Install non-sandboxed Helper app from sandboxed Main app

Hi,

I developed a utility app that allows monitoring system activity and usage. It is a sandboxed app distributed via the Mac App Store. Because in the sandbox I cannot fetch enough data about system activity (like processor temperature, fans, etc.), I developed a little Helper app (non-sandboxed), which currently is distributed via my website, and to enable extra features it provides, the user is asked to download and install it manually (it installs itself as a daemon).

I'm looking for ways to improve the user experience. Ideally, it would be a button inside the main app, which would download and install the helper app, without asking the user to do more than pressing a button.

As far as I understand, in the previous versions of macOS, it would be possible with privileged helpers and SMJobBless, but those are deprecated APIs now.

Another way I tried, is simply downloading the installer app from the website, but opening it programmatically from the main app is tricky since it cannot remove it from the quarantine, in other words, it fails with "operation not permitted".

Any advice is appreciated!

Answered by DTS Engineer in 804317022

I don’t work for App Review and thus can’t make definitive statements on their behalf but…

I’d be very concerned about this overall approach. Specifically, review clause 2.4.5 of the App Review Guidelines.

Coming back to the technical side of this:

As far as I understand, in the previous versions of macOS, it would be possible with privileged helpers and SMJobBless

No, that’s not right, on two fronts:

  • SMJobBless has never been usable from a sandboxed app.

  • SMJobBless requires that the privileged executable be physically located within your app, and App Store requires that such executables be sandboxed.

opening it programmatically from the main app is tricky since it cannot remove it from the quarantine

Right. If a sandboxed app could download non-sandboxed code and execute it without user interaction, that wouldn’t be much of a sandbox (-:

If I were in your shoes I’d ship this helper daemon as an installer package.

Which is not a guarantee that this’d be acceptable to App Review. Honestly, I don’t know what they’ll make of it.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I don’t work for App Review and thus can’t make definitive statements on their behalf but…

I’d be very concerned about this overall approach. Specifically, review clause 2.4.5 of the App Review Guidelines.

Coming back to the technical side of this:

As far as I understand, in the previous versions of macOS, it would be possible with privileged helpers and SMJobBless

No, that’s not right, on two fronts:

  • SMJobBless has never been usable from a sandboxed app.

  • SMJobBless requires that the privileged executable be physically located within your app, and App Store requires that such executables be sandboxed.

opening it programmatically from the main app is tricky since it cannot remove it from the quarantine

Right. If a sandboxed app could download non-sandboxed code and execute it without user interaction, that wouldn’t be much of a sandbox (-:

If I were in your shoes I’d ship this helper daemon as an installer package.

Which is not a guarantee that this’d be acceptable to App Review. Honestly, I don’t know what they’ll make of it.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks for the answer!

Could you elaborate more on shipping the helper daemon as an installer package? Is it shipping it with the main app's bundle somehow? How would it look technically?

Sandbox is a great concept, but in many cases, it just limits basic functionality, which otherwise is available in many apps shipped outside of the Mac App Store. Those apps have a big competitive advantage, better developer experience, and no app review. Over time I become only more frustrated with the restrictions Apple imposes.

Accepted Answer
Could you elaborate more on shipping the helper daemon as an installer package?

I’m envisaging an entirely separate product that users download from your website. The installer package just makes it easy for the user to install it. You could just as easily make it a separate app that uses SMAppService to install the daemon.

Is it shipping it with the main app's bundle somehow?

No. This isn’t possible because all code that you ship via the Mac App Store must be sandboxed.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Okay, yeah, that's what I thought. Thanks for your time!

Install non-sandboxed Helper app from sandboxed Main app
 
 
Q