Distributing macOS App and Network extension App with App Sandboxing disable

Hello All,

We have a macOS app which contains Network Extension(NEAppProxyProvider). The macOS app will launch network extension internally. Sandboxing is enabled for Network extension.

We are not planning to distribute app via app store.

Do we need to enable sandboxing for macOS App as well?

We have tested our app with sandboxing disabled, things are working fine. We want to verify if this is supported way and not a hack which might fail in future updates.

Thanks in advance.
Up vote post of NimishS Down vote post of NimishS
351 views
Posted by
NimishS
Reply
Add a Comment

Accepted Reply

Keep in mind that many sandboxing features can be disabled via temporary exception entitlements, and doing that selectively is better than disabling the sandbox entirely.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

We do recommend you enable it, so the security benefits can apply to the app as well, but It is technically supported for the app to remain unsandboxed.
Posted by
Security Engineer
Post not yet marked as solved Up vote reply of Security Engineer Down vote reply of Security Engineer
Add a Comment
Keep in mind that many sandboxing features can be disabled via temporary exception entitlements, and doing that selectively is better than disabling the sandbox entirely.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment
Thanks you all for the suggestions,

We will add temporary exception in the entitlements while keeping sandbox enabled.
Posted by
NimishS
Up vote reply of NimishS Down vote reply of NimishS
Add a Comment