---
title: App Sandbox
framework: Security
role: collectionGroup
platforms: []
path: security/app_sandbox
---

# App Sandbox

Restrict access to system resources and user data in macOS apps to contain damage if an app becomes compromised.

## Overview

App Sandbox provides protection to system resources and user data by limiting your app’s access to resources requested through entitlements.

> **important:** To distribute a macOS app through the Mac App Store, you must enable the App Sandbox capability.

## Topics

### Essentials

- [App Sandbox Entitlement](../bundleresources/entitlements/com.apple.security.app-sandbox.md)
- [Protecting user data with App Sandbox](protecting-user-data-with-app-sandbox.md)
- [Embedding a command-line tool in a sandboxed app](../xcode/embedding-a-helper-tool-in-a-sandboxed-app.md)
- [Discovering and diagnosing App Sandbox violations](discovering-and-diagnosing-app-sandbox-violations.md)

### Network

- [com.apple.security.network.server](../bundleresources/entitlements/com.apple.security.network.server.md)
- [com.apple.security.network.client](../bundleresources/entitlements/com.apple.security.network.client.md)

### Hardware

- [Camera entitlement](../bundleresources/entitlements/com.apple.security.device.camera.md)
- [com.apple.security.device.microphone](../bundleresources/entitlements/com.apple.security.device.microphone.md)
- [com.apple.security.device.usb](../bundleresources/entitlements/com.apple.security.device.usb.md)
- [com.apple.security.print](../bundleresources/entitlements/com.apple.security.print.md)
- [com.apple.security.device.bluetooth](../bundleresources/entitlements/com.apple.security.device.bluetooth.md)

### App Data

- [Address book entitlement](../bundleresources/entitlements/com.apple.security.personal-information.addressbook.md)
- [Location entitlement](../bundleresources/entitlements/com.apple.security.personal-information.location.md)
- [Calendars entitlement](../bundleresources/entitlements/com.apple.security.personal-information.calendars.md)

### File Access

- [Accessing files from the macOS App Sandbox](accessing-files-from-the-macos-app-sandbox.md)
- [Migrating your app’s files to its App Sandbox container](migrating-your-app-s-files-to-its-app-sandbox-container.md)
- [com.apple.security.files.user-selected.read-only](../bundleresources/entitlements/com.apple.security.files.user-selected.read-only.md)
- [com.apple.security.files.user-selected.read-write](../bundleresources/entitlements/com.apple.security.files.user-selected.read-write.md)
- [com.apple.security.files.downloads.read-only](../bundleresources/entitlements/com.apple.security.files.downloads.read-only.md)
- [com.apple.security.files.downloads.read-write](../bundleresources/entitlements/com.apple.security.files.downloads.read-write.md)
- [com.apple.security.assets.pictures.read-only](../bundleresources/entitlements/com.apple.security.assets.pictures.read-only.md)
- [com.apple.security.assets.pictures.read-write](../bundleresources/entitlements/com.apple.security.assets.pictures.read-write.md)
- [com.apple.security.assets.music.read-only](../bundleresources/entitlements/com.apple.security.assets.music.read-only.md)
- [com.apple.security.assets.music.read-write](../bundleresources/entitlements/com.apple.security.assets.music.read-write.md)
- [com.apple.security.assets.movies.read-only](../bundleresources/entitlements/com.apple.security.assets.movies.read-only.md)
- [com.apple.security.assets.movies.read-write](../bundleresources/entitlements/com.apple.security.assets.movies.read-write.md)
- [All files entitlement](../bundleresources/entitlements/com.apple.security.files.all.md)
- [NSAppDataUsageDescription](../bundleresources/information-property-list/nsappdatausagedescription.md)