Hi,
I developed a utility app that allows monitoring system activity and usage. It is a sandboxed app distributed via the Mac App Store. Because in the sandbox I cannot fetch enough data about system activity (like processor temperature, fans, etc.), I developed a little Helper app (non-sandboxed), which currently is distributed via my website, and to enable extra features it provides, the user is asked to download and install it manually (it installs itself as a daemon).
I'm looking for ways to improve the user experience. Ideally, it would be a button inside the main app, which would download and install the helper app, without asking the user to do more than pressing a button.
As far as I understand, in the previous versions of macOS, it would be possible with privileged helpers and SMJobBless
, but those are deprecated APIs now.
Another way I tried, is simply downloading the installer app from the website, but opening it programmatically from the main app is tricky since it cannot remove it from the quarantine, in other words, it fails with "operation not permitted".
Any advice is appreciated!
I don’t work for App Review and thus can’t make definitive statements on their behalf but…
I’d be very concerned about this overall approach. Specifically, review clause 2.4.5 of the App Review Guidelines.
Coming back to the technical side of this:
As far as I understand, in the previous versions of macOS, it would be possible with privileged helpers and SMJobBless
No, that’s not right, on two fronts:
-
SMJobBless
has never been usable from a sandboxed app. -
SMJobBless
requires that the privileged executable be physically located within your app, and App Store requires that such executables be sandboxed.
opening it programmatically from the main app is tricky since it cannot remove it from the quarantine
Right. If a sandboxed app could download non-sandboxed code and execute it without user interaction, that wouldn’t be much of a sandbox (-:
If I were in your shoes I’d ship this helper daemon as an installer package.
Which is not a guarantee that this’d be acceptable to App Review. Honestly, I don’t know what they’ll make of it.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"