What is sandboxing?
Sandboxing refers to minimizing what system resources an application can access: files, folders, operating system features, and hardware components such as the camera or microphone.
Sandboxing protects your Mac in case an application is damaged or compromised by a virus or network attack: a sandboxed app can't steal or destroy personal data if it doesn't have access to them.
Apple introduced App Sandbox in Mac OS X Leopard (10.5). For an in-depth technical explanation of sandboxing in macOS, go to About App Sandbox on the Apple Developer site.
Sandboxed vs. non-sandboxed applications
Apple required that applications sold in the Mac App Store must use App Sandbox as of June 1, 2012. Some third-party developers sell their applications both through the Mac App Store and through direct sales. Versions sold through direct sale and through the Mac App Store may both use App Sandbox, but the direct-sale version may have functionality that Mac App Store restrictions doesn't allow.
How can I tell which applications are sandboxed?
You can see which applications use App Sandbox in Activity Monitor by adding a column to the table of processes.
- Open Activity Monitor (/Applications/Utilities/Activity Monitor)
- Control-click on a column header; a dropdown menu appears
- Select Sandbox to add Sandbox column to the window
Applications which use the built-in macOS sandboxing features will have a “Yes” in that column.
Some developers use their own sandboxing model instead of using App Sandbox, so Activity Monitor may not list them as sandboxed.
How does sandboxing affect font activation?
Applications which use App Sandbox are unable to use fonts that aren’t located in one of the operating system font folders:
- /System/Library/Fonts/
- /Library/Fonts/
- /Users/username/Library/Fonts/
Connect Fonts stores fonts in its font vault instead of in an operating system font folder. Sandboxed applications that try to use fonts in Connect are blocked by App Sandbox; the effects can vary based on the application. Some applications may prompt you to enter your macOS username and password to grant access to the font. Other applications will replace the requested font with a placeholder font such as .LastResort, Calibri, or Myriad. If you have questions about how a specific application uses sandboxing, you should contact the developer.
A sample of text in Microsoft Word 365
The same text with a placeholder font
Resolving font conflicts in sandboxed applications
Apple hasn't provided a way to make fonts or other resources available to sandboxed applications. Until they do, you should avoid using fonts that aren't in an operating system font folder when working in applications such as Keynote, Microsoft Word, Pages, or Safari. If those applications must use specific fonts, you should keep copies of those fonts in the /Library/Fonts/ or /Users/username/Library/Fonts/ folder.
Note: Connect Fonts can activate duplicates of fonts in an operating system font folder, overriding the system font. You can use the Activated Fonts, Auto-Activated Fonts, and Duplicate Fonts options under Smart Searches to identify duplicate and conflicting fonts. Deactivate the copies in Connect to allow macOS to use the system-supplied version.