I have a very simple macOS app, built with latest swift, latest xcode. Is it sandboxed, and only launches another app (from the app store - with its own code signing).
I have placed this other app in my launcher's app bundle, and launch it with NSWorkspace.shared.openApplication.
My issue is that while the launcher app itself is sandboxed, its restrictions are not applied to the launched app. The launched app is sandboxed (it was sandboxed by the original developer), but has wider permissions.
It seems either a security flaw or I am misunderstanding something. Can anyone shed lights on this? Thanks!