Endpoint Security Extension + SandBox + App Distribution

Hi All,

I'm developing a security application that uses an endpoint security extension. The application has two parts main and extension. I have an entitlements for Security Extension Client from Apple.

I'd like to distribute apps through the Apple Store. Locally the app runs without problems on enabled machines, but when I try to get it through Testfligt to the appstore I get two errors:

ITMS-90285 - Invalid Code Signing Etitlements. Your application bundle’s signature contains code signing etitlements that are not supported on MacOs. Specifically, key ‚com.apple.developer.endpoint-security.client‘

ITMS-90296 - App sandbox not enabled on extension

When I turn on sandbox for extension, the extension fails to register endpoint security client

let res = es_new_client(&client) { _, event in self.eventDispatcher(msg: event)

Without sandbox it runs without any problem.

Thank you very much for your help I don't know how to proceed.

Martin

Up vote post of kubicekmartin Down vote post of kubicekmartin
1.4k views
Posted by
kubicekmartin
Reply
Add a Comment

Accepted Reply

I'd like to distribute apps through the Apple Store.

While the Mac App Store will accept certain types of sysexes — specifically Network Extension and DriverKit — it will not accept Endpoint Security ones. If you’re creating an ES sysex, you must distribute it independently, using Developer ID signing.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

I'd like to distribute apps through the Apple Store.

While the Mac App Store will accept certain types of sysexes — specifically Network Extension and DriverKit — it will not accept Endpoint Security ones. If you’re creating an ES sysex, you must distribute it independently, using Developer ID signing.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Hi Eskimo,

many thanks for you answer.

Unfortunately we will have to change our plans for the distribution of the application.

Martin

Posted by
kubicekmartin
Up vote reply of kubicekmartin Down vote reply of kubicekmartin
Add a Comment

Is this still the case with Ventura too? Apps with ES linked system extensions are still not allowed in App store?

Posted by
pluto
Up vote reply of pluto Down vote reply of pluto
Add a Comment

Is this still the case with Ventura too?

Yes.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment