Applescript and Sandboxing

With the deadline for sandboxing apps coming up soon, I’m wondering what that means for apps that control other apps with ASOC or just plain applescript. Does anyone know what Apple’s policies are on this?


As far as I know, no control of other apps is allowed with sandboxing. You can’t jump in other apps’ sandboxes. :slight_smile:

I am not certain if an ASOC app can work under sandboxing rules though. I don’t see why it wouldn’t, but I have not tested it. I have decided to use cocoa only from now on and only rely on ASOC if I need to drive other apps, which means no app store, thus no need for sandboxing.

I had to change my UI and some thing like saving URLs in the plist file with NSKeyedArchiver, but nothing too terrible.

Also, the app works without any change on snow leopard, which means sandboxing is probably only some kind of xml file that sets its permissions, and not within the binary itself. Not sure.

Model: MacBookPro8,2
Browser: Safari 534.51.22
Operating System: Mac OS X (10.7)

You can read about it here:

Quoting the above:

Sounds like we need a special permission from Apple, and will remain temporary whatever we do…

I’m guessing that if you write an app to control a particular app, you would have no trouble getting approval – but I don’t know for sure. As for the “temporary” bit, you’re correct – but in reality everything about the App Store is temporary in that Apple can (and does) change the rules whenever it wants to.

Seems a lot of hassle to become lost in a sea of hundreds of thousands…

100% totally in agreement…

Plus, there is NO way to make sure the person that buys your app actually does have the other app yours controls, no reimbursement… potential ugly mess.

Model: MacBookPro8,2
Browser: Safari 534.51.22
Operating System: Mac OS X (10.7)

I’m in that position right now, but I essentially “did all I could” and let Apple deal with customers who can’t read. I also made the first image of my gallery be a graphic saying “you have to own this [InDesign CS3,4,5] to run this [my app]”. Ugly but effective I assume. Search for “ID Font Catalog” on the store to see what I did.

FWIW, I haven’t had a single complaint come directly to my support emails in regards to that (and I do have a help menu item just for “send email to developer”). And in my private sales on my site, I had only a handful of those over the course of 7 years selling 3 different apps. Maybe 10 total… 8 “oh it’s not for Windows?” and 2 “I don’t have InDesign”.


Example: do shell script “bla”

Is this sending an Apple Event to an arbitrary app???

I suspect so. But NSTask is a workaround for that.

normally do shell script doesn’t send Apple Events unless bla is osascript


OTOH, if sending an Apple Event to an arbitrary app is considered a security risk and therefore not allowed, it’s hard to see “do shell script” getting the stamp of approval. Overlooked, perhaps, but I’d be surprised otherwise…

Hi All,

I spent a week working on sandboxing for my main app, which is OBJ-c and runs applescript via NSAppleScript for TextEdit, iPhoto, and a few other applescript utility handlers. I set up all the entitlements with the “temporary” property key and listed the affected apps. It all worked but there were problems and bugs, the main one being with the open dialog (not applescript related) which caused the regular old open dialog to throw an error about 30% of the time and not open. My gut feeling is this is a buggy environment and it literally feels like you are trying to pry things out of the sandbox. Some of the apple events seemed slower and buggy.

I gave up.

I just submitted my two ASOC image apps to MAS and gave up on sandboxing for the same reasons, the main one being the open dialog (either from ASOC or a separate OBJ-c class) and a few other issues which was it just didn’t work. Image events bailed and do shell script “sips…” didn’t go either. So I have submitted them both un-sandboxed before the deadline. Be sure to get all your features, you may want to implement in the future, in place now since they only will allow bug fixes for non-sandbox.

I think it is a real bummer and if they stick to the deadline, have not worked the sandbox out yet which is too bad.

I will try again once the deadline is past and I can experiment. Will let you know if I can get it to work.

Any bets on whether they extend the deadline again?

Best, Rob

I’d say it’s very unlikely…

Dear friends,

Thanks for the comments…

I have another problem here too, my app creates a PDF document, which can be sandboxed, no problem.

But I have a button that once clicked creates an email message at attaching the PDF document.


  1. How does Apple expect me to do this under sandbox rules? Just forbidden?

  2. Is this a case that I should apply for a “temporary exception entitlement”?

Please share with me your point of view.


I suspect number 2.

I am trying to sandbox my first ASOC app…

When I compile I see this on console:

I have lines similar to this for every script or class…

The app compiles and runs fine, but I wonder what is happening, if this issue is ASOC related.

Thanks for your comments…