User Profile

Does this only crop up when you upgrade your app using this installer? Or do you see it on first install of the app? I test with clean install, and it does not show the dialog. Re-install also show no dialog after launch app & create a file in App Container. Since it is no reproducing, my guess is that the problem was caused by launching an application sign with an adhoc signature ("Sign to Run Locally") so that the owner of the container is changed from the legitimate Team ID: Build adhoc signature app (choose "Sign to Run Locally" in Xcode) and launch The app shows a dialog “macSKK” is from an unidentified developer and differs from previously opened versions. Are you sure you want to open it? after accessing App Container (?) Choose "Open Anyway", it changes the owner of App Container (?) Open pkg via Installer.app, it shows the dialog “Installer” would like to access data from other apps.. I have found that by using certificates with same Team IDs in debug builds, such as when running unit tests, the problem does not reproduce itself in my environment.

@eskimo Thanks for reply. I also watched the video "What's new in privacy". This video says "All apps signed with your Team ID can access data in your other app's containers by default", starting at 20:55. My thoughts are as follows: App is signed with "Developer ID Application". Pkg is signed with "Developer ID Installer" with same Team ID. So Installer can write to App Container because installer pkg and app has signed with same Team ID. I’m not sure how your installer is managing to trip this. Within the installer package, what’s actually writing to this file? The installed contents itself? Or some sort of script? No script. My installer bundles app pkg and data pkg using productbuild --distribution script/distribution.xml. After building bundled pkg, signs using productsign. Definition: https://github.com/mtgto/macSKK/blob/main/script/distribution.xml Script: https://github.com/mtgto/macSKK/blob/0.9.1/Makefile#L61-L62 Data pkg contains a file Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/Dictionaries/SKK-JISYO.L. ❯ pkgutil --files net.mtgto.inputmethod.macSKK.app ._Library Library Library/._Input Methods Library/Input Methods Library/Input Methods/._macSKK.app Library/Input Methods/macSKK.app Library/Input Methods/macSKK.app/._Contents Library/Input Methods/macSKK.app/Contents ... ❯ pkgutil --files net.mtgto.inputmethod.macSKK.dict ._Library Library Library/._Containers Library/Containers Library/Containers/._net.mtgto.inputmethod.macSKK Library/Containers/net.mtgto.inputmethod.macSKK Library/Containers/net.mtgto.inputmethod.macSKK/._Data Library/Containers/net.mtgto.inputmethod.macSKK/Data Library/Containers/net.mtgto.inputmethod.macSKK/Data/._Documents Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/._Dictionaries Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/Dictionaries Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/Dictionaries/._SKK-JISYO.L Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/Dictionaries/SKK-JISYO.L Addition: Signatures of app and installer package app has signed with Team ID "W3A6B7FDC7" ❯ codesign -dvvv ~/Library/Input\ Methods/macSKK.app Executable=/Users/user/Library/Input Methods/macSKK.app/Contents/MacOS/macSKK Identifier=net.mtgto.inputmethod.macSKK Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=5128 flags=0x10000(runtime) hashes=149+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=4ebfa49edd8731cc6bcff49b0592877a769dbd8d CandidateCDHashFull sha256=4ebfa49edd8731cc6bcff49b0592877a769dbd8dcdf6dfef04e58c8d318d6f99 Hash choices=sha256 CMSDigest=4ebfa49edd8731cc6bcff49b0592877a769dbd8dcdf6dfef04e58c8d318d6f99 CMSDigestType=2 CDHash=4ebfa49edd8731cc6bcff49b0592877a769dbd8d Signature size=9046 Authority=Developer ID Application: Satoshi Gotou (W3A6B7FDC7) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Oct 8, 2023 at 10:11:39 Info.plist entries=34 TeamIdentifier=W3A6B7FDC7 Runtime Version=14.0.0 Sealed Resources version=2 rules=13 files=7 Internal requirements count=1 size=220 pkg has Team ID "W3A6B7FDC7" ❯ pkgutil --check-signature /Volumes/macSKK/macSKK-0.9.1.pkg Package "macSKK-0.9.1.pkg": Status: signed by a developer certificate issued by Apple for distribution Notarization: trusted by the Apple notary service Signed with a trusted timestamp on: 2023-10-08 01:11:41 +0000 Certificate Chain: 1. Developer ID Installer: Satoshi Gotou (W3A6B7FDC7) Expires: 2027-02-01 22:12:15 +0000 SHA256 Fingerprint: 4B 04 F9 16 DA 30 68 EC 00 BC 5B B5 F6 E2 C4 88 FC 22 A3 F7 F3 1B A1 A5 06 B7 54 27 01 0B 37 12 ------------------------------------------------------------------------ 2. Developer ID Certification Authority Expires: 2027-02-01 22:12:15 +0000 SHA256 Fingerprint: 7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03 F2 9C 88 CF B0 B1 BA 63 58 7F ------------------------------------------------------------------------ 3. Apple Root CA Expires: 2035-02-09 21:40:36 +0000 SHA256 Fingerprint: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 68 C5 BE 91 B5 A1 10 01 F0 24