Where can a sandboxed Mac app save files?

macos sandbox file access
xcode disable app sandbox
macos check if app is sandboxed
libsystem sandbox
ios app sandbox access

My Mac app is sandboxed and I need to save a file. Where do I save this file? I can't seem to find the specific place where this is allowed without using an open panel. This is how I do it on iOS:

NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
NSString *path = [paths objectAtIndex:0];

What is the equivalent for the sandboxed directory on Mac?

That code snippet works on the Mac regardless of whether your application is sandboxed.

In a non-sandboxed Mac app, path will refer to the Documents folder in your home: e.g. /Users/username/Documents.

In a sandboxed app, it refers to a folder within the app sandbox: e.g. /Users/username/Library/Containers/com.yourcompany.YourApp/Documents

See the docs for details.

App Sandbox in Depth, App Sandbox Design Guide. PDF Companion File. Table of Contents. Jump To… Download Sample Code. Introduction · App Sandbox Quick  Apple has built a mechanism for Mac OS X called Powerbox that enables sandboxed apps to open or save files at the user's direction, rather than trusting every app itself with full control of the

Apple's Sandboxing guide is very useful, found here.

You basically have a folder dedicated for your app, as described by theAmateurProgrammer in reply to my question here.


Here is what I have so far, I will improve it later:

//Create App directory if not exists:
NSFileManager* fileManager = [[NSFileManager alloc] init];
NSString* bundleID = [[NSBundle mainBundle] bundleIdentifier];
NSArray* urlPaths = [fileManager URLsForDirectory:NSApplicationSupportDirectory 

NSURL* appDirectory = [[urlPaths objectAtIndex:0] URLByAppendingPathComponent:bundleID isDirectory:YES];

//TODO: handle the error
if (![fileManager fileExistsAtPath:[appDirectory path]]) {
    [fileManager createDirectoryAtURL:appDirectory withIntermediateDirectories:NO attributes:nil error:nil];

App Sandbox, To distribute a macOS app through the Mac App Store, you must enable the App read-only access to files the user has selected using an Open or Save dialog. For more information about App Sandbox, read App Sandbox Design Guide. App Sandbox Entitlement Keys. This section describes the keys you can use to confer capabilities to a sandboxed app in macOS. The first key enables App Sandbox; the others configure the sandbox. If App Sandbox is not enabled, the other keys in this section are meaningless.

Converting @Mazyod's answer into Swift (5.1):

var appPath: URL? {
    //Create App directory if not exists:
    let fileManager = FileManager()
    let urlPaths = fileManager.urls(for: .applicationSupportDirectory, in: .userDomainMask)
    if let bundleID = Bundle.main.bundleIdentifier, let appDirectory = urlPaths.first?.appendingPathComponent(bundleID,isDirectory: true) {
        var objCTrue: ObjCBool = true
        let path = appDirectory.path
        if !fileManager.fileExists(atPath: path,isDirectory: &objCTrue) {
            do {
                try fileManager.createDirectory(atPath: path, withIntermediateDirectories: true, attributes: nil)
            } catch {
                return nil
        return appDirectory
    return nil

However, the directory has changed and I am not sure that the additonal repetition of the bundle ID is needed as the path is

"/Users/**user name**/Library/Containers/**bundleID**/Data/Library/Application Support/**bundleID**". 

But it seems to work.

Sandboxing Apps on Mac, The first time you run a sandboxed app, macOS creates a "container" folder for the app in Library/Containers under the user's home folder. It uses the app's bundle ID to name the container folder. This container is for the app's sole use; other apps do not have access to the app's container folder. I am working on an app for OS X 10.9 with swift, sandboxed. The app needs access to a SQLite database file. I let the user choose/open a file with NSOpenPanel. I then save the file path with NSUserDefaults for later use. I want this file to be opened automatically every time when the app is started again.

Modern AppKit File Permissions, A sandboxed macOS app doesn't have access to the entire file system. Instead, apps have to be granted permission to read & write to specific folders. This isn't true for your sandbox of course. Each app is given an isolated place to store data, documents, cache, and settings. Sandboxed apps can only perform certain tasks and with certain files. (Apps offered directly by developers have freer range, but you may have to approve certain kinds of access via the Security

BBEdit and App Sandboxing, “App Sandboxing” is a term that refers to a collection of security technologies built in backup and auto-recovery files in the same directory as the file being saved; In addition, the macOS security system imposes additional restrictions when  Take the “Save and Open” dialog box in macOS. The app, inside its sandbox, cannot directly access filesystem resources on your hard drive. It cannot, for example, draw an open panel at “~/Documents.” Instead, the app must ask the Powerbox API with NSOpenPanel and NSSavePanel classes to access the panel.

How to grant a Mac app permission to read the whole filesystem , It's a bit tricky but, but you can remove the sandbox by changing the <key>com. apple.security.app-sandbox</key> value (which is set to < true />) with a hex editor. In macOS Customer feedback will help shape what Mac App Store apps can and can not do in the future. Maybe the app is protecting their files from itself. An app’s sandbox is automatically enlarged to include all of the app’s group containers. The containers themselves are stored in ~/Library/Group Containers/<application-group-id>, where <application-group-id> is the name of a group, as specified in one of the entitlement’s group identifier strings.