We also are planning similar; can someone point us in the right direction -- what is needed to a) rename existing app and change logo b) rename developer acc? What docs does apple team need? and where to submit? do not want to be in the path of friction with apple review team ahead! Appreciate it very much and thanks in advance!

Thanks again Eskimo and Etresoft for such quick replies. We now understand better, how sandbox works :) We did not need that explicit exception to use the user's home dir, but can work with container provided workspace, which in fact is now the new home for our app. Container Data folder is persistent across sessions. Hoping to get a quick approval from MacOS store review team. Good day.

Thanks Eskimo! Answer is "both" ; Want to be friendly to the apple eco-system and at the same time give users confidence that our app is sandboxed. Please let me know if anything I am missing or how to trouble shoot this last hurdle for us. Thanks in anticipation.

Thanks Eskimo. Our app has been on beta testing for over a year (yes!) before we decided to make it official via Mac Appstore. I surely see the value of Testflight, for next app :). It depends. Good day.

If you are targeting the Mac App Store, then don't worry about Developer ID at all.  Yes, that's what it boils down to; ignore Dev ID and spctl. As we are indeed targeting Mac AppStore only. All the deduction has now converged to this above fact. Thanks and Good day.

Thanks Eskimo. We are on the same page and validated our understanding on the right cert usage. Good day.

Thanks for replying back... =================== What happens if you use a Developer ID certificate? =============== As per apple developer portal on appstore we need to use specific certificates (below) depending on whether this app is distributed outside appstore or not. See below, I quoted from apple store connect. This app shall be distributed via appstore (not outside) of apple channel -- As such we chose and created certs starting with the word "Mac" below (certs categories). Wow, this made me thinking, wouldn't it be that, until the app is in the appstore officially, the gatekeeper thinks this is outside app? Meaning, until we install it via appstore, the gatekeeper would think this is coming from external --Internet, or via USB. Am I thinking correctly? If the above is true, then, when we test for spctl on the app bundle which is now at pre-publish stage (not yet in appstore, but going thru review), it always requires "Developer ID Application" based signing--> This certificate (Developer ID Application) is used to code sign your app for distribution outside of the Mac App Store. But we used Mac Dev cert for signing the code as it is intended for distribution via appstore. Does this make sense? If this is case, I will bring appstore review team to make a note of this thread. Thanks in anticipation. ========Description of various certs and sign purpose from Appstore Connect ========== Developer ID Application This certificate is used to code sign your app for distribution outside of the Mac App Store. Developer ID Installer This certificate is used to sign your app's Installer Package for distribution outside of the Mac App Store. Mac Development Sign development versions of your Mac app. Mac App Distribution This certificate is used to code sign your app and configure a Distribution Provisioning Profile for submission to the Mac App Store. Mac Installer Distribution This certificate is used to sign your app's Installer Package for submission to the Mac App Store ===========