This afternoon I started working on turning MoneyWell for Mac into a sandboxed application for our next major release. I watched the intro videos, checked the appropriate checkboxes in Xcode, ran MoneyWell, checked Activity Monitor and saw…
Well crap. After a bit of unsuccessful searching on the Apple Dev Forums I did some testing with Kevin Hoctor and discovered that the Release configuration of MoneyWell was properly sandboxed. The only significant difference between the Release and Debug configurations was that one was code signed and one was not. Once we enabled code signing for the Debug configuration MoneyWell launched as a sandboxed app.
I asked on Twitter,
Both Brian Webster and Jim Correia got back to me:
@bwebster: That does make sense, since it is the code sign tool that’s used to encode the sandbox entitlements when building.
@jimcorreia: The app-sandbox is an entitlement. Entitlements are embedded in the code signature.
Hopefully this helps you out if you find that your sandboxed app is showing up as not sandboxed.