Can a Helper app run outside the Sandbox?

I am placing a couple of Helper apps in my desktop application for the MAS. I know that the main application itself will not run if the helper app inside is tampered due to the sandboxing, but if someone dragged out the Helper application from my sandboxed MAS application, should the helper app be able to run perfectly well outside the main sandboxed application?

I can probably get my helper app to test to see if it’s running inside the main application (and quit if not), but is this necessary?

It seems to be possible.

I copied a helper app to the desktop and started it manually, and it runs without failure.

I have a window-less helper app in /Contents/Library/LoginItems of my main application, which is codesigned/sandboxed.

After dragging it out to the desktop and starting it, I can see it running in the activity monitor and from there I can kill it again (which is not possible, if the helper is started from the main app itself).

So if I don’t want people to ‘steal’ by Helper apps then I need to check where they’re running from. Thanks.

Why would a normal user do that?

A ‘normal’ user wouldn’t, but an abnormal user might. I have created a desktop app that is a wrapper for a WebApp. If someone can go into the Package Contents and extract the WebApp then they can steal my software via the MAS!

I have no idea how you call your helper, but it is probably feasible to do that with some encrypted parameters, so if anybody simply double clicks on the helper it quits.

That’s not a bad idea IMHO.

Good idea. But areyou sure that parameter can’t be shown somehow?
At least in Ubuntu you can press “c” when in “top” to show the processes parameters and stuff.
This is OS X though maybe thats not possible there :slight_smile:

EDIT: ps -ef

[quote=194998:@Albin Kiland]Good idea. But areyou sure that parameter can’t be shown somehow?
At least in Ubuntu you can press “c” when in “top” to show the processes parameters and stuff.
This is OS X though maybe thats not possible there :slight_smile:

EDIT: ps -ef[/quote]
If it is THAT critical, then you could also add a timestamp to the encrypted parameter. In the helper app you can check if the parameter is within a certain timeframe. Like that you have a unique parameter each time …

For instance, I am sending commands to a helper app, included in an encrypted JSON string. The helper expects certain keys and values and won’t react otherwise.

Oliver this were my thoughts… I was typing while your post appeared :wink:

Otherwise a tempfile would do the same… then you wouldn’t need a commandline switch or better an encrypted sqllite license file in users folder, all your launching apps will check credentials there, without this license file nothing will start up. I’ve also put database connection information in there so a customer can only use it for his database and not another one.

This is my solution I am using for all my Apps. This works for both AppStore and non-AppStore Software an handling is quite easy (for non AppStore Apps):


[quote=194998:@Albin Kiland]Good idea. But areyou sure that parameter can’t be shown somehow?
At least in Ubuntu you can press “c” when in “top” to show the processes parameters and stuff.
This is OS X though maybe thats not possible there :slight_smile:

EDIT: ps -ef[/quote]

Just an example of what I do in Elementary Letters to prevent misuse of my web service : the parameter is time stamped, so even with a break to catch the command line, unless the hacker is very quick, whatever he copied is worthless.

I see Oliver has got the same idea.