I am trying to understand the mechanics of how iOS/iPadOS apps work on macs with Apple Silicon. In particular, I'd like to understand the runtime environment of these apps. I installed one to test it on a mac. I ran codesign --entitlements on a mac, on an iOS app downloaded form the mac app store. I was very surprised to see the sandbox entitement was NOT present. On iOS all apps are sandboxed, so I was very surprised to see that the macOS translation was not sandbox. This seems like a significant weakening of the security. Can anyone shed some light on that?

On MacOS, I know that App Groups (com.apple.security.application-groups) do not require a provisioning profile. I was wondering if it's possible to sign them "ad hoc" and have it work? So maybe use a random TEAMID prefix and have it work? I would only need the app to work locally (for testing), not be distributed in that fashion, of course.

I run some tests for an iOS app, connecting the iPhone to my mac where the code resides. I notice that it fills the iPhone from system data, until the iPhone is full. I tried everything to remove the system data (I assume some logs from the XCode testing): reset network, restart the iPhone, remove the tested app, etc. Nothing works. I am stuck with having to erase all data on the iPhone and reinstall from scratch, which is very tedious. Any suggestions ? Thanks!