A Story About Privacy

A few years ago, I was using Visual Studio Code to write an article. I did not want to copy the content over to Microsoft Word, or Pages just to do the spelling and grammar check, and then copy it back. So, I went to marketplace, and installed an extension, like most of us do in need of something.

It was not useful. But when I digged into it to see why it wasn't working and how to improve it, I found that it actually sent the text to a free service hosted somewhere to do the work.

I was not working on something secretive. But I certainly did not want my writing went to some random place without me knowing it. That was when I started to consider the idea of a sandboxed app, a sandboxed app with no network permission. So you can be totally sure such app can only perform the work you intended for them to do, your data truely stays local.

Mac App Store only accepts sandboxed app. An app must specify what kind of permissions are required. It is enforced by Apple's review process. It was a pain to go through the process. It still is. The reward is a safe app to use.

Take eWriter, Numathic Write, and AI Editor for example, they both require only

  • com.apple.security.print
  • com.apple.security.files.user-selected.read-write

That is it.

So, it can only print, and read/write user selected files.

You can check more possible permissions in here, App Sandbox Entitlements.

There are much more.

If an app did not declare network permission, but tried to perform networking calls, even if it managed to pass the review process, at runtime, operating system would reject it.

Apps become increasingly complex. Rare is the case an app is written entirely by one team. Most apps use SDKs, open source libraries, plugins, etc. Having such layer of protection is very important to contain the risk of malicious code.