[wlesieutre]

I assume that's what happened here. The app says "I need permission for your home directory" and the user selects the home directory from a file picker, giving access to everything in it.

DaisyDisk's App Store version has similar sandboxing limitations and a similar workaround. It's an app designed to scan your whole hard drive and show you how your space is used, but by default it doesn't have permission to access the drive at all. So to run the first scan you have to indicate to the OS that you want the application to be able to read your hard drive, IIRC by dragging and dropping the volume onto DaisyDisk.

For an antimalware app, of course users are going to grant it permissions. There's no point in buying that if you're going to keep it in a sandbox where it can't look at your system.

[scarface74]

I would expect something more like iOS. Where you can only choose a file not a folder.

True that will limit what types of apps can be distributed on the Mac App Store. But I am okay with that. On the Mac, they can distribute their app outside the store. I would love to be able to tell my mom. Don’t trust any app outside of the store and make it hard to download outside of the store.

[macintux]

That's pretty close to what they have today. Apple started enforcing sandbox restrictions in apps distributed via the Mac App Store, and opening an app downloaded directly from the web takes more effort than it used to.