How do I find out what entitlements an app has?

Sandboxed apps have to declare their entitlements. Of course, that doesn't do me any good if I can't tell what entitlements it declares. A text editor that has entitlements for Core Location, Network Server, and my Address Book, without my knowledge, could be much worse than an unsandboxed app.

How can I see what entitlements an app has?


Solution 1:

After some more searching, I found a command-line answer:

codesign -d --entitlements :- /Applications/Whatever.app/

This will print out an XML plist with values like:

<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>

For more information see https://developer.apple.com/library/archive/qa/qa1798/_index.html#//apple_ref/doc/uid/DTS40014167-CH1-IOS_STEPS

If anyone knows an easier/nicer way, though, I'd love to hear it.