4 Replies
      Latest reply on Jun 26, 2019 7:24 AM by frank9
      frank9 Level 1 Level 1 (0 points)

        How can I convince Apple to grant the entitlement "com.apple.security.files.user-selected.executable=True". My apps needs it and other apps in the app store use it as well, but Apple keeps rejecting it, without any explanation.

         

        The app does not create any new files, it just clones existing files, which may be executable or not. In the sandbox these files are always quarantined. Also changing attribues of folders sets the com.apple.quarantine attribute. Is there another solution to have these files not quarantined without the entitlement com.apple.security.files.user-selected.executable=True?

        • Re: App with com.apple.security.files.user-selected.executable=True rejected from App Store
          john daniel Level 3 Level 3 (380 points)

          Apple seems to be stepping up the security lately. At least some people thought that this entitlement should have been deprecated two years ago (https://forums.developer.apple.com/thread/71800). At any rate, it is clearly something that is appropriate for a sandboxed app that is not in the Mac App Store (if such a fanciful beast exists). Going forward, developers should consider how a given feature would work on iOS and use that approach. If that doesn't make any sense for macOS, then drop that feature entirely or leave the Mac App Store.

            • Re: App with com.apple.security.files.user-selected.executable=True rejected from App Store
              frank9 Level 1 Level 1 (0 points)

              The entitlement "com.apple.security.files.user-selected.executable" is not deprecated as of today. It makes totally sense to use it, e.g. any edit application that allows editing executables should have it. Even Apple is using it with the application "TextEdit". Other editors in the Mac App Store like "BBedit" use it as well.

               

              So, if some apps are allowed to use this entitlement in the App Store today and others are getting rejected, I would like to understand the rules behind it. What are the guidelines to use this entitlement as long as it is not deprecated?

              • Re: App with com.apple.security.files.user-selected.executable=True rejected from App Store
                NoiseTECH Level 1 Level 1 (0 points)

                The sad implication here is there is no difference betwen what iOS and macOS are tasked to do. In otherwords, hauling 1 ton of gravel in the back of your Hoda Accord is perfectly reasonble. In otherwords, while I use both iOS and macOS, there are tasks I do in macOS that are not at all reasonable to even attempt to do in iOS.

                 

                "com.apple.security.files.user-selected.executable" set to true is reasonable under some conditions. That, or the poorly thought out rules for setting the quartine bit need to be re-examinded and fixed.

                  • Re: App with com.apple.security.files.user-selected.executable=True rejected from App Store
                    frank9 Level 1 Level 1 (0 points)

                    I fully agree with you regarding the ruleset for quarantining.

                     

                    In the meantime I have released the app in the macOS App Store with the entitlement "com.apple.security.files.user-selected.executable=false", because Apple has not granted the right to use it yet. At the same time I have opened a support case, because for the specific app, not to use the entitlement introduces a security issue from my point of view.

                     

                    The app implements file level deduplication for APFS and replaces all duplicate files with clones, in order to free up disk space. After replacing a file with a clone of a duplicate, the app replaces all metadata of the clone with the metadata of the previously removed file. This works fine, other than that the quarantine extended attribute is set if I don't use the entitlement. As a result the deduplication app overwrites all existing quarantine extended attributes of deduplicated files, which may be a security issue for the user. The user gets warnings that files were downloaded by "diskDedupe", even though the file was actually downloaded by another possibly dangerous app. My app does not change a single bit of any file, it performs only cloning of existing files and changes metadata like timestamps etc. still unfortunately the quarantine extended attribute is set by the OS. I have published a workaround on the apps website to remove the quarantine bit for now, but it would be much better, if macOS would not create quarantine bits for clones at all.

                     

                    The Apple support engineer agrees with my point of view and is currently trying to convince the app review team to grant the entitlement for security reasons. But the app review team is not responding since weeks now (the app is "in review" since more than 4 weeks now without any notice).

                     

                    I will keep this thread updated as soon as Apple reacts.