mac app can't connect to our server on apple's side

We can’t get our game approved. Apple’s QA-team reports that the game can’t connect to our server. When we are testing our build - it connects successfully.

We use Unity3d 5.2.3 f1 to produce game.

Our build differ from build sent for approval in one checkbox in Unity3d - “useMacAppStoreValidation” - that should be placed only for AppStore approval. But for the test purposes this checkbox should be cleared, otherwise the game won’t run at all. (see the ref:

We set following permissions for Sandbox in entitlements file:

The same permissions were set in ItunesConnect (see the image: Monosnap)

Game starts and shows in-game message “No internet connection” on the Apple’s side.
The game is working fine on Android, iOS, WSA, WebPlayer and there are no problems with connection to our server.
Pls, can you prompt us what can cause problems?

To anyone in the future looking for the solution to this problem, here goes.

As you may know from this guide, you need to create an entitlements file for the App Store. Though the first page you may stumble upon is this link, the entitlement you’re looking for is actually buried under the app sandbox category and can be found here.

Here’s the solution. Add the entitlement key to your file. If your app is going to be receiving network traffic as well, also add the entitlement

Thanks to this StackOverflow post for pointing me in the right direction.

I’ve not used this validation method personally but a couple of potential issues:

  1. Your server setup. Where is it hosted. Does it have any firewall restriction which could prevent anything from reaching it (easy way to test is to simply try from a different internet connection with a different IP).
  2. ATS settings. I’m not sure if these apply to mac apps, but if your server doesn’t fully support SSL TSL then you might need to adjust the ATS setup within your info plist.

To add to other answers,


Also, it’s an official requirement that your application must work on IPv6 network, not only on IPv4.
So instead of connecting to google via ‘’, you should be using 2001:4860:4860::8888


Also, if your application is using Peer-to-Peer networking, it might not work when the destination user is hidden behind a NAT. In that case, use a “relay-server” (just your own server that has a permanent, static ip address) or look for “hole punch” technique to bypass NAT.