr-x 3 alejandro admin 96 Feb 12 18:49 runtime Thank you

I was able to generate and submit pkg , wanted to share with community in case it helps here are steps to generate pkg and submit it Step 1 - built a native app SwiftUI using Xcode , then fetched the ".app" from Build folder (copy it to a work folder) Step 2 - Place all java jars in /Myapp.app/Contents/Resources/javastuff folder Step 3 -Place java runtime at /Myapp.app/Contents/PlugIns. I used openJDK21. Step 4 -Codesign App + all binaries with "3rd Party Mac Developer Application" Certificate codesign -s "Developer ID Application: xxxxxx" -f --timestamp -o runtime -i "com.yourdomain.yourapp" --entitlements App.entitlements MyApp.app/Contents/Resources/javastuff/binary1 ... repeat for each binary.... Step 5 -Build pkg using productbuild productbuild --component My.app /Applications Product.pkg Step 6 -Sign pkg with 3rd Party distribution certificate productsign --sign "3rd Party Mac Developer Installer: xxxxxx" Product.pkg Product-signed.pkg Step 7 -Upload pkg xcrun altool --upload-app -f ./Product-Signed.pkg --type mac --user "(youremail)" --pass (your password). I am now grappling with error on Java , the runtime throws a trap which has no info or documentation. Anyone experience this ? any tips or guidance? $java -version 34655 Trace/BPT trap: 5 console shows the following events: java[34669]: root path for bundle "" of main executable "" java[34669]: AppSandbox request successful AMFI: Denying core dump for pid 34669 (java) java[34669] Corpse allowed 1 of 5 Formulating fatal 309 report for corpse[34669] java