Sandbox application and file access

A normal non-sandboxed application presents a dialog box when you attempt to open a file it doesn’t have access to:

If you click the OK button the application can proceed and open the given file normally.

When I package the application for MAS the app becomes Sandboxed. This functionality is gone, you can access a file after you open it but you never get this message.

I know it’s a long shot but I don’t suppose there’s a way for this to work. Something I’ve not done with the AppWrapper. @Sam_Rowlands

In a sandboxed app the “documents” folder is inside the sandbox container and this document folder is accessible without any dialog…

Not for me. Attempts to open the file, without completing the OpenFile dialog, cause a IO Error 1, which is an access denied error.

I’m using Ventura

SpecialFolder.Documents will get you the sandboxed documents folder, but that is not an alias to the user’s normal documents folder. That remains outside of the sandbox container.

In a sandboxed app you can not access the whole documents folder. You’ll need to adjust your app’s design.

It’s been a while since I’ve tried anything like this, but the last time I tried, the response I got from the App Store team was “No, this is not allowed”. It is technically possible on the macOS level, it’s also possible on the App Sandbox level, but is prohibited on the App Store level without redesigning your app.

Document based application.
If your application opens each document in its own window, this is a “Document based application” and therefore according to the App Store rules, the user must be presented with a open and save dialog to open or save documents. If you want to re-open documents when the application is relaunched, you need to look at the Window Restoration work I did in the now discontinued Ohanaware App Kit.

Shoebox application.
If your application features one single main window and the user can only work on one document at a time and you auto manage file management for the user, this is a Shoebox application. This gets more complicated with the App Store rules (not macOS or App Sandbox).

  1. On first launch of the application, the user must be asked where to create the data store.
  2. That location is then saved to the application preferences as a Security-Scoped Bodgemark.
  3. Everytime you need to access a file within that location, you request access to the bodgemark. If it’s granted you’ll receive a path to which you can then navigate, in order to open or save a file.
  4. Once you’ve completed what you need to do, you must close access to that location. You have 90 seconds to do everything you need to do, if you exceed that limit or don’t close access, your application can not only lose access to that location (forever) but can even lose access to all items in your application’s container (which includes preferences).

There are more conditions with security-scoped bodgemarks that I’ve written about several times on this forum. My general advice is to avoid them at all costs, especially since they can and do fail, leaving you without access and any idea as to what the SSB was pointing too.

Security-scoped Bodgemark code was also available in my discontinued Ohanaware App Kit.

There was a much easier solution for Shoebox applications, but this too is now prohibited by App Store rules. You used to be able to keep your shoebox data within the application container and allow the user to “Export” documents that they want to share with others. This was rejected in an app update, Apple said shoebox data must be done via the approved route and my bug fix update never got released.

You will notice that there are apps on the App Store that do not adhere to these “rules”. This is because some developers are more equal than others, and are allowed to flaunt the rules. Apple admitted this in the EPIC v.s. Apple trial. You may also find that these rules have changed, but you won’t know for sure until you submit your application to Apple for approval. There is no way to gain pre-approval before attempting any work.

Deciding if it is worth it
One thing I’ve been telling developers in the last few years is to research a marketing plan before they begin adapting their application for the App Store. I know of far too many developers who’ve wasted time and effort adapting their app for the App Store, only to gain 10s of sales, rather than 100s or 1000s and some of those noticed a drop in sales on their own site, so the App Store not only cost them in development time, but also they lost money as the App Store rates are the highest among payment providers.

Unfortunately I’ve not been able to find a marketing plan for my own apps on the App Store (without sacrificing sales on my own site) and therefore I can’t recommend one for you.

Most of all, good luck.

The app is certainly a Document bases application. It has datasets that it can perform analysis on. These are stored where ever the user desires. They are likely produced by data entry into the application or other system. It can import data from various file formats (text, csv, gif, xlsx, dbf etc).

I had built a system where you could preview the data import before loading, which has run into issues with the sandbox. Obviously I will rework that to be the old style, pick a file and then configure the import mechanism / preview the loading.

My only other issue seems to be due to recent files list. I’ve already started looking into SSBs, which I know can solve that problem. As for loading one file sometimes requires a second to read it, but I already know how to deal with that issue.

Thanks for the help. I just wanted a confirmation that I didn’t just need to set a setting to get things working again, and obviously look for the pitfalls that may be there.

Like Window Management, Apple have a subsystem for managing recent files. I figured out how to use in such a way that makes it 100% compatible with the App Sandbox, without needing Security-Scoped Bodgemarks. The code result of my research and testing is part of the discontinued…

Back in 2015, I wrote to the CEO and asked for a document based application template (to match other dev tools). Once I’d gotten a pretty good understanding of the macOS, I wrote my own. It included all the base and expected macOS functionality that I could code for. It was really cool, because you basically focused on what makes your app unique. This too was part of, you guessed it…

With that unavailable, is the recent files system available anywhere? The old links from the forum have gone.