Apple's Mac App Store Sandboxing Requirement Gaining Renewed Scrutiny as Deadline Approaches
Last November, we reported on Apple's plan to require all Mac App Store apps to be sandboxed, a move that would increase security by preventing apps from overstepping their bounds should they be affected by malware but which could hamper the functionality of certain apps. The requirement had been scheduled to go into effect in November but was pushed back to a March 1 implementation date as apparently sought to give developers more time to digest and prepare for the change.
With the implementation date now just a few weeks away, The Wall Street Journal again takes a look at the impact of the changes.
Apple notes that it is continuing to work with developers to increase the security of their applications under the new sandboxing requirements, with a source noting that "most" apps will not require any changes to meet the new policy. But as we noted in our earlier report, a number of high-profile apps that provide systemwide functionality may have to jump through new hoops to obtain approval for their continued functionality, and developers report that they are still finding bugs in the sandboxing procedures that leave uncertainty about just what is going to happen come March 1.
With the implementation date now just a few weeks away, The Wall Street Journal again takes a look at the impact of the changes.
Sandboxing is fairly common in the mobile world, where Apple, Google Inc.'s Android and others have long required it as a safety measure to prevent an app from compromising other parts of the system. But some developers say sandboxing could cripple desktop software, which is often more sophisticated.The report also cites Flexibits co-founder Kent Sutherland, whose Fantastical calendaring app would be subject to sandboxing limitations on its ability to sync and import data from other applications. Apple's position that it will allow access to certain features only on a "temporary" basis leaves developers such as Sutherland uncertain about whether their apps will be able to continue to function in the future.
Mac developer Mark Munz, of Vancouver, Wash., says to comply with Apple's new rules, he has to remove key features of his text-reformatting app TextSoap that integrate with other programs.
As a workaround, he's working on a "helper app" that Mac App Store users could download separately to restore the extra functionality. "It sort of defeats the purpose of what sandboxing is about," says Mr. Munz, who is president of Unmarked Software LLC.
Apple notes that it is continuing to work with developers to increase the security of their applications under the new sandboxing requirements, with a source noting that "most" apps will not require any changes to meet the new policy. But as we noted in our earlier report, a number of high-profile apps that provide systemwide functionality may have to jump through new hoops to obtain approval for their continued functionality, and developers report that they are still finding bugs in the sandboxing procedures that leave uncertainty about just what is going to happen come March 1.
[ 137 comments ]
Top Rated Comments
(View all)
27 months ago
*shrug* just pull the apps that's not updated from the mac store. It's not like this was just sprung on developers.
You don't get it do you..? Sandboxing is currently a half baked idea riddled with bugs that makes it difficult, if not impossible to implement features that a lot of people consider essential to their apps.
Apps I use every day like Transmit from Panic and BBEdit from Barebones can't work to their full extent in a sandbox and are therefore blocked from the Mac App Store.
By way of an example, FTP apps are impossible under the sandboxing rules because apps can't browse the file system arbitrarily.
27 months ago
ok - so grab your tinfoil hats everyone, the conspiracy theorist has arrived...
If all of us walked into a bog box store and bought a brand new computer, and suddenly as we were checking out the sales person says "oh .. by the way... the only software this runs is from the manufacturer, you have to go to their store to get it" we'd all walk out (or laugh... or both).
but when apple says "the only software you can have is what we put on our app store" as it relates to mobile phones we say "ok!".
so for my part, i'm leaving the iPhone completely and going android.
However, for desktop computers, i don't have the same luxury. And now that apple has its hands all over mac apps in their app store, it's already killing my productivity.
I can't believe people are putting up with this sandboxing bulls**t and not complaining. Are you f'n kidding me?!
Here at our studio we use an app called Wiretap Anywehre from Ambrosia software. It's an absolutely essential app for us for the radio show we produce so that we can route audio from any app to any other app. We've been using it for years without issue.
When lion was introduced it suddenly stopped working properly. We could not longer pick the app we wanted to route from and to - so now if we want to record audio we can record ALL system audio, or none.
Why? Because of sandboxing. They hadn't updated their app and they could have gotten around it and fixed it but when i called to find out why a fix was taking so long the answer was "because there isn't' one coming". when i asked why they said it was because of the new app store requirements around sand boxing. So I said "so don't put it on the store, just distribute online". and the guy .. literally said "look.. we want to stay in business, and if we don't put our stuff in the app store apple has made it clear they will not take our other apps".
are you f'n kidding me...
i tried to warn everyone about giving apple this kind of power....
Dear God... there needs to be a new competitor in the desktop space like android is in the handheld space.. we need something that's not windows, and not mac.
If all of us walked into a bog box store and bought a brand new computer, and suddenly as we were checking out the sales person says "oh .. by the way... the only software this runs is from the manufacturer, you have to go to their store to get it" we'd all walk out (or laugh... or both).
but when apple says "the only software you can have is what we put on our app store" as it relates to mobile phones we say "ok!".
so for my part, i'm leaving the iPhone completely and going android.
However, for desktop computers, i don't have the same luxury. And now that apple has its hands all over mac apps in their app store, it's already killing my productivity.
I can't believe people are putting up with this sandboxing bulls**t and not complaining. Are you f'n kidding me?!
Here at our studio we use an app called Wiretap Anywehre from Ambrosia software. It's an absolutely essential app for us for the radio show we produce so that we can route audio from any app to any other app. We've been using it for years without issue.
When lion was introduced it suddenly stopped working properly. We could not longer pick the app we wanted to route from and to - so now if we want to record audio we can record ALL system audio, or none.
Why? Because of sandboxing. They hadn't updated their app and they could have gotten around it and fixed it but when i called to find out why a fix was taking so long the answer was "because there isn't' one coming". when i asked why they said it was because of the new app store requirements around sand boxing. So I said "so don't put it on the store, just distribute online". and the guy .. literally said "look.. we want to stay in business, and if we don't put our stuff in the app store apple has made it clear they will not take our other apps".
are you f'n kidding me...
i tried to warn everyone about giving apple this kind of power....
Dear God... there needs to be a new competitor in the desktop space like android is in the handheld space.. we need something that's not windows, and not mac.
27 months ago
so for my part, i'm leaving the iPhone completely and going android.
.
Stopped reading here. Nothing informative is going to come afterwards..that is a given.
---------------------
Sandboxing is about security. At this point it makes better sense to be conservative and then find safer ways to do inter-application security.
Consumers understand this. Many came from Windows where they had to deal with virus multiple times. Any mention of security to them is a positive.
27 months ago
At least it only applies to apps on the App Store and not just a general thing for the OS. If you want to install an app that runs no holds barred you still can, just not from the App Store. If there comes a day when that isn't the case is when I'll take issue.
27 months ago
all kind of window management applications (moom, bettersnaptool, optimal layout etc.) also are not sandboxable.
All kind of apps that need to send mouse movements or mouseclicks to the system are not sandboxable.
All kind of apps that need to control arbitrary applications in some way are not sandboxable.
All kind of apps that need to send keyboard shortcuts (e.g. for pasting text or s.th. like this) are not sandboxable.
Apps that make use of the media keys on the keyboard are not sandboxable (or will lose this functionality)
This list can be continued for quite a while... you see sandboxing will eliminate many applications from the Mac App Store. Especially utilities. Those apps probably won't be pulled from the store, but their old, possibly insecure versions will stay there and the developers won't be able to update them, even if they'd like to. Hundreds of thousands or even millions of users will be affected by this. Also Apple provides no way to migrate App Store customers to non - App Store versions.
Also the licenses only allow the use of iCloud for App Store apps like nuckinfutz said. This creates a real two class system and I think it'll hurt the mac platform...
All kind of apps that need to send mouse movements or mouseclicks to the system are not sandboxable.
All kind of apps that need to control arbitrary applications in some way are not sandboxable.
All kind of apps that need to send keyboard shortcuts (e.g. for pasting text or s.th. like this) are not sandboxable.
Apps that make use of the media keys on the keyboard are not sandboxable (or will lose this functionality)
This list can be continued for quite a while... you see sandboxing will eliminate many applications from the Mac App Store. Especially utilities. Those apps probably won't be pulled from the store, but their old, possibly insecure versions will stay there and the developers won't be able to update them, even if they'd like to. Hundreds of thousands or even millions of users will be affected by this. Also Apple provides no way to migrate App Store customers to non - App Store versions.
Also the licenses only allow the use of iCloud for App Store apps like nuckinfutz said. This creates a real two class system and I think it'll hurt the mac platform...
27 months ago
:rolleyes:
http://www.barebones.com/support/bbedit/auth-saves.html
http://www.barebones.com/support/bbedit/cmd-line-tools.html
Yeah, broken. In other news, the sky is falling.
27 months ago
Welcome to the iOSification of Mac OS X. It's like watching a bunch of lemmings get pushed off a cliff. Except they all honestly believe they're doing it out of choice and that it's the best thing for them.
I refuse to buy MAS applications.
Why?
Because restrictions such as this "sandboxing" that are really just half-assed implementations by Apple hurt applications more then they improve them. You can't seriously tell me with a straight face that I should accept limited and broken applications over their unhindered and free counterparts sold directly from the vendor.
There is NO REASON why Xcode shouldn't come with an "entitlements" editor that allows you to pick and chose what system resources you need and how. This should get baked into the *.app bundle, and when a developer submits an application to Apple, the reviewers can decide if the application really needs what the developer said it does and if not- they can further discuss the issues with the developer prior to approval (for example, there's no reason why a game would need access to everything in ~/, but a search utility might).
Really, there's a thousand different ways Apple could have gone about this. The above is just off the top of my head.
But no, they decide to lock everyone into a strict set of granular choices, most of which are so restricting they're virtually useless. Ring a bell with iOS multitasking anyone?
I'm sure I'll have hoards of people running to Apple's defence here saying that the limited and crippled entitlement system Apple is forcing on everyone is "for your own protection".
The truth here is that there is NO REASON why we can't have a Sandboxing implementation that works well, is secure, and can handle anything developers might need. Except for Apple's own laziness and arrogance regarding their own decisions these days.
-SC
I refuse to buy MAS applications.
Why?
Because restrictions such as this "sandboxing" that are really just half-assed implementations by Apple hurt applications more then they improve them. You can't seriously tell me with a straight face that I should accept limited and broken applications over their unhindered and free counterparts sold directly from the vendor.
There is NO REASON why Xcode shouldn't come with an "entitlements" editor that allows you to pick and chose what system resources you need and how. This should get baked into the *.app bundle, and when a developer submits an application to Apple, the reviewers can decide if the application really needs what the developer said it does and if not- they can further discuss the issues with the developer prior to approval (for example, there's no reason why a game would need access to everything in ~/, but a search utility might).
Really, there's a thousand different ways Apple could have gone about this. The above is just off the top of my head.
But no, they decide to lock everyone into a strict set of granular choices, most of which are so restricting they're virtually useless. Ring a bell with iOS multitasking anyone?
I'm sure I'll have hoards of people running to Apple's defence here saying that the limited and crippled entitlement system Apple is forcing on everyone is "for your own protection".
The truth here is that there is NO REASON why we can't have a Sandboxing implementation that works well, is secure, and can handle anything developers might need. Except for Apple's own laziness and arrogance regarding their own decisions these days.
-SC
27 months ago
I do not need a sandbox. I'm not a kid. Or who needs limited functionality?
that is a brilliant quote - so succinct,and so accurate - yet so much to it.
this describes the entire apple experience.
you will get great interoperability and wonderful design... as long as you don't mind giving up all your freedom and doing everything apple's way.. in the little sandbox they create for you.
so stupid... can't wait till i can get away from this crap
27 months ago
There seems to be a lot of misunderstanding about what sandboxing really is. I recommend everyone read this article before complaining.
http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9#sandboxing
http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9#sandboxing
27 months ago
I don't see this as a good move by Apple. Every app that rolls through the App Store's doors is checked and verified by some sort of team. Obviously, there have been incidents with a few applications that don't comply to Apple's rules. But, the vast majority of apps are legit. By requiring that all App Store apps be sandboxed is hurting the consumer. Some apps need a little bit more power over the operating system to work correctly. I, for one, am not happy about this move by Apple. I think it only validates the idea that they are control freaks with a locked-down system.
[ Read All Comments ]
AT&T will launch a new single-line data plan for smartphone customers on Sunday, bringing it more in-line with the lower-cost family plans that launched at the beginning of February.
The new...
T-Mobile today announced that it was altering its existing Simple Choice plans, adding more data, a new pricing tier and no-added-cost international texting from the United States.
Simple Choice...
The SlatePro TechDesk is a new Kickstarter project featuring a desk that has been designed with built-in docks and cutouts to accommodate several different Apple devices. It comes with multiple...
Jawbone today updated its UP app to version 3.1, adding several new features to improve its Jawbone UP fitness band. Multiple enhancements have been made to sleep tracking, with the app including...
Israeli Prime Minister Benjamin Netanyahu met with Apple CEO Tim Cook for lunch yesterday at Apple HQ in Cupertino, California.
Netanyahu is traveling through the United States for the American...
Shares of video and pixel processing company Pixelworks have climbed over 40 percent after the company revealed a strategic relationship with Apple that contributed significantly to the company's...
In the time of the first Apple v. Samsung trial in 2011, Apple requested an injunction to prevent Samsung from selling its Galaxy line of smartphones and tablets within the United States. Apple...
Science and technology company Azoi has unveiled the Wello health monitoring case for the iPhone 4S, iPhone 5 and iPhont 5s, allowing users to track various human metrics such as blood pressure,...
