Apple's Mac App Store Sandboxing Requirement Gaining Renewed Scrutiny as Deadline Approaches

Last November, we reported on Apple's plan to require all Mac App Store apps to be sandboxed, a move that would increase security by preventing apps from overstepping their bounds should they be affected by malware but which could hamper the functionality of certain apps. The requirement had been scheduled to go into effect in November but was pushed back to a March 1 implementation date as apparently sought to give developers more time to digest and prepare for the change.

sandboxing
With the implementation date now just a few weeks away, The Wall Street Journal again takes a look at the impact of the changes.

Sandboxing is fairly common in the mobile world, where Apple, Google Inc.'s Android and others have long required it as a safety measure to prevent an app from compromising other parts of the system. But some developers say sandboxing could cripple desktop software, which is often more sophisticated.

Mac developer Mark Munz, of Vancouver, Wash., says to comply with Apple's new rules, he has to remove key features of his text-reformatting app TextSoap that integrate with other programs.

As a workaround, he's working on a "helper app" that Mac App Store users could download separately to restore the extra functionality. "It sort of defeats the purpose of what sandboxing is about," says Mr. Munz, who is president of Unmarked Software LLC.

The report also cites Flexibits co-founder Kent Sutherland, whose Fantastical calendaring app would be subject to sandboxing limitations on its ability to sync and import data from other applications. Apple's position that it will allow access to certain features only on a "temporary" basis leaves developers such as Sutherland uncertain about whether their apps will be able to continue to function in the future.

Apple notes that it is continuing to work with developers to increase the security of their applications under the new sandboxing requirements, with a source noting that "most" apps will not require any changes to meet the new policy. But as we noted in our earlier report, a number of high-profile apps that provide systemwide functionality may have to jump through new hoops to obtain approval for their continued functionality, and developers report that they are still finding bugs in the sandboxing procedures that leave uncertainty about just what is going to happen come March 1.

Top Rated Comments

Fotek2001 Avatar
120 months ago
*shrug* just pull the apps that's not updated from the mac store. It's not like this was just sprung on developers.

You don't get it do you..? Sandboxing is currently a half baked idea riddled with bugs that makes it difficult, if not impossible to implement features that a lot of people consider essential to their apps.

Apps I use every day like Transmit from Panic and BBEdit from Barebones can't work to their full extent in a sandbox and are therefore blocked from the Mac App Store.

By way of an example, FTP apps are impossible under the sandboxing rules because apps can't browse the file system arbitrarily.
Score: 15 Votes (Like | Disagree)
Roessnakhan Avatar
120 months ago
At least it only applies to apps on the App Store and not just a general thing for the OS. If you want to install an app that runs no holds barred you still can, just not from the App Store. If there comes a day when that isn't the case is when I'll take issue.
Score: 11 Votes (Like | Disagree)
Fuzzi Avatar
120 months ago
all kind of window management applications (moom, bettersnaptool, optimal layout etc.) also are not sandboxable.

All kind of apps that need to send mouse movements or mouseclicks to the system are not sandboxable.

All kind of apps that need to control arbitrary applications in some way are not sandboxable.

All kind of apps that need to send keyboard shortcuts (e.g. for pasting text or s.th. like this) are not sandboxable.

Apps that make use of the media keys on the keyboard are not sandboxable (or will lose this functionality)

This list can be continued for quite a while... you see sandboxing will eliminate many applications from the Mac App Store. Especially utilities. Those apps probably won't be pulled from the store, but their old, possibly insecure versions will stay there and the developers won't be able to update them, even if they'd like to. Hundreds of thousands or even millions of users will be affected by this. Also Apple provides no way to migrate App Store customers to non - App Store versions.

Also the licenses only allow the use of iCloud for App Store apps like nuckinfutz said. This creates a real two class system and I think it'll hurt the mac platform...
Score: 9 Votes (Like | Disagree)
ScottishCaptain Avatar
120 months ago
Welcome to the iOSification of Mac OS X. It's like watching a bunch of lemmings get pushed off a cliff. Except they all honestly believe they're doing it out of choice and that it's the best thing for them.

I refuse to buy MAS applications.

Why?

Because restrictions such as this "sandboxing" that are really just half-assed implementations by Apple hurt applications more then they improve them. You can't seriously tell me with a straight face that I should accept limited and broken applications over their unhindered and free counterparts sold directly from the vendor.

There is NO REASON why Xcode shouldn't come with an "entitlements" editor that allows you to pick and chose what system resources you need and how. This should get baked into the *.app bundle, and when a developer submits an application to Apple, the reviewers can decide if the application really needs what the developer said it does and if not- they can further discuss the issues with the developer prior to approval (for example, there's no reason why a game would need access to everything in ~/, but a search utility might).

Really, there's a thousand different ways Apple could have gone about this. The above is just off the top of my head.

But no, they decide to lock everyone into a strict set of granular choices, most of which are so restricting they're virtually useless. Ring a bell with iOS multitasking anyone?

I'm sure I'll have hoards of people running to Apple's defence here saying that the limited and crippled entitlement system Apple is forcing on everyone is "for your own protection".

The truth here is that there is NO REASON why we can't have a Sandboxing implementation that works well, is secure, and can handle anything developers might need. Except for Apple's own laziness and arrogance regarding their own decisions these days.

-SC
Score: 8 Votes (Like | Disagree)
Fuzzi Avatar
120 months ago
@zorinlynx they do have different "entitlements" for different types of applications. The problem is, that there are too few entitlements to cover all usecases, and so many apps are not sandboxable with the current sandboxing technology. So the apple solution is to just not allow further updates for those apps which can't work with the few given entitlements .

Developers can file bugreports / feature requests but often you just get the answer that the technology you need for your application is theoretically able to workaround the purpose of the sandbox and so they won't allow it....
Score: 8 Votes (Like | Disagree)
rossip Avatar
120 months ago
There seems to be a lot of misunderstanding about what sandboxing really is. I recommend everyone read this article before complaining.

http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9#sandboxing
Score: 8 Votes (Like | Disagree)

Top Stories

Top Stories 57 Feature

Top Stories: Apple Event Next Tuesday, Mini-LED iPad Pro, iPhone Rumors

Saturday April 17, 2021 6:00 am PDT by
It feels like we've been waiting forever for new Apple products, but the wait is almost over as Apple has announced a media event for next Tuesday, so make sure to tune into MacRumors for full coverage of everything Apple announces. While that was the big news this week, we also got some new details on Apple's iPhone plans for 2022 and 2023 courtesy of analyst Ming-Chi Kuo, and we also saw...
flat imac 3d 3 teal

Reliable Leaker Hints Redesigned Colorful iMac to Debut at 'Spring Loaded' Event

Saturday April 17, 2021 4:43 am PDT by
Reliable leaker known as l0vetodream has hinted that Apple may debut its rumored redesigned and colorful iMac at its "Spring Loaded" event on Tuesday, April 20. In a tweet, the leaker posted an image of Apple's logo used for marketing the upcoming event and an image of the retro rainbow Apple logo alongside the colorful lineup of G3 iMacs. Apple leaker Jon Prosser previously reported that...
third gen Apple pencil leaked video

Video of Alleged Third-Generation Apple Pencil Leaks Ahead of Apple Event

Friday April 16, 2021 6:13 am PDT by
A video purporting to be of the third-generation Apple Pencil has today been shared online, showing a glossy finish that mirrors previous leaks. New ✏️ ready to 🚢 #AppleEvent @TommyBo50387266 pic.twitter.com/s4RCDwDi5M— 漢尼斯·拉斯納 🇨🇳 (@ileakeer) April 16, 2021 The brief video from Twitter account @ileakeer, spotted by 9to5Mac, shows an Apple Pencil with a glossy finish much like the...
important battery message iphone 11

Some iPhone 11 Users Seeing Increased Battery Health Percentages After iOS 14.5 Recalibration Process

Friday April 16, 2021 6:32 am PDT by
In the sixth beta of iOS 14.5, Apple introduced a recalibration process for the battery health reporting system on the iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max to address inaccurate battery health estimates for some users. Apple said this process might take a few weeks to be completed, and now that two weeks have passed since the sixth beta of iOS 14.5 was released, some users are...
duan rui iphone 12 13 notch

New Images Show Smaller iPhone 13 Notch Compared to iPhone 12

Saturday April 17, 2021 11:38 pm PDT by
Leaker known as "DuanRui" has shared more images that could give us our best look yet at Apple's redesigned notch for the iPhone 13. The new pictures follow similar images shared by the leaker last week, but the latest shots include a comparison with the existing iPhone 12 notch. DuanRui posted three images on Twitter that apparently originate from Weibo, although source details remain...
iphone 13 pro max cads eap

iPhone 13 Series CAD Leaks Reveal Larger Camera Dimensions

Friday April 16, 2021 1:53 am PDT by
Information and alleged CADs of the upcoming iPhone 13 series, shared in a video from EverythingApplePro, indicates that Apple plans to make this year's iPhone camera module significantly bigger, likely to make way for larger sensors and sensor-shift stabilization. According to the CADs shared in the video, the iPhone 13 mini, Pro, and Pro Max camera module will all be a "perfect square."...
maxresdefault

Hands-On With Anker's MagSafe-Compatible Battery Pack

Thursday April 15, 2021 9:39 am PDT by
Anker, a company known for its range of accessories designed for Apple products, recently came out with one of the first MagSafe-compatible battery packs, so we thought we'd check it out to see how it compares to a standard battery pack. Subscribe to the MacRumors YouTube channel for more videos. Design wise, Anker's power bank looks like a typical battery pack, but it has magnets built in...
apple event spring loaded

Apple's 'Spring Loaded' Event Officially Announced for Tuesday, April 20

Tuesday April 13, 2021 9:04 am PDT by
Following an overnight leak by Siri, Apple today officially announced that it will be holding a special "Spring Loaded" event on Tuesday, April 20 at 10:00 a.m. Pacific Time at the Steve Jobs Theater on the Apple Park campus in Cupertino, California. As with all of Apple's 2020 events, the April 2021 event will be a digital-only gathering with no members of the media invited to attend in...
iphone 12 120hz thumbnail feature

LTPO Displays Supporting 120Hz Refresh Rates Again Rumored for iPhone 13 Pro Models

Friday April 16, 2021 10:01 am PDT by
The two higher-end "iPhone 13 Pro" models that are coming in 2021 are expected to use LTPO display technology to enable 120Hz refresh rates, according to display analyst Ross Young. Young reaffirmed the detail in a tweet that said he'd heard rumors about only one model featuring LTPO, which he says is inaccurate. Heard some rumors in the industry and media that there would only be one ...
apple music

Apple Music Tops Spotify With One Cent Paid Per Stream

Friday April 16, 2021 6:44 am PDT by
In a letter slated to be shared with artists today through the Apple Music for Artists dashboard, obtained by The Wall Street Journal, Apple has reportedly revealed that it pays music rights holders one cent per song streamed on Apple Music. The report claims that Apple Music's payment structure is thus roughly double what Spotify pays music rights holders per stream, which averages to about ...