Apple's Mac App Store Sandboxing Requirement Gaining Renewed Scrutiny as Deadline Approaches

*shrug* just pull the apps that's not updated from the mac store. It's not like this was just sprung on developers.

You don't get it do you..? Sandboxing is currently a half baked idea riddled with bugs that makes it difficult, if not impossible to implement features that a lot of people consider essential to their apps.

Apps I use every day like Transmit from Panic and BBEdit from Barebones can't work to their full extent in a sandbox and are therefore blocked from the Mac App Store.

By way of an example, FTP apps are impossible under the sandboxing rules because apps can't browse the file system arbitrarily.

At least it only applies to apps on the App Store and not just a general thing for the OS. If you want to install an app that runs no holds barred you still can, just not from the App Store. If there comes a day when that isn't the case is when I'll take issue.

all kind of window management applications (moom, bettersnaptool, optimal layout etc.) also are not sandboxable.

All kind of apps that need to send mouse movements or mouseclicks to the system are not sandboxable.

All kind of apps that need to control arbitrary applications in some way are not sandboxable.

All kind of apps that need to send keyboard shortcuts (e.g. for pasting text or s.th. like this) are not sandboxable.

Apps that make use of the media keys on the keyboard are not sandboxable (or will lose this functionality)

This list can be continued for quite a while... you see sandboxing will eliminate many applications from the Mac App Store. Especially utilities. Those apps probably won't be pulled from the store, but their old, possibly insecure versions will stay there and the developers won't be able to update them, even if they'd like to. Hundreds of thousands or even millions of users will be affected by this. Also Apple provides no way to migrate App Store customers to non - App Store versions.

Also the licenses only allow the use of iCloud for App Store apps like nuckinfutz said. This creates a real two class system and I think it'll hurt the mac platform...

:rolleyes:
http://www.barebones.com/support/bbedit/auth-saves.html
http://www.barebones.com/support/bbedit/cmd-line-tools.html
Yeah, broken. In other news, the sky is falling.

That is nice. I go to the MAS, and then i must download additional software for complete functionality. A true all in one software shop. Yeah, really!

so for my part, i'm leaving the iPhone completely and going android.

.

Stopped reading here. Nothing informative is going to come afterwards..that is a given.
---------------------


Sandboxing is about security. At this point it makes better sense to be conservative and then find safer ways to do inter-application security.

Consumers understand this. Many came from Windows where they had to deal with virus multiple times. Any mention of security to them is a positive.

@zorinlynx they do have different "entitlements" for different types of applications. The problem is, that there are too few entitlements to cover all usecases, and so many apps are not sandboxable with the current sandboxing technology. So the apple solution is to just not allow further updates for those apps which can't work with the few given entitlements .

Developers can file bugreports / feature requests but often you just get the answer that the technology you need for your application is theoretically able to workaround the purpose of the sandbox and so they won't allow it....

There seems to be a lot of misunderstanding about what sandboxing really is. I recommend everyone read this article before complaining.

http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9#sandboxing

Welcome to the iOSification of Mac OS X. It's like watching a bunch of lemmings get pushed off a cliff. Except they all honestly believe they're doing it out of choice and that it's the best thing for them.

I refuse to buy MAS applications.

Why?

Because restrictions such as this "sandboxing" that are really just half-assed implementations by Apple hurt applications more then they improve them. You can't seriously tell me with a straight face that I should accept limited and broken applications over their unhindered and free counterparts sold directly from the vendor.

There is NO REASON why Xcode shouldn't come with an "entitlements" editor that allows you to pick and chose what system resources you need and how. This should get baked into the *.app bundle, and when a developer submits an application to Apple, the reviewers can decide if the application really needs what the developer said it does and if not- they can further discuss the issues with the developer prior to approval (for example, there's no reason why a game would need access to everything in ~/, but a search utility might).

Really, there's a thousand different ways Apple could have gone about this. The above is just off the top of my head.

But no, they decide to lock everyone into a strict set of granular choices, most of which are so restricting they're virtually useless. Ring a bell with iOS multitasking anyone?

I'm sure I'll have hoards of people running to Apple's defence here saying that the limited and crippled entitlement system Apple is forcing on everyone is "for your own protection".

The truth here is that there is NO REASON why we can't have a Sandboxing implementation that works well, is secure, and can handle anything developers might need. Except for Apple's own laziness and arrogance regarding their own decisions these days.

-SC

They are granting exceptions so I don't know that it is a big deal. You always have the choice to distribute it outside the store. This is just Apple's way to address these integration problems in a way that is less fragile. In the log run it will help OS X evolve without breaking software compatibility.

They don't grant exceptions. They just worded this nicely so that users won't complain. In reality you can't get any exception, it's pretty much "sandbox or leave the store".
What they grant is "entitlements" from a very limited list of available entitlements. See my last post whats the problem with those.

Security comes at the price of flexibility. Always. Too much security and flexibility suffers. Too much flexibility and security suffers. Swing the pendulum either way too far and you've got problems.

Is mandatory sandboxing really needed ? Oh well, there's always Linux to go back to if Apple ever manages to screw up OS X too badly.