On MacOS, I know that App Groups (com.apple.security.application-groups) do not require a provisioning profile. I was wondering if it's possible to sign them "ad hoc" and have it work? So maybe use a random TEAMID prefix and have it work? I would only need the app to work locally (for testing), not be distributed in that fashion, of course.

Can I access my own reminders programmatically? Those who appear on https://www.icloud.com/reminders/ ? Is CloudKit the right way to do this? Any pointer to do it? When I read ClouKit documentation, it seems aimed at making an app with many users. I just want to access my own data. Thanks

I am trying to understand better entitlements. When reading Apple's documentation, my understanding was that sandbox entitlements like com.apple.security.device.camera were useful when the app was sandbox, by allowing this specific capability. If that understanding is correct, then I am confused when looking at the entitlements of the app visual studio code : <dict> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> <key>com.apple.security.device.audio-input</key> <true/> <key>com.apple.security.device.camera</key> <true/> <key>com.apple.security.automation.apple-events</key> <true/> </dict> Indeed, this app is NOT sandboxed (it does not have the com.apple.security.app-sandbox entitlement), and yet it has these sandbox entitlements that give permission. Are these entitlements effectively useless in that case? Or is my understanding off? In addition, if an app has a certain entitlements, does it mean the app can use that capability and it will not prompt the user? Or does the entitlement simply allow the app to prompt the user for permission?