development

Entitlements

Declarations in an iOS or macOS app that specify which system capabilities the app is allowed to use, such as push notifications, iCloud, HealthKit, and App Groups.

code signing provisioning profile associated domains

Entitlements are key-value pairs in your app’s code signature that tell iOS which protected capabilities your app needs access to. They act as a permission system between your app and the operating system.

How Entitlements Work

When your app tries to use a protected capability (push notifications, iCloud, HealthKit), iOS checks whether the corresponding entitlement is present in the app’s code signature. If the entitlement is missing, the capability fails silently or throws an error.

Entitlements must be consistent across three places:

  1. Your App ID capabilities in the Apple Developer portal
  2. Your provisioning profile (which is generated from the App ID)
  3. Your .entitlements file in Xcode

A mismatch between any of these causes signing failures or runtime capability failures.

Common Entitlements

  • aps-environment - push notifications
  • com.apple.security.application-groups - App Groups for data sharing
  • com.apple.developer.associated-domains - Universal Links and App Clips
  • com.apple.developer.icloud-container-identifiers - iCloud storage
  • com.apple.developer.healthkit - HealthKit access
  • com.apple.developer.applesignin - Sign in with Apple

Adding Entitlements

The easiest way to add entitlements is through Xcode’s Signing & Capabilities tab. Adding a capability there automatically updates the entitlements file and registers it in the Developer portal. If using manual signing, you must also regenerate your provisioning profile after changing capabilities.