diff --git a/Signal.xcodeproj/project.pbxproj b/Signal.xcodeproj/project.pbxproj
index a9bea87a6e..6a20c15618 100644
--- a/Signal.xcodeproj/project.pbxproj
+++ b/Signal.xcodeproj/project.pbxproj
@@ -15593,7 +15593,7 @@
 				DefaultBuildSystemTypeForWorkspace = Original;
 				LastSwiftUpdateCheck = 1600;
 				LastTestingUpgradeCheck = 0600;
-				LastUpgradeCheck = 1600;
+				LastUpgradeCheck = 2600;
 				ORGANIZATIONNAME = "Open Whisper Systems";
 				TargetAttributes = {
 					342FFE8727245850000AC89F = {
@@ -20941,6 +20941,8 @@
 				CLANG_ANALYZER_SECURITY_FLOATLOOPCOUNTER = YES;
 				CLANG_ANALYZER_SECURITY_INSECUREAPI_RAND = YES;
 				CLANG_ANALYZER_SECURITY_INSECUREAPI_STRCPY = YES;
+				CLANG_ENABLE_CPLUSPLUS_TYPED_ALLOCATOR_SUPPORT = NO;
+				CLANG_ENABLE_C_TYPED_ALLOCATOR_SUPPORT = NO;
 				CLANG_ENABLE_MODULES = YES;
 				CLANG_ENABLE_OBJC_ARC = YES;
 				CLANG_UNDEFINED_BEHAVIOR_SANITIZER_NULLABILITY = YES;
@@ -20965,6 +20967,8 @@
 				CLANG_WARN__ARC_BRIDGE_CAST_NONARC = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				DEVELOPMENT_TEAM = U68MSDN6DR;
+				ENABLE_ENHANCED_SECURITY = YES;
+				ENABLE_POINTER_AUTHENTICATION = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
@@ -21199,6 +21203,8 @@
 				CLANG_ANALYZER_SECURITY_FLOATLOOPCOUNTER = YES;
 				CLANG_ANALYZER_SECURITY_INSECUREAPI_RAND = YES;
 				CLANG_ANALYZER_SECURITY_INSECUREAPI_STRCPY = YES;
+				CLANG_ENABLE_CPLUSPLUS_TYPED_ALLOCATOR_SUPPORT = NO;
+				CLANG_ENABLE_C_TYPED_ALLOCATOR_SUPPORT = NO;
 				CLANG_ENABLE_MODULES = YES;
 				CLANG_ENABLE_OBJC_ARC = YES;
 				CLANG_UNDEFINED_BEHAVIOR_SANITIZER_NULLABILITY = YES;
@@ -21223,6 +21229,8 @@
 				CLANG_WARN__ARC_BRIDGE_CAST_NONARC = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				DEVELOPMENT_TEAM = U68MSDN6DR;
+				ENABLE_ENHANCED_SECURITY = YES;
+				ENABLE_POINTER_AUTHENTICATION = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_ENABLE_OBJC_EXCEPTIONS = NO;
@@ -21453,6 +21461,8 @@
 				CLANG_ANALYZER_SECURITY_FLOATLOOPCOUNTER = YES;
 				CLANG_ANALYZER_SECURITY_INSECUREAPI_RAND = YES;
 				CLANG_ANALYZER_SECURITY_INSECUREAPI_STRCPY = YES;
+				CLANG_ENABLE_CPLUSPLUS_TYPED_ALLOCATOR_SUPPORT = NO;
+				CLANG_ENABLE_C_TYPED_ALLOCATOR_SUPPORT = NO;
 				CLANG_ENABLE_MODULES = YES;
 				CLANG_ENABLE_OBJC_ARC = YES;
 				CLANG_UNDEFINED_BEHAVIOR_SANITIZER_NULLABILITY = YES;
@@ -21478,6 +21488,8 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				DEVELOPMENT_TEAM = U68MSDN6DR;
+				ENABLE_ENHANCED_SECURITY = YES;
+				ENABLE_POINTER_AUTHENTICATION = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
@@ -21558,6 +21570,8 @@
 				CLANG_ANALYZER_SECURITY_FLOATLOOPCOUNTER = YES;
 				CLANG_ANALYZER_SECURITY_INSECUREAPI_RAND = YES;
 				CLANG_ANALYZER_SECURITY_INSECUREAPI_STRCPY = YES;
+				CLANG_ENABLE_CPLUSPLUS_TYPED_ALLOCATOR_SUPPORT = NO;
+				CLANG_ENABLE_C_TYPED_ALLOCATOR_SUPPORT = NO;
 				CLANG_ENABLE_MODULES = YES;
 				CLANG_ENABLE_OBJC_ARC = YES;
 				CLANG_UNDEFINED_BEHAVIOR_SANITIZER_NULLABILITY = YES;
@@ -21582,6 +21596,8 @@
 				CLANG_WARN__ARC_BRIDGE_CAST_NONARC = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				DEVELOPMENT_TEAM = U68MSDN6DR;
+				ENABLE_ENHANCED_SECURITY = YES;
+				ENABLE_POINTER_AUTHENTICATION = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_ENABLE_OBJC_EXCEPTIONS = NO;
diff --git a/Signal.xcodeproj/xcshareddata/xcschemes/Signal-Staging.xcscheme b/Signal.xcodeproj/xcshareddata/xcschemes/Signal-Staging.xcscheme
index 4b048197c5..d764429df7 100644
--- a/Signal.xcodeproj/xcshareddata/xcschemes/Signal-Staging.xcscheme
+++ b/Signal.xcodeproj/xcshareddata/xcschemes/Signal-Staging.xcscheme
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "1600"
+   LastUpgradeVersion = "2600"
    version = "1.8">
    <BuildAction
       parallelizeBuildables = "YES"
diff --git a/Signal.xcodeproj/xcshareddata/xcschemes/Signal.xcscheme b/Signal.xcodeproj/xcshareddata/xcschemes/Signal.xcscheme
index 1e40dd92d5..a9bcaf148b 100644
--- a/Signal.xcodeproj/xcshareddata/xcschemes/Signal.xcscheme
+++ b/Signal.xcodeproj/xcshareddata/xcschemes/Signal.xcscheme
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "1600"
+   LastUpgradeVersion = "2600"
    version = "1.8">
    <BuildAction
       parallelizeBuildables = "YES"
diff --git a/Signal.xcodeproj/xcshareddata/xcschemes/SignalNSE.xcscheme b/Signal.xcodeproj/xcshareddata/xcschemes/SignalNSE.xcscheme
index 0a916082ea..767180e559 100644
--- a/Signal.xcodeproj/xcshareddata/xcschemes/SignalNSE.xcscheme
+++ b/Signal.xcodeproj/xcshareddata/xcschemes/SignalNSE.xcscheme
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "1600"
+   LastUpgradeVersion = "2600"
    wasCreatedForAppExtension = "YES"
    version = "2.0">
    <BuildAction
diff --git a/Signal.xcodeproj/xcshareddata/xcschemes/SignalServiceKit.xcscheme b/Signal.xcodeproj/xcshareddata/xcschemes/SignalServiceKit.xcscheme
index 6e16a0e92c..f1b3ec2555 100644
--- a/Signal.xcodeproj/xcshareddata/xcschemes/SignalServiceKit.xcscheme
+++ b/Signal.xcodeproj/xcshareddata/xcschemes/SignalServiceKit.xcscheme
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "1600"
+   LastUpgradeVersion = "2600"
    version = "1.7">
    <BuildAction
       parallelizeBuildables = "YES"
diff --git a/Signal.xcodeproj/xcshareddata/xcschemes/SignalShareExtension.xcscheme b/Signal.xcodeproj/xcshareddata/xcschemes/SignalShareExtension.xcscheme
index c3372adf71..733a2faf75 100644
--- a/Signal.xcodeproj/xcshareddata/xcschemes/SignalShareExtension.xcscheme
+++ b/Signal.xcodeproj/xcshareddata/xcschemes/SignalShareExtension.xcscheme
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "1600"
+   LastUpgradeVersion = "2600"
    wasCreatedForAppExtension = "YES"
    version = "2.0">
    <BuildAction
diff --git a/Signal/Signal-AppStore.entitlements b/Signal/Signal-AppStore.entitlements
index bd52c305d2..2a16a345ee 100644
--- a/Signal/Signal-AppStore.entitlements
+++ b/Signal/Signal-AppStore.entitlements
@@ -38,6 +38,14 @@
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group</string>
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging</string>
 	</array>
+	<key>com.apple.security.hardened-process</key>
+	<true/>
+	<key>com.apple.security.hardened-process.dyld-ro</key>
+	<true/>
+	<key>com.apple.security.hardened-process.enhanced-security-version</key>
+	<integer>1</integer>
+	<key>com.apple.security.hardened-process.platform-restrictions</key>
+	<integer>2</integer>
 	<key>keychain-access-groups</key>
 	<array>
 		<string>$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal</string>
diff --git a/Signal/Signal.entitlements b/Signal/Signal.entitlements
index 836c931a9a..1d6c4b108e 100644
--- a/Signal/Signal.entitlements
+++ b/Signal/Signal.entitlements
@@ -36,6 +36,14 @@
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group</string>
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging</string>
 	</array>
+	<key>com.apple.security.hardened-process</key>
+	<true/>
+	<key>com.apple.security.hardened-process.dyld-ro</key>
+	<true/>
+	<key>com.apple.security.hardened-process.enhanced-security-version</key>
+	<integer>1</integer>
+	<key>com.apple.security.hardened-process.platform-restrictions</key>
+	<integer>2</integer>
 	<key>keychain-access-groups</key>
 	<array>
 		<string>$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal</string>
diff --git a/SignalNSE/SignalNSE-AppStore.entitlements b/SignalNSE/SignalNSE-AppStore.entitlements
index 637651e606..556a062bcf 100644
--- a/SignalNSE/SignalNSE-AppStore.entitlements
+++ b/SignalNSE/SignalNSE-AppStore.entitlements
@@ -4,8 +4,6 @@
 <dict>
 	<key>com.apple.developer.default-data-protection</key>
 	<string>NSFileProtectionComplete</string>
-	<key>com.apple.developer.usernotifications.filtering</key>
-	<true/>
 	<key>com.apple.developer.networking.carrier-constrained.app-optimized</key>
 	<true/>
 	<key>com.apple.developer.networking.carrier-constrained.appcategory</key>
@@ -14,11 +12,21 @@
 	</array>
 	<key>com.apple.developer.pushkit.unrestricted-voip</key>
 	<true/>
+	<key>com.apple.developer.usernotifications.filtering</key>
+	<true/>
 	<key>com.apple.security.application-groups</key>
 	<array>
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group</string>
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging</string>
 	</array>
+	<key>com.apple.security.hardened-process</key>
+	<true/>
+	<key>com.apple.security.hardened-process.dyld-ro</key>
+	<true/>
+	<key>com.apple.security.hardened-process.enhanced-security-version</key>
+	<integer>1</integer>
+	<key>com.apple.security.hardened-process.platform-restrictions</key>
+	<integer>2</integer>
 	<key>keychain-access-groups</key>
 	<array>
 		<string>$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal</string>
diff --git a/SignalNSE/SignalNSE.entitlements b/SignalNSE/SignalNSE.entitlements
index 9d577a5d1f..fb824b2336 100644
--- a/SignalNSE/SignalNSE.entitlements
+++ b/SignalNSE/SignalNSE.entitlements
@@ -15,6 +15,14 @@
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group</string>
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging</string>
 	</array>
+	<key>com.apple.security.hardened-process</key>
+	<true/>
+	<key>com.apple.security.hardened-process.dyld-ro</key>
+	<true/>
+	<key>com.apple.security.hardened-process.enhanced-security-version</key>
+	<integer>1</integer>
+	<key>com.apple.security.hardened-process.platform-restrictions</key>
+	<integer>2</integer>
 	<key>keychain-access-groups</key>
 	<array>
 		<string>$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal</string>
diff --git a/SignalServiceKit/Messages/Interactions/TSErrorMessage.m b/SignalServiceKit/Messages/Interactions/TSErrorMessage.m
index a9646ccbda..aa64baa069 100644
--- a/SignalServiceKit/Messages/Interactions/TSErrorMessage.m
+++ b/SignalServiceKit/Messages/Interactions/TSErrorMessage.m
@@ -201,7 +201,10 @@ NSUInteger TSErrorMessageSchemaVersion = 2;
                 NSString *senderName =
                     [SSKEnvironment.shared.contactManagerObjcRef shortDisplayNameStringForAddress:self.sender
                                                                                       transaction:transaction];
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wformat-nonliteral"
                 return [[NSString alloc] initWithFormat:formatString, senderName];
+#pragma clang diagnostic pop
             } else {
                 return OWSLocalizedString(
                     @"ERROR_MESSAGE_DECRYPTION_FAILURE_UNKNOWN_SENDER", @"Error message for a decryption failure.");
diff --git a/SignalServiceKit/Messages/Interactions/TSInfoMessage.m b/SignalServiceKit/Messages/Interactions/TSInfoMessage.m
index 1ce067767e..364115dd33 100644
--- a/SignalServiceKit/Messages/Interactions/TSInfoMessage.m
+++ b/SignalServiceKit/Messages/Interactions/TSInfoMessage.m
@@ -280,7 +280,10 @@ NSUInteger TSInfoMessageSchemaVersion = 2;
             NSString *format = OWSLocalizedString(@"INFO_MESSAGE_USER_JOINED_SIGNAL_BODY_FORMAT",
                 @"Shown in inbox and conversation when a user joins Signal, embeds the new user's {{contact "
                 @"name}}");
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wformat-nonliteral"
             return [NSString stringWithFormat:format, recipientName];
+#pragma clang diagnostic pop
         }
         case TSInfoMessageSyncedThread:
             return @"";
@@ -298,7 +301,10 @@ NSUInteger TSInfoMessageSchemaVersion = 2;
 
             NSString *format = OWSLocalizedString(@"INFO_MESSAGE_USER_CHANGED_PHONE_NUMBER_FORMAT",
                 @"Indicates that another user has changed their phone number. Embeds: {{ the user's name}}".);
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wformat-nonliteral"
             return [NSString stringWithFormat:format, userName];
+#pragma clang diagnostic pop
         }
         case TSInfoMessageRecipientHidden: {
             /// This does not control whether to show the info message in the chat
diff --git a/SignalServiceKit/Messages/OWSRecoverableDecryptionPlaceholder.m b/SignalServiceKit/Messages/OWSRecoverableDecryptionPlaceholder.m
index 44a6a47223..662c34d711 100644
--- a/SignalServiceKit/Messages/OWSRecoverableDecryptionPlaceholder.m
+++ b/SignalServiceKit/Messages/OWSRecoverableDecryptionPlaceholder.m
@@ -146,7 +146,10 @@ NS_ASSUME_NONNULL_BEGIN
         OWSFailDebug(@"Should not be directly surfaced to user");
         NSString *formatString = OWSLocalizedString(@"ERROR_MESSAGE_DECRYPTION_FAILURE",
             @"Error message for a decryption failure. Embeds {{sender short name}}.");
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wformat-nonliteral"
         return [[NSString alloc] initWithFormat:formatString, senderName];
+#pragma clang diagnostic pop
     } else {
         OWSFailDebug(@"Should not be directly surfaced to user");
         return OWSLocalizedString(
diff --git a/SignalShareExtension/SignalShareExtension-AppStore.entitlements b/SignalShareExtension/SignalShareExtension-AppStore.entitlements
index 512ebf2f55..f657496728 100644
--- a/SignalShareExtension/SignalShareExtension-AppStore.entitlements
+++ b/SignalShareExtension/SignalShareExtension-AppStore.entitlements
@@ -17,6 +17,14 @@
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group</string>
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging</string>
 	</array>
+	<key>com.apple.security.hardened-process</key>
+	<true/>
+	<key>com.apple.security.hardened-process.dyld-ro</key>
+	<true/>
+	<key>com.apple.security.hardened-process.enhanced-security-version</key>
+	<integer>1</integer>
+	<key>com.apple.security.hardened-process.platform-restrictions</key>
+	<integer>2</integer>
 	<key>keychain-access-groups</key>
 	<array>
 		<string>$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal</string>
diff --git a/SignalShareExtension/SignalShareExtension.entitlements b/SignalShareExtension/SignalShareExtension.entitlements
index 9d577a5d1f..fb824b2336 100644
--- a/SignalShareExtension/SignalShareExtension.entitlements
+++ b/SignalShareExtension/SignalShareExtension.entitlements
@@ -15,6 +15,14 @@
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group</string>
 		<string>group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging</string>
 	</array>
+	<key>com.apple.security.hardened-process</key>
+	<true/>
+	<key>com.apple.security.hardened-process.dyld-ro</key>
+	<true/>
+	<key>com.apple.security.hardened-process.enhanced-security-version</key>
+	<integer>1</integer>
+	<key>com.apple.security.hardened-process.platform-restrictions</key>
+	<integer>2</integer>
 	<key>keychain-access-groups</key>
 	<array>
 		<string>$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal</string>