In the Kaju Updater conversation, it sounded like some people are sandboxing apps that are not distributed via the Mac App Store.
Given the pains associated with sandboxing and the fact that it is not required unless you are in the MAS, I’m wondering why someone would choose to use it when they don’t have to. Anyone doing this care to share? Or did I misread that?
[quote=157722:@Paul Lefebvre]In the Kaju Updater conversation, it sounded like some people are sandboxing apps that are not distributed via the Mac App Store.
Given the pains associated with sandboxing and the fact that it is not required unless you are in the MAS, I’m wondering why someone would choose to use it when they don’t have to. Anyone doing this care to share? Or did I misread that?[/quote]
So your app doesn’t bring up dreaded untrusted source dialog and make the user think twice about installing it.
Sandboxing is not the same as code-signing - it’s possible (and desirable) to have all your apps properly signed, but that can be done without Sandboxing.
As Michael said, you just need to code-sign to avoid the “untrusted dialog”. Sandboxing is not necessary for that.
It’d be good if applications that fit into the sandboxing model were sandboxed. A sandboxed application is definitely more secure than a non-sandboxed application.
Because developing, testing and maintaining two versions of one app is a unnecessary headache. For database applications sandbox provides more security and if one works towards mas, then it is better to test all the time a sandboxed version.
And if one makes use of the app support folder, then one can be sure to find it always at the same location.
Still one may have good reasons to distribute one version of an app via MAS (like a single user version) and another, more expensive one via homepage (like a multi-user, enterprise version).
It then Is easier to have them all sandboxed.
I try to sandbox every application, App Wrapper is an exception. Why you ask, especially when not shipping on MAS.
The main reason is compatibility, MAS apps and non-MAS apps store files in different places, so they become incompatible with users settings. Sometimes I swap a MAS customer over to the version on our site or vice versa.
[quote=157901:@Sam Rowlands]I try to sandbox every application, App Wrapper is an exception. Why you ask, especially when not shipping on MAS.
The main reason is compatibility, MAS apps and non-MAS apps store files in different places, so they become incompatible with users settings. Sometimes I swap a MAS customer over to the version on our site or vice versa.[/quote]
That’s why I sandbox all of my Mac apps now, because the file locations differ, which makes it difficult to switch from a sandboxed to a non-sandboxed version or vice versa.
Least not we forget that Security Scoped Bookmarks cannot be opened by a non-sandboxed application and regular bookmarks can’t be opened by a Sandbox application.
Oh man… Have you tried to create a Sandboxed application… Scratch that, have you tried to Sandbox an existing application! That’s the most painful, build a new application is 100x easier.
I can envision one day that all apps for OS X will have to be Sandboxed, I just hope by then that the Sandbox is more useful, so that Apps like App Wrapper (for Sandboxing apps) can itself be Sandboxed. FYI App Wrapper 3 was designed as a Sandboxed application, but there were too many issues in the way.
I wondering myself where the heck you all write your files?
If you follow Apple Guidelines, always using Users’ SpecialFolders for your local stored files, then nothing should go wrong with sandboxed apps. Sandboxed does not mean, that you do not have access to Contacts, Documents or Hardware etc. at all. You have to define this yes, but App Wrapper helps u a lot and I do not see the problem?
Application Support, Preferences, Resume data folder and Auto Save folder are within the application container for a Sandboxed application and not for a non-Sandboxed application (various apps of ours use some or all of these folders).
You shouldn’t be reading or writing to the preferences folder, however even if you use NSUserDefaults or CFPreferences, they both uses the different locations.
You could also say, that once you’ve put all the effort into Sandboxing your application, why maintain two different versions (which can lead to issues if you’re not careful), even if it’s from the same Xojo project.