[marquis]

I was of the understanding that the sandboxed app needed permission to access certain files that weren't created by them, I'll read the documentation more thoroughly. Perhaps a better example are apps that scan you drive to tell you what your file system is full off (to free up space for example). This type of thing is extremely useful, and would seem to violate the sandbox idea?

[scott_s]

My understanding is that it's not permission from the user, but permission from Apple. If you need to do something outside of the sandbox, you need to go through their API calls. And when you submit your application, you need to justify each out-of-sandbox-API call you make.