'sandboxd: deny file-write-create' when writing to app's own bundle

Question

I\'ve written a program in the Mac App store which displays some graphics. Occasionally it updates these off the internet. As with most folks, I\'m having to Sandbox my app now.

Answer 1

OS X apps should never write into the app bundle (even if they aren't sandboxed). In OS X, the application doesn't have any more access to the file system than the user does on their own, and the user (generally) won't have permissions to modify anything in /Applications. Note that this is quite different from iOS apps, which normally store their data inside the app bundle.

In OS X, application data is generally stored in each user's Library folder, in one of a number of subfolders depending on the type of data it is; see Apple's note on "The Library Directory Stores App-Specific Files" for the primary ones. Sandboxing complicates this, because each app gets its own Container inside the user's Library. Apple provides a number of methods for determining the correct location for various kinds of data; see "Determining Where to Store Your App-Specific Files".