diff --git a/Signal.xcodeproj/project.pbxproj b/Signal.xcodeproj/project.pbxproj
index 0d138458ee..4913249ec6 100644
--- a/Signal.xcodeproj/project.pbxproj
+++ b/Signal.xcodeproj/project.pbxproj
@@ -21377,6 +21377,8 @@
CLANG_WARN__ARC_BRIDGE_CAST_NONARC = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
DEVELOPMENT_TEAM = U68MSDN6DR;
+ ENABLE_ENHANCED_SECURITY = YES;
+ ENABLE_POINTER_AUTHENTICATION = NO;
ENABLE_STRICT_OBJC_MSGSEND = YES;
ENABLE_TESTABILITY = YES;
ENABLE_USER_SCRIPT_SANDBOXING = YES;
@@ -21639,6 +21641,8 @@
CLANG_WARN__ARC_BRIDGE_CAST_NONARC = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
DEVELOPMENT_TEAM = U68MSDN6DR;
+ ENABLE_ENHANCED_SECURITY = YES;
+ ENABLE_POINTER_AUTHENTICATION = NO;
ENABLE_STRICT_OBJC_MSGSEND = YES;
ENABLE_USER_SCRIPT_SANDBOXING = YES;
"EXCLUDED_SOURCE_FILE_NAMES[arch=*]" = Signal/test/Assets/input_video.mp4;
@@ -21899,6 +21903,8 @@
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
DEBUG_INFORMATION_FORMAT = dwarf;
DEVELOPMENT_TEAM = U68MSDN6DR;
+ ENABLE_ENHANCED_SECURITY = YES;
+ ENABLE_POINTER_AUTHENTICATION = NO;
ENABLE_STRICT_OBJC_MSGSEND = YES;
ENABLE_TESTABILITY = YES;
ENABLE_USER_SCRIPT_SANDBOXING = YES;
@@ -22007,6 +22013,8 @@
CLANG_WARN__ARC_BRIDGE_CAST_NONARC = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
DEVELOPMENT_TEAM = U68MSDN6DR;
+ ENABLE_ENHANCED_SECURITY = YES;
+ ENABLE_POINTER_AUTHENTICATION = NO;
ENABLE_STRICT_OBJC_MSGSEND = YES;
ENABLE_USER_SCRIPT_SANDBOXING = YES;
"EXCLUDED_SOURCE_FILE_NAMES[arch=*]" = Signal/test/Assets/input_video.mp4;
diff --git a/Signal/Signal-AppStore.entitlements b/Signal/Signal-AppStore.entitlements
index bd52c305d2..f2b3d82dba 100644
--- a/Signal/Signal-AppStore.entitlements
+++ b/Signal/Signal-AppStore.entitlements
@@ -38,6 +38,18 @@
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging
+ com.apple.security.hardened-process
+
+ com.apple.security.hardened-process.checked-allocations
+
+ com.apple.security.hardened-process.dyld-ro
+
+ com.apple.security.hardened-process.enhanced-security-version-string
+ 1
+ com.apple.security.hardened-process.hardened-heap
+
+ com.apple.security.hardened-process.platform-restrictions-string
+ 2
keychain-access-groups
$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal
diff --git a/Signal/Signal.entitlements b/Signal/Signal.entitlements
index 836c931a9a..6e34daa0cb 100644
--- a/Signal/Signal.entitlements
+++ b/Signal/Signal.entitlements
@@ -36,6 +36,18 @@
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging
+ com.apple.security.hardened-process
+
+ com.apple.security.hardened-process.checked-allocations
+
+ com.apple.security.hardened-process.dyld-ro
+
+ com.apple.security.hardened-process.enhanced-security-version-string
+ 1
+ com.apple.security.hardened-process.hardened-heap
+
+ com.apple.security.hardened-process.platform-restrictions-string
+ 2
keychain-access-groups
$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal
diff --git a/SignalNSE/SignalNSE-AppStore.entitlements b/SignalNSE/SignalNSE-AppStore.entitlements
index d4a4b1c4fc..42290117de 100644
--- a/SignalNSE/SignalNSE-AppStore.entitlements
+++ b/SignalNSE/SignalNSE-AppStore.entitlements
@@ -19,6 +19,18 @@
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging
+ com.apple.security.hardened-process
+
+ com.apple.security.hardened-process.checked-allocations
+
+ com.apple.security.hardened-process.dyld-ro
+
+ com.apple.security.hardened-process.enhanced-security-version-string
+ 1
+ com.apple.security.hardened-process.hardened-heap
+
+ com.apple.security.hardened-process.platform-restrictions-string
+ 2
keychain-access-groups
$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal
diff --git a/SignalNSE/SignalNSE.entitlements b/SignalNSE/SignalNSE.entitlements
index 9d577a5d1f..2e2e25152e 100644
--- a/SignalNSE/SignalNSE.entitlements
+++ b/SignalNSE/SignalNSE.entitlements
@@ -15,6 +15,18 @@
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging
+ com.apple.security.hardened-process
+
+ com.apple.security.hardened-process.checked-allocations
+
+ com.apple.security.hardened-process.dyld-ro
+
+ com.apple.security.hardened-process.enhanced-security-version-string
+ 1
+ com.apple.security.hardened-process.hardened-heap
+
+ com.apple.security.hardened-process.platform-restrictions-string
+ 2
keychain-access-groups
$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal
diff --git a/SignalShareExtension/SignalShareExtension-AppStore.entitlements b/SignalShareExtension/SignalShareExtension-AppStore.entitlements
index 512ebf2f55..ce43051b0c 100644
--- a/SignalShareExtension/SignalShareExtension-AppStore.entitlements
+++ b/SignalShareExtension/SignalShareExtension-AppStore.entitlements
@@ -17,6 +17,18 @@
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging
+ com.apple.security.hardened-process
+
+ com.apple.security.hardened-process.checked-allocations
+
+ com.apple.security.hardened-process.dyld-ro
+
+ com.apple.security.hardened-process.enhanced-security-version-string
+ 1
+ com.apple.security.hardened-process.hardened-heap
+
+ com.apple.security.hardened-process.platform-restrictions-string
+ 2
keychain-access-groups
$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal
diff --git a/SignalShareExtension/SignalShareExtension.entitlements b/SignalShareExtension/SignalShareExtension.entitlements
index 9d577a5d1f..2e2e25152e 100644
--- a/SignalShareExtension/SignalShareExtension.entitlements
+++ b/SignalShareExtension/SignalShareExtension.entitlements
@@ -15,6 +15,18 @@
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group
group.$(SIGNAL_BUNDLEID_PREFIX).signal.group.staging
+ com.apple.security.hardened-process
+
+ com.apple.security.hardened-process.checked-allocations
+
+ com.apple.security.hardened-process.dyld-ro
+
+ com.apple.security.hardened-process.enhanced-security-version-string
+ 1
+ com.apple.security.hardened-process.hardened-heap
+
+ com.apple.security.hardened-process.platform-restrictions-string
+ 2
keychain-access-groups
$(AppIdentifierPrefix)$(SIGNAL_BUNDLEID_PREFIX).signal