What does the macOS App Sandbox do?

It confines an app to a restricted environment where it can only access the resources it declares, so a compromised or misbehaving app cannot reach the rest of the system or the user’s data.

What are entitlements?

Explicit declarations that an app needs a particular capability, such as network access or the camera. The system grants exactly what is requested, so an app should request only what it genuinely needs.

How can a sandboxed app access user files?

Through user-driven access: when the user selects a file or folder via a system dialog, the app is granted access to that specific item, without needing broad file-system permissions.

← All articles

June 1, 20267 min readmacos, sandboxing, security, app-development

App Sandboxing and the macOS Security Model

By Mykhailo Boichuk · Co-founder & Vice-President

In short

The macOS sandbox confines an app to the resources it declares it needs, so a compromised or misbehaving app cannot reach the rest of the system or the user’s data. Building within it means requesting only the entitlements the app genuinely requires, working through user-driven access where possible, and treating the restrictions as a security property that protects the user rather than an obstacle.

The sandbox confines by default

The macOS security model rests on the principle of least privilege: an app should be able to do only what it needs to do, and nothing more. The App Sandbox enforces this by confining an app to a restricted environment where it cannot freely access the file system, the network, the user’s data, or other apps. By default the app is fenced in, and it gains a specific capability only by declaring it.

The purpose is containment. If an app has a vulnerability or behaves badly, the sandbox limits the damage to what the app was permitted, rather than letting it roam the whole system. For the user, this means installing an app is a smaller act of trust than it would be without the sandbox, because the system, not just the app’s good behavior, constrains what can happen.

Entitlements declare what an app can do

Within the sandbox, capabilities are granted through entitlements: explicit declarations that an app needs a particular kind of access, such as network connections, the camera, or certain files. The app requests only what it requires, and the system grants exactly that. Requesting broad access an app does not need both weakens security and signals carelessness.

Request only the entitlements the app genuinely needs to function.
Avoid broad capabilities when a narrower one would suffice.
Treat each entitlement as a claim that must be justified by a real need.

User intent as a key to access

The sandbox restricts file access, but it provides a path that respects user intent: when a user selects a file or folder through a system dialog, the app is granted access to that specific item. This means an app can work with the user’s files without being given blanket access to the file system, because the user’s explicit choice is what grants access to each item.

User-driven access lets a sandboxed app reach the files the user chooses without holding broad file-system permissions. Designing around the user selecting what the app may touch is both more secure and aligned with how the sandbox is meant to work.

Build with the model, not against it

Developers sometimes experience the sandbox as a set of obstacles, but the more productive stance is to treat its restrictions as the security property they are and to design within them. An app architected around least privilege and user-driven access tends to fit the sandbox naturally, while an app that assumes unrestricted access has to be reworked to comply.

The sandbox is also part of a larger system that includes code signing and notarization, which together let the platform verify an app’s origin and integrity. For a macOS app, building to the security model from the start, requesting minimal entitlements, relying on user intent for access, and respecting the boundaries, produces an app that is more trustworthy and that the platform and its users can more readily rely on.

Key takeaways

The macOS sandbox confines an app to declared capabilities to contain damage from misbehavior.
It enforces least privilege: by default an app cannot freely reach the system or user data.
Entitlements grant specific access, and an app should request only what it genuinely needs.
User-driven access lets a sandboxed app reach files the user selects without broad permissions.
Design around the security model from the start rather than treating it as an obstacle.

Frequently asked questions

What does the macOS App Sandbox do?: It confines an app to a restricted environment where it can only access the resources it declares, so a compromised or misbehaving app cannot reach the rest of the system or the user’s data.
What are entitlements?: Explicit declarations that an app needs a particular capability, such as network access or the camera. The system grants exactly what is requested, so an app should request only what it genuinely needs.
How can a sandboxed app access user files?: Through user-driven access: when the user selects a file or folder via a system dialog, the app is granted access to that specific item, without needing broad file-system permissions.

References

Apple Human Interface Guidelines

About the author

Mykhailo Boichuk

Co-founder & Vice-President

Mykhailo is an engineer who builds native applications and the systems behind them. He concentrates on macOS and iOS performance, local-first data architecture, and the synchronization problems that come with offline-capable software.