Guideline 2.4.5(i) - Performance And Indelible the entitlements

Sadly, I don’t read Chinese and thus my reply is based on a machine translation of your post.

My understanding is that:

• You’re submitting a Mac app to the App Store.

• That app is claiming entitlements (com.apple.security.network.server and com.apple.security.device.usb) that it doesn’t need.

• But those entitlements aren’t listed in your .entitlements file.

Is that correct?

If so, my first question is whether you’re building your app with Xcode? Or with third-party tools?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Yes,you are right , i was built my app with Xcode. These entitlements aren’t listed in my .entitlements file，But the app it has which I built (It's so strange).

My environment：

1. OS：26.0 Beta版
2. Xcode：Version 16.4 (16F6)
3. my app for macos

Thank you for help me!

OK.

The .entitlements file is source code. Xcode does a lot of processing on its content before it passes it along to codesign to apply to your app. So it’s not uncommon to see problems like this.

Most folks upload there app in two stages:

1. Choose Product > Archive to create an Xcode archive (.xcarchive) of the app.

2. In the Xcode organiser, select that archive and click Distribute App to actually upload the app.

Are you doing that here?

If so, the Xcode archive makes a good test point, that is, you can dump the entitlements in the archive to see if they’re correct. If they are, you know that the problem was with step 2. Alternatively, if the entitlements in the archive are wrong, you know the problem is with step 1.

To dump the entitlements in the archive:

1. Select it in the Xcode organiser.

2. Control click and choose Show in Finder.

3. In Terminal, dump the entitlements of the enclosed app.

For example, here’s what I see in step 3 for a test app I created in my office:

% codesign -d --entitlements - …/Test790246\ 27-06-2025\,\ 12.54.xcarchive/Products/Applications/Test790246.app 
…
[Dict]
	[Key] com.apple.security.app-sandbox
	[Value]
		[Bool] true
	[Key] com.apple.security.network.client
	[Value]
		[Bool] true

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

codesign -d --entitlements - "/Users/zhanghai/Library/Developer/Xcode/Archives/2025-06-26/Device Guard 2025-6-26, 11.00.xcarchive/Products/Applications/Device Guard.app"

Executable=/Users/zhanghai/Library/Developer/Xcode/Archives/2025-06-26/Device Guard 2025-6-26, 11.00.xcarchive/Products/Applications/Device Guard.app/Contents/MacOS/Device Guard
[Dict]
	[Key] com.apple.security.app-sandbox
	[Value]
		[Bool] true
	[Key] com.apple.security.device.bluetooth
	[Value]
		[Bool] true
	[Key] com.apple.security.device.usb
	[Value]
		[Bool] true
	[Key] com.apple.security.network.client
	[Value]
		[Bool] true
	[Key] com.apple.security.network.server
	[Value]
		[Bool] true

I guess the problem is with step 1.

So what can i do for the problem?

Thank you for much!

Thank you @DTS Engineer .

I has resolved this issue.

When I was setted the options （usb and server）at "Target-Build Setting - Signing the Sandbox" ,then it's working.