Application Sandbox

App Sandbox is an access control technology provided in Mac OS X.

With some exceptions, applications that are sandboxed are only able to access files inside their own storage areas, and cannot change system settings.

As a security measure, all applications submitted to Mac App Store are required to make use of app sandbox.

Sandboxed applications must request access to certain protected hardware or operating system features by using "entitlements".

For example, there are optional sandbox entitlements to enable access to the network, your address book, bluetooth devices and calendar entries. Applications without these entitlements set are unable to access each of those respective resources.

An application that isn't sandboxed has the full rights to the contents of your user account and is able access any resources that you are able to access, for example: Documents, Music, Pictures, connecting to the internet, listening for connections on the network, webcam, etc.