Apple's Mac App Store Sandboxing Requirement Gaining Renewed Scrutiny as Deadline Approaches

Last November, we reported on Apple's plan to require all Mac App Store apps to be sandboxed, a move that would increase security by preventing apps from overstepping their bounds should they be affected by malware but which could hamper the functionality of certain apps. The requirement had been scheduled to go into effect in November but was pushed back to a March 1 implementation date as apparently sought to give developers more time to digest and prepare for the change.

sandboxing
With the implementation date now just a few weeks away, The Wall Street Journal again takes a look at the impact of the changes.

Sandboxing is fairly common in the mobile world, where Apple, Google Inc.'s Android and others have long required it as a safety measure to prevent an app from compromising other parts of the system. But some developers say sandboxing could cripple desktop software, which is often more sophisticated.

Mac developer Mark Munz, of Vancouver, Wash., says to comply with Apple's new rules, he has to remove key features of his text-reformatting app TextSoap that integrate with other programs.

As a workaround, he's working on a "helper app" that Mac App Store users could download separately to restore the extra functionality. "It sort of defeats the purpose of what sandboxing is about," says Mr. Munz, who is president of Unmarked Software LLC.

The report also cites Flexibits co-founder Kent Sutherland, whose Fantastical calendaring app would be subject to sandboxing limitations on its ability to sync and import data from other applications. Apple's position that it will allow access to certain features only on a "temporary" basis leaves developers such as Sutherland uncertain about whether their apps will be able to continue to function in the future.

Apple notes that it is continuing to work with developers to increase the security of their applications under the new sandboxing requirements, with a source noting that "most" apps will not require any changes to meet the new policy. But as we noted in our earlier report, a number of high-profile apps that provide systemwide functionality may have to jump through new hoops to obtain approval for their continued functionality, and developers report that they are still finding bugs in the sandboxing procedures that leave uncertainty about just what is going to happen come March 1.

Popular Stories

iPhone 17 Pro Lower Logo Feature 1

iPhone 17 Pro Coming Soon With These 14 New Features

Monday June 30, 2025 1:08 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are less than three months away, and there are plenty of rumors about the devices. Apple is expected to launch the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max in September this year. Below, we recap key changes rumored for the iPhone 17 Pro models:Aluminum frame: iPhone 17 Pro models are rumored to have an...
Apple Watch Ultra Night Mode Screen

Apple Watch Ultra 3 Launching Later This Year With Two Key Upgrades

Wednesday July 2, 2025 1:13 pm PDT by
The long wait for an Apple Watch Ultra 3 appears to be nearly over, and it is rumored to feature both satellite connectivity and 5G support. Apple Watch Ultra's existing Night Mode In his latest Power On newsletter, Bloomberg's Mark Gurman said that the Apple Watch Ultra 3 is on track to launch this year with "significant" new features, including satellite connectivity, which would let you...
iPhone 17 Pro Lower Logo Magsafe

iPhone 17 Pro's New MagSafe Design Revealed in Leaked Photo

Wednesday July 2, 2025 8:37 am PDT by
The upcoming iPhone 17 Pro and iPhone 17 Pro Max are rumored to have a slightly different MagSafe magnet layout compared to existing iPhone models, and a leaked photo has offered a closer look at the supposed new design. The leaker Majin Bu today shared a photo of alleged MagSafe magnet arrays for third-party iPhone 17 Pro cases. On existing iPhone models with MagSafe, the magnets form a...
A18 Pro Chip

New MacBook With A18 Pro Chip Spotted in Apple Code

Monday June 30, 2025 8:05 am PDT by
Apple is developing a MacBook with the A18 Pro chip, according to findings in backend code uncovered by MacRumors. Earlier today, Apple analyst Ming-Chi Kuo reported that Apple is planning to launch a low-cost MacBook powered by an iPhone chip. The machine is expected to feature a 13-inch display, the A18 Pro chip, and color options that include silver, blue, pink, and yellow. MacRumors...
Wi Fi WiFi General Feature

iOS 26 Adds a Useful New Wi-Fi Feature to Your iPhone

Wednesday July 2, 2025 6:36 am PDT by
iOS 26 and iPadOS 26 add a smaller yet useful Wi-Fi feature to iPhones and iPads. As spotted by Creative Strategies analyst Max Weinbach, sign-in details for captive Wi-Fi networks are now synced across iPhones and iPads running iOS 26 and iPadOS 26. For example, while Weinbach was staying at a Hilton hotel, his iPhone prompted him to fill in Wi-Fi details from his iPad that was already...
macbook air spacegray purple

Apple Planning to Launch Low-Cost MacBook Powered By iPhone Chip

Monday June 30, 2025 3:20 am PDT by
Apple is planning to launch a low-cost MacBook powered by an iPhone chip, according to Apple analyst Ming-Chi Kuo. In an article published on X, Kuo explained that the device will feature a 13-inch display and the A18 Pro chip, making it the first Mac powered by an iPhone chip. The A18 Pro chip debuted in the iPhone 16 Pro last year. To date, all Apple silicon Macs have contained M-series...
iOS 18

Apple Releases Second iOS 18.6 Public Beta

Tuesday July 1, 2025 10:19 am PDT by
Apple today seeded the second betas of upcoming iOS 18.6 and iPadOS 18.6 updates to public beta testers, with the betas coming just a day after Apple provided the betas to developers. Apple has also released a second beta of macOS Sequoia 15.6. Testers who have signed up for beta updates through Apple's beta site can download iOS 18.6 and iPadOS 18.6 from the Settings app on a compatible...
maxresdefault

Five Features Coming to AirPods Pro 3

Friday June 27, 2025 10:52 am PDT by
Apple hasn't updated the AirPods Pro since 2022, and the earbuds are due for a refresh. We're counting on a new model this year, and we've seen several hints of new AirPods tucked away in Apple's code. Rumors suggest that Apple has some exciting new features planned that will make it worthwhile to upgrade to the latest model. Subscribe to the MacRumors YouTube channel for more videos. Heal...
replay all time playlist apple music

Apple Music Debuts All-New Personalized Playlist

Monday June 30, 2025 7:16 am PDT by
As part of its 10-year celebrations of Apple Music, Apple today released an all-new personalized playlist that collates your entire listening history. The playlist, called "Replay All Time," expands on Apple Music's existing Replay features. Previously, users could only see their top songs for each individual calendar year that they've been subscribed to Apple Music, but now, Replay All...

Top Rated Comments

Fotek2001 Avatar
175 months ago
*shrug* just pull the apps that's not updated from the mac store. It's not like this was just sprung on developers.

You don't get it do you..? Sandboxing is currently a half baked idea riddled with bugs that makes it difficult, if not impossible to implement features that a lot of people consider essential to their apps.

Apps I use every day like Transmit from Panic and BBEdit from Barebones can't work to their full extent in a sandbox and are therefore blocked from the Mac App Store.

By way of an example, FTP apps are impossible under the sandboxing rules because apps can't browse the file system arbitrarily.
Score: 15 Votes (Like | Disagree)
Roessnakhan Avatar
175 months ago
At least it only applies to apps on the App Store and not just a general thing for the OS. If you want to install an app that runs no holds barred you still can, just not from the App Store. If there comes a day when that isn't the case is when I'll take issue.
Score: 11 Votes (Like | Disagree)
Fuzzi Avatar
175 months ago
all kind of window management applications (moom, bettersnaptool, optimal layout etc.) also are not sandboxable.

All kind of apps that need to send mouse movements or mouseclicks to the system are not sandboxable.

All kind of apps that need to control arbitrary applications in some way are not sandboxable.

All kind of apps that need to send keyboard shortcuts (e.g. for pasting text or s.th. like this) are not sandboxable.

Apps that make use of the media keys on the keyboard are not sandboxable (or will lose this functionality)

This list can be continued for quite a while... you see sandboxing will eliminate many applications from the Mac App Store. Especially utilities. Those apps probably won't be pulled from the store, but their old, possibly insecure versions will stay there and the developers won't be able to update them, even if they'd like to. Hundreds of thousands or even millions of users will be affected by this. Also Apple provides no way to migrate App Store customers to non - App Store versions.

Also the licenses only allow the use of iCloud for App Store apps like nuckinfutz said. This creates a real two class system and I think it'll hurt the mac platform...
Score: 9 Votes (Like | Disagree)
ScottishCaptain Avatar
175 months ago
Welcome to the iOSification of Mac OS X. It's like watching a bunch of lemmings get pushed off a cliff. Except they all honestly believe they're doing it out of choice and that it's the best thing for them.

I refuse to buy MAS applications.

Why?

Because restrictions such as this "sandboxing" that are really just half-assed implementations by Apple hurt applications more then they improve them. You can't seriously tell me with a straight face that I should accept limited and broken applications over their unhindered and free counterparts sold directly from the vendor.

There is NO REASON why Xcode shouldn't come with an "entitlements" editor that allows you to pick and chose what system resources you need and how. This should get baked into the *.app bundle, and when a developer submits an application to Apple, the reviewers can decide if the application really needs what the developer said it does and if not- they can further discuss the issues with the developer prior to approval (for example, there's no reason why a game would need access to everything in ~/, but a search utility might).

Really, there's a thousand different ways Apple could have gone about this. The above is just off the top of my head.

But no, they decide to lock everyone into a strict set of granular choices, most of which are so restricting they're virtually useless. Ring a bell with iOS multitasking anyone?

I'm sure I'll have hoards of people running to Apple's defence here saying that the limited and crippled entitlement system Apple is forcing on everyone is "for your own protection".

The truth here is that there is NO REASON why we can't have a Sandboxing implementation that works well, is secure, and can handle anything developers might need. Except for Apple's own laziness and arrogance regarding their own decisions these days.

-SC
Score: 8 Votes (Like | Disagree)
Fuzzi Avatar
175 months ago
@zorinlynx they do have different "entitlements" for different types of applications. The problem is, that there are too few entitlements to cover all usecases, and so many apps are not sandboxable with the current sandboxing technology. So the apple solution is to just not allow further updates for those apps which can't work with the few given entitlements .

Developers can file bugreports / feature requests but often you just get the answer that the technology you need for your application is theoretically able to workaround the purpose of the sandbox and so they won't allow it....
Score: 8 Votes (Like | Disagree)
rossip Avatar
175 months ago
There seems to be a lot of misunderstanding about what sandboxing really is. I recommend everyone read this article before complaining.

http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9#sandboxing
Score: 8 Votes (Like | Disagree)