Apple has "App Sandbox" and an entitlement system on the Mac: https://developer.apple.com/documentation/security/app-sandb... It's "baked in" and doesn't require containers.

Isn’t this only enforced for Mac App Store apps?

	▲	icedchai 2 days ago \| parent \| next [-]
		I've read that apps outside of the Mac App Store can use it. I think they have to be signed / notarized.
	▲	robenkleene 2 days ago \| parent \| prev [-]
		I want to just say "yes, obviously". But "obviously" is carrying a lot of weight there. For a TLDR: I think Apple has already gone too far in prioritizing security over the priorities of multimedia editors (e.g., https://insydium.ltd/support-home/manuals/x-particles-video-...). But something like the After Effects plugin ecosystem I don't think could ever be sandboxed. So it makes sense to have sandboxing conditional based on certain criteria, e.g., the Mac App Store. But even there I'm not sure it makes sense, I suspect we'll never see a Mac-first tier 1 new creative application like Sketch (https://en.m.wikipedia.org/wiki/Sketch_(software)), purely because it's to detrimental to the priorities of that kind of app.