Sandboxing is intended to protect Mac users from malware and poorly designed apps. I think it will accomplish some of these goals, but with a high price.
I would like a control in the preferences app to allow App Store apps to override core OS functionality and escape some of the sandboxing rules. Let’s call it “geek-mode” for now. Geek-mode should take effort to find. Geek-mode should require a password. If geek-mode is off, the App Store should not show apps that require it.
In my view, there should be entitlements available for everything that apps want to do. This would allow every app to be sandboxed, but apps would be prevented from doing things they aren’t supposed to be doing. Then, because every app comes with its list of entitlements, it would be possible for the system or the store to make the user opt-in to access apps that are potentially dangerous or confusing.