Learn more about Israeli war crimes in Gaza, funded by the USA, Germany, the UK and others.

How to submit an app build to iTunes Connect

I’m releasing Vidrio, a macOS app, to the Mac App Store. Part of the process is to submit a build of the application to iTunes Connect. Here’s how.

In XCode, open the project, then “Product > Archive”. This brings up the “Organizer” showing a new archived version of the app. On the right-hand side is an “Upload to App Store” button, but it’s disabled. Why? Turns out I had the wrong “team” selected for signing the app.

Below the “Upload to App Store” button, there’s a “Validate” button. Validation is computationally expensive!! My fan is running at 100% and my editor is struggling to display characters as I type them.

Finally, validation returned with a failure:

iTunes Store operation failed. App sandbox not enabled. The following executables must include the “com.apple.security.app-sandbox” entitlement with a Boolean value of true in the entitlements property list: [( “io.vidr.Vidrio.pkg/Payload/Vidrio.app/Contents/MacOS/Vidrio” )] Refer to App Sandbox page at https://developer.apple.com/devcenter/mac/app-sandbox/ for more information on sandboxing your app.

That URL is broken. Fun times. So, what is “App Sandbox”? This system restricts macOS apps to their stated set of “entitlements”, such as accessing the webcam, sending network requests, etc. Similar to permissions for mobile apps and browser plugins.

So, I’m required to use App Sandbox, and I need to tell it that Vidrio needs to access the webcam. This was easy: I selected my only “target”, and under “Capabilities”, enabled “App Sandbox”. It then lists a bunch of capabilities, of which I only selected “Camera”.

After “validating” again, it passed all checks, so I clicked “Upload to App Store”. It spent a while, then:

This action could not be completed. Try again. (-22421)

Hmm. I wonder if this is due to the ongoing problems with S3 which are breaking the entire internet. I’ll try again in a while ...

... well, it worked the second time.

Next, I have to select the build from the “Prepare for Submission” page in iTunes Connect. After clicking “Save”, it shows the icon from the build.

Weirdly, there’s a separate “App Sandbox information” section in iTunes Connect, which is not populated from my build. I selected “com.apple.security.device.camera”, with a brief description of why.

Finally, I just need an app description. Let’s do that in another post.

Tagged #macos, #app-development, #app-distribution, #app-store, #xcode, #ios.

Similar posts

How to add a developer account to XCode
Xcode uses “teams” to manage developer identities, and revoking a certificate on one device may require regenerating provisioning profiles. 2017-03-03
How to build a .dmg to distribute MacOS apps
Package a macOS app for distribution outside the Mac App Store by archiving it in Xcode, exporting it with a Developer ID signature, then creating a .dmg disk image. 2017-08-12
How do I create the AppIcon for my app?
To fix misconfigured App Icons, create properly-sized PNG files and update the Contents.json file to reference the correct image files. 2017-03-01
How to make a Cocoa application without a .xib file
To create a Cocoa app without a .xib file, remove the NSMainNibFile key from the Info.plist, and replace the @NSApplicationMain annotation on your AppDelegate class with a custom main.swift file that manually sets up the application and its delegate. 2017-03-17
What is the Apple Store release process?
1) Enroll in the Apple Developer Program. Create an “App Record” in iTunes Connect. Upload the app. Submit it for review. 2017-03-01
What is an .xcworkspace file?
An .xcworkspace file is a directory that contains a workspace configuration for Xcode projects. 2016-11-17

More by Jim

What does the dot do in JavaScript?
foo.bar, foo.bar(), or foo.bar = baz - what do they mean? A deep dive into prototypical inheritance and getters/setters. 2020-11-01
Smear phishing: a new Android vulnerability
Trick Android to display an SMS as coming from any contact. Convincing phishing vuln, but still unpatched. 2020-08-06
A probabilistic pub quiz for nerds
A “true or false” quiz where you respond with your confidence level, and the optimal strategy is to report your true belief. 2020-04-26
Time is running out to catch COVID-19
Simulation shows it’s rational to deliberately infect yourself with COVID-19 early on to get treatment, but after healthcare capacity is exceeded, it’s better to avoid infection. Includes interactive parameters and visualizations. 2020-03-14
The inception bar: a new phishing method
A new phishing technique that displays a fake URL bar in Chrome for mobile. A key innovation is the “scroll jail” that traps the user in a fake browser. 2019-04-27
The hacker hype cycle
I got started with simple web development, but because enamored with increasingly esoteric programming concepts, leading to a “trough of hipster technologies” before returning to more productive work. 2019-03-23
Project C-43: the lost origins of asymmetric crypto
Bob invents asymmetric cryptography by playing loud white noise to obscure Alice’s message, which he can cancel out but an eavesdropper cannot. This idea, published in 1944 by Walter Koenig Jr., is the forgotten origin of asymmetric crypto. 2019-02-16
How Hacker News stays interesting
Hacker News buried my post on conspiracy theories in my family due to overheated discussion, not censorship. Moderation keeps the site focused on interesting technical content. 2019-01-26
My parents are Flat-Earthers
For decades, my parents have been working up to Flat-Earther beliefs. From Egyptology to Jehovah’s Witnesses to theories that human built the Moon billions of years in the future. Surprisingly, it doesn’t affect their successful lives very much. For me, it’s a fun family pastime. 2019-01-20
The dots do matter: how to scam a Gmail user
Gmail’s “dots don’t matter” feature lets scammers create an account on, say, Netflix, with your email address but different dots. Results in convincing phishing emails. 2018-04-07
The sorry state of OpenSSL usability
OpenSSL’s inadequate documentation, confusing key formats, and deprecated interfaces make it difficult to use, despite its importance. 2017-12-02
I hate telephones
I hate telephones. Some rational reasons: lack of authentication, no spam filtering, forced synchronous communication. But also just a visceral fear. 2017-11-08
The Three Ts of Time, Thought and Typing: measuring cost on the web
Businesses often tout “free” services, but the real costs come in terms of time, thought, and typing required from users. Reducing these “Three Ts” is key to improving sign-up flows and increasing conversions. 2017-10-26
Granddad died today
Granddad died. The unspoken practice of death-by-dehydration in the NHS. The Liverpool Care Pathway. Assisted dying in the UK. The importance of planning in end-of-life care. 2017-05-19
How do I call a program in C, setting up standard pipes?
A C function to create a new process, set up its standard input/output/error pipes, and return a struct containing the process ID and pipe file descriptors. 2017-02-17
Your syntax highlighter is wrong
Syntax highlighters make value judgments about code. Most highlighters judge that comments are cruft, and try to hide them. Most diff viewers judge that code deletions are bad. 2014-05-11
Want to build a fantastic product using LLMs? I work at Granola where we're building the future IDE for knowledge work. Come and work with us! Read more or get in touch!

This page copyright James Fisher 2017. Content is not associated with my employer. Found an error? Edit this page.

Jim Fisher
CV
Speaking
Blogroll
RSS
TigYog
Kickabout