Using App Sandbox for macOS App

Sandboxing is the idea to keep data access controllable for the application.

Every coin has two sides. Let’s look at both.

Without Sandbox

Traditionally Mac Apps do not have Sandbox, developers have full access to all the resources in the computer. For instance, one could store and read files from any location.

Typically, files of the same type will be put together by default. Here are some common paths:

# Documents
~/Library/Application Support/com.abc.MyApp/
# NSUserDefaults
~/Library/Preferences/com.abc.MyApp.plist
# Cache
~/Library/Application Support/com.pinterest.PINDiskCache.mycache/

In this example, “com.abc.MyApp” is the bundle identifier of my application. I am using PINCache to store the cache, and persists that to disk space. You will notice that PINCache is storing files at the same level as the application Documents.

Issues with non-Sandbox

I know some developers like fully configurable environment. However, this approach is open to some problems:

1) Hacker

since the application can access the whole system, if it is injected by malicious code, the system may be hacked

2) Scattered file storage

Since documents, settings, cache are stored in different places, it is costing more development work. For instance, if I want to clean up the files to reset the application, I shall go to various locations to clean up.

Using App Sandbox

This concept becomes a norm as iOS was published. Every iOS app should come with its own sandbox. Thus developers should ask specific permissions in order to achieve other resources in the system.

In order to distribute apps thru Mac App Store, developers must turn on App Sandbox entitlement.

Turn on App Sandbox

For instance, I am building an app that uses CloudKit to sync data. I shall tick the two boxes of Incoming and Outgoing Network connections. If I want to save the retrieved CloudKit records to a file in the Documents folder, I shall choose Read/Write access for “User Selected File”.

In Sandbox mode, all the files are stored in one container. For instance, the location in the previous example will become:

~/Library/Application Support/Containers/com.abc.MyApp/Data/Library/Application Support/

Issues with Sandbox

The main issues come from first-time settings. Besides, there are limitations to access the system resources.

1) Code Sign certificate

It’s always very annoying to handle the certificate and code sign issue. As entitlement is needed, developers should make sure the provisioning profile is generated correctly. In Xcode 8, it will manage the certificate, app ID, and provisioning for you. This is highly recommended. Sometimes, it still does not work. The simple solution is to turn off and back on again. The process will run again and configure for you.

2) Permissions

Make sure to get the appropriate permissions in Sandbox as you need. If you miss it, the application won’t give you any error, nor crashing the app. It takes great care to handle the options.

3) Conduct the setting using GUI

You can modify the entitlement file manually, but it will become out of sync with the Xcode interface. This may lead to code sign issue.