App Sandbox provides the last line of defense against stolen, corrupted, or deleted user data if malicious code exploits your macOS app. App Sandbox minimizes damage from coding errors in your app or in frameworks you link against. Simply enabling App Sandbox provides the maximum level of restrictions on how an app can interact with the rest of the system. App Sandbox is required if you submit your app to the Mac App Store. Therefore, if you plan to upload your app to iTunes Connect, enable App Sandbox during development too.
For a complete description of App Sandbox entitlements, refer to Entitlement Key Reference. If you’re enabling App Sandbox for an existing app, read App Sandbox Design Guide to learn the locations that a sandboxed app can access.
In the project editor, select the target and click Capabilities.
In the App Sandbox section, click the switch to turn it from OFF to ON.
Xcode adds an entitlements file (a file with a .entitlements file extension) to your project and automatically enters default values for some entitlements. Xcode also enables the App Sandbox entitlement.
Use the App Sandbox checkboxes to describe the minimum set of capabilities the target needs to do its job.
Optionally, set specific permissions for file types. Choose a permission from the pop-up menu in the row that best describes the file type.