App Sandbox not enabled

In my experience there are two common causes of problems like this:

• the app really isn’t sandboxed

• the app contains sub-executables (helper tools, login items, and so on) that are not sandboxed

To debug this, look at the following:

• QA1798 Checking Distribution Entitlements

• Technote 2415 Entitlements Troubleshooting — This is technically for iOS, but a lot of the info it contains is useful on the Mac as well.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I am having the same problem where I am getting the rejection email "App sandbox not enabled - The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list."

I've tried everything you've suggested for robstott and I see the entitlement plists for my app and share extension that is getting submitted to iTunes Connect and the sandbox setting is always true, e.g.:

<key>com.apple.security.app-sandbox</key>

<true/>

Days have been spent on this and I would really appreciate your help.

I see the entitlement plists for my app and share extension …

Your entitlements file is an input to the entitlements generation process, whereas this check is done on the output. This distinction is important, because if you only check the entitlements file you’re missing out on at least half of the picture.

How many executables does your app contain? You mentioned the main app and the share extension? Are there others?

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I'm having the same problem.

• I have an appropriate .entitlements file

• The entitlements file contains "App Sandbox" set to YES

• App Sandbox is turned on under the target's "Capabilities"

and when I try to validate for the App Store I get

App sandbox not enabled. The folowing executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements propertly list".

My app doesn't contain any subexecutables.

When I look at the log I see green checks for Process and for Sign

Tried cleaning the build folder, turning sandbox off and then back on, but nothing works.

Probably doing something stupid, but would be grateful if anyone has any suggestions.

Thanks,

Philip

I tracked down the problem to the Build Settings, Signing, CODE_SIGN_ENTITLEMENTS had multiple values. The values looked all the same, so I just re-entered the path for the entitlement file, the multiple values went away, and I no longer got the Sandbox not enabled error.

What worked for me was adding the --entitlements argument into codesign command:

codesign -vvv --options=runtime --entitlements <path_to_your_entitlements> --force --timestamp --deep [...]

I’m glad that’s working for you but…

codesign … --deep …

please don’t sign code using --deep. See --deep Considered Harmful for an explanation as to why this is a bad idea. Rather, sign each code item separately, from the inside out. See Creating Distribution-Signed Code for Mac for all the details

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I just had the same error, tried everything on Stackoverflow, Google and here with not luck.

I'm trying to use Apple Silicon to upgrade my app to universal but my old xcode app project was from old intel mac, and had an user defined setting VALID_ARCHS set to x86_64. So my solution was to remove that VALID_ARCHS variable and it works perfectly.

My suggestion is to carefully and double check for possible conflicts in build settings, if you are having this problem due to upgrading from previous old xcode project.

changing this param to "No" solved the issue for me

I was welcomed with this issue today. Been publishing this app properly signed for years. It's even visible in the package review that the binaries have this flag enabled but the build is being blocked with this message:

ITMS-90296: App sandbox not enabled

The following executables must include the 'com.apple.security.app-sandbox' entitlement with a Boolean value of true in the entitlements property list:

[[com.aone.keka.pkg/Payload/Keka.app/Contents/MacOS/keka7z

...

Similar to https://developer.apple.com/forums/thread/705472, I had to create new certificates and resign all binaries. Probably this was caused by an expired certificate.

I's even visible in the package review that the binaries have this flag enabled

Weird. If you export (rather than upload) and then pull apart the installer package, what does the following show:

% codesign -d --entitlements - Keka.app/Contents/MacOS/keka7z

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

hello folks! I were stuck with the same issue to resolve properly without set ENABLE_USER_SCRIPT_SANDBOXING = No, first you need to comment in the Podfile the command "use_frameworks!", i.e. leaving it out (in this way you be able to set in Build Phases -> Link Binary with Libraries the libPods-namePod.a instead of namePod.framework) then run pod install and finally build and run enjoy!