iOS apps have always been sandboxed and while a significant number of users might not know just what that means in terms of app stability and permissions, it is likely that they know the restriction is there to keep things running smooth. Apple introduced sandboxing for OS X apps in 2012 for the then-upcoming Mountain Lion. Now, all new apps submitted to the Mac App Store must be sandboxed and while many users may not have noticed the difference, developers certainly have. If you have ever wondered just what a sandboxed app running on your Mac is doing, i.e. what permissions the app is using, SandboxInfo is a free app available in the Mac App Store that tells you just that. The app might be useful for developers as well, but for end users, it is the easiest way to see what an app can do, and check its signing authority.
Once installed, drag & drop an app icon on to the app window, or select it by clicking the ‘Choose Application (s)’ option. If you select multiple apps to check, SandboxInfo will open a separate window for each one.
SandboxInfo reports four types of permissions that an app might be using: File access, Devices, Exceptions, and Raw Data. Stock apps are not sandboxed and have full access to all features of the OS. Third party apps downloaded from the Mac App Store or from the developer’s own website may or may not be sandboxed.
Apps that are sandboxed are indicated by showing what level of access they have under each permission head. File Access tells you which files on your system the app can read and write to, the Devices section lists the devices it can connect with, Exceptions lists any exceptions that you might have granted the app, and Raw Data shows files that have been created by the app and that the app can write to. You will find the app’s plist file listed here.
To check the signing authority of an app, click the Signing Authority button at the top, and a popup will appear with the details. For apps downloaded from the Mac App Store, Apple will be the signing authority. For most other apps, the signing authority is the developer itself, or in cases, a publisher.
SandboxInfo also indicates when an app is not sandboxed and when it has not been signed. Although it is pretty good for checking the Sandbox status of any app, it isn’t easy for an end user to understand what the permissions mean. The app could do with either a simple explanation of the permissions, or add an indication if any of the permissions that app has might be potentially dangerous.