App Sandboxing

Sandboxing your app is a great way to protect systems and users by limiting the privileges of an app to its intended functionality, increasing the difficulty for malicious software to compromise your users' systems.

Essential Videos and Documents

Tips and Best Practices

Apps running on OS X Mountain Lion or later can no longer use temporary sandboxing entitlements for composing email with Apple Mail. Update your apps to use Scripting Targets instead. Learn more

Tips and Best Practices

When sandboxing your app, select only the entitlements you need. If you submit your app to the Mac App Store, it may be rejected if your app requests entitlements it does not require.

Tips and Best Practices

Enabling the default sandbox environment is as simple as checking the Enable Entitlements checkbox in Xcode's target settings, allowing you to begin sandboxing your app.

Tips and Best Practices

Make sure you've enabled sandboxing on all binaries in your app bundle. You can verify that your main app binary is running under App Sandbox by enabling the Sandbox column in Activity Monitor's View menu. Learn more

Tips and Best Practices

Apps that are being re-engineered to be sandbox compatible may request additional temporary entitlements. These entitlements are granted on a short-term basis and will be phased out over time.

Tips and Best Practices

When your sandboxed app first runs on a user's system, preferences from prior unsandboxed versions are automatically migrated into the app's container. You can specify additional support files to migrate using the Container Migration Manifest.

Tips and Best Practices

Most sandbox violations logged in Console.app contain full backtraces. These can be viewed by clicking the paperclip icon at the right of the log entry.

Tools and Related Resources

Contacting Us

Your feedback is valuable, and helps inform the direction of our sandbox API development. Send us your feedback

If you need to request a temporary entitlement, please include clear and concise justification in the Review Notes section of iTunes Connect when you submit your app. iTunes Connect Developer Guide

Mac Developer Program membership is required to access certain tools and resources for Mac App Store distribution. Not a member? Learn more