Why are there so many copies of my Downloads directory in ~/Library?

Question

I was recently playing around with the command line utility fzf, when I discovered that direct copies of my downloads directory exist several times across the data in the apps after ~/Library/Containers. Is this intended behavior? If not, what can I do not make sure this doesn't happen and doesn't waste space. On top of this, why are all these arbitrary apps allowed access to all my personal data? This sincerely worries me.

Thanks to all.

P.S. if there is any extra information you need, please feel free to ask.

EDIT: with more investigation, it appears it is not just my Downloads directory, but everything superseding my home directory; this makes the issue 10 times more important.

EDIT 2: after looking at it some more, it seems as if Desktop and Downloads are there as Symlinks, but why are all these apps allowed to access this data?

Answer 1

The purpose of ~/Library/Containers is to provide what amount to virtualized home directories for sandboxed applications. When a sandboxed application "asks for" the user's home directory (via NSHomeDirectory), it is given the path to its container directory. These features do not allow sandboxed apps to access the data in these directories, nor do they occupy (more than a trivial amount of) additional storage. (In fact, to the former point, this feature is designed to restrict apps' access to your data; to the latter, the "duplicate folders" are just symbolic links, which function as references back to the actual directories they represent.)

An application that is sandboxed may only read from and write to locations that are subdirectories of its own container. The symlinked folders in each Container (e.g., Downloads and Documents) are not accessible by default to sandboxed apps. Sandboxed apps can only access external file system locations if explicitly granted access to them through an NSOpenPanel or NSSavePanel (one of the pop-up dialogs that asks you to select a file to open or a location to which to save a file) via the Powerbox API (this is the model used by document-based applications—for instance, this lets you save and open documents that you edit with a sandboxed text editor in your Documents folder). In fact, apps that don't use App Sandbox (and thus don't have a container directory) can access virtually any file within your home directory (although there will be some further restrictions implemented in macOS Mojave), whereas those that do use App Sandbox (i.e., those that are given a container) cannot. Also, it's worth noting that all apps on the Mac App Store are required to use App Sandbox.

In summary: yes, those "replicated home folders" are supposed to be there—that is intended behavior; no, they are not consuming any meaningfully significant amount of extra disk space; and the feature that causes these folders to appear is actually preventing these apps from accessing your personal data, not enabling them to.

Further reading:

• Another Ask Different thread about ~/Library/Containers
• Apple's developer documentation about app sandboxing and pseudo-home directories