Core Fruition

What to Do if Your Sandboxed Application Shows Up as Not Sandboxed

This afternoon I started working on turning MoneyWell for Mac into a sandboxed application for our next major release. I watched the intro videos, checked the appropriate checkboxes in Xcode, ran MoneyWell, checked Activity Monitor and saw…

Well crap. After a bit of unsuccessful searching on the Apple Dev Forums I did some testing with Kevin Hoctor and discovered that the Release configuration of MoneyWell was properly sandboxed. The only significant difference between the Release and Debug configurations was that one was code signed and one was not. Once we enabled code signing for the Debug configuration MoneyWell launched as a sandboxed app.

I asked on Twitter,

Is it common knowledge that an app that is not code signed will run in non-sandboxed mode even with sandboxing enabled?

Both Brian Webster and Jim Correia got back to me:

@bwebsterThat does make sense, since it is the code sign tool that’s used to encode the sandbox entitlements when building.

@jimcorreiaThe app-sandbox is an entitlement. Entitlements are embedded in the code signature.

Hopefully this helps you out if you find that your sandboxed app is showing up as not sandboxed.