Apple's Mac App Store Sandboxing Requirement Gaining Renewed Scrutiny as Deadline Approaches
Last November, we reported on Apple's plan to require all Mac App Store apps to be sandboxed, a move that would increase security by preventing apps from overstepping their bounds should they be affected by malware but which could hamper the functionality of certain apps. The requirement had been scheduled to go into effect in November but was pushed back to a March 1 implementation date as apparently sought to give developers more time to digest and prepare for the change.
With the implementation date now just a few weeks away, The Wall Street Journal again takes a look at the impact of the changes.
Sandboxing is fairly common in the mobile world, where Apple, Google Inc.'s Android and others have long required it as a safety measure to prevent an app from compromising other parts of the system. But some developers say sandboxing could cripple desktop software, which is often more sophisticated.
Mac developer Mark Munz, of Vancouver, Wash., says to comply with Apple's new rules, he has to remove key features of his text-reformatting app TextSoap that integrate with other programs.
As a workaround, he's working on a "helper app" that Mac App Store users could download separately to restore the extra functionality. "It sort of defeats the purpose of what sandboxing is about," says Mr. Munz, who is president of Unmarked Software LLC.
The report also cites Flexibits co-founder Kent Sutherland, whose Fantastical calendaring app would be subject to sandboxing limitations on its ability to sync and import data from other applications. Apple's position that it will allow access to certain features only on a "temporary" basis leaves developers such as Sutherland uncertain about whether their apps will be able to continue to function in the future.
Apple notes that it is continuing to work with developers to increase the security of their applications under the new sandboxing requirements, with a source noting that "most" apps will not require any changes to meet the new policy. But as we noted in our earlier report, a number of high-profile apps that provide systemwide functionality may have to jump through new hoops to obtain approval for their continued functionality, and developers report that they are still finding bugs in the sandboxing procedures that leave uncertainty about just what is going to happen come March 1.
Popular Stories
Apple today released iOS 16.0.2, addressing a number of bugs that iPhone 14 owners have been experiencing since the new devices launched. iOS 16.0.2 comes two weeks after the launch of iOS 16, and it follows iOS 16.0.1, an update made available to iPhone 14 owners on launch day. The update is available for all iPhones that are capable of running iOS 16. The iOS 16.0.2 update can be...
Wednesday September 21, 2022 7:49 am PDT by
Juli CloverApple on Friday released the new iPhone 14 models, and MacRumors videographer Dan picked one up on launch day. He's been using the iPhone 14 Pro Max non-stop since it came out, and over on the MacRumors YouTube channel, has shared his initial thoughts on the day-to-day experience with the latest iPhone.
Subscribe to the MacRumors YouTube channel for more videos. Dan's mini review highlights...
Wednesday September 21, 2022 1:36 am PDT by
Sami FathiRumors suggest Apple will announce new 11-inch and 12.9-inch iPad Pro models as soon as next month. The new iPads will be the first update to the iPad Pro series since April 2021 and will be an overall incremental upgrade that brings new capabilities and functionality to the highest-end iPad.
According to reports, Apple is planning an event for October to announce the new iPad Pro models, a...
Wednesday September 21, 2022 4:25 am PDT by
Sami FathiIt's been nine days since Apple released iOS 16 to the public, bringing major changes to the Lock Screen, Messages, Maps, and more. In the days following the release, some users have encountered several issues on their iPhones, ranging from slow system performance to battery drain.
In the past few days, iPhone 14 Pro users have shared specific bugs related to Apple's latest high-end iPhones, ...
Thursday September 22, 2022 7:57 am PDT by
Sami FathiA copycat version of the iPhone 14 Pro's Dynamic Island has arrived on Android's Google Play Store in the form of an app called "dynamicSpot."
The app, still in beta, offers customers several different experiences at the top of their smartphones. In its current form, dynamicSpot offers playback control for songs, timers, battery status, and more features coming soon, according to the app's...
Thursday September 22, 2022 5:12 am PDT by
Sami FathiMeta is facing a new proposed class action lawsuit that accuses it of tracking and collecting the personal data of iPhone users, despite features and policies made by Apple which are meant to stop that same type of tracking.
In August, it was revealed that with the Facebook and Instagram apps, Meta can track all of a user's key taps, keyboard inputs, and more, when using the in-app browser....
Wednesday September 21, 2022 2:03 pm PDT by
Juli CloverWith millions of devices shipping out to customers with every Apple launch, there's occasionally someone who gets lucky and gets a new product ahead of schedule. This time around, Redditor playalisticadillac received an Apple Watch Ultra from AT&T two days before the official debut, sharing some images on the social media site.
The images include an unboxing and comparisons to the...
Apple today explained why the new silicone ear tips for the second-generation AirPods Pro are not officially compatible with the original AirPods Pro.
In an updated support document, Apple said the original AirPods Pro ear tips have "noticeably denser mesh" than the second-generation ear tips. Apple did not provide any additional details, but the mesh density could result in acoustical...
Top Rated Comments
You don't get it do you..? Sandboxing is currently a half baked idea riddled with bugs that makes it difficult, if not impossible to implement features that a lot of people consider essential to their apps.
Apps I use every day like Transmit from Panic and BBEdit from Barebones can't work to their full extent in a sandbox and are therefore blocked from the Mac App Store.
By way of an example, FTP apps are impossible under the sandboxing rules because apps can't browse the file system arbitrarily.
All kind of apps that need to send mouse movements or mouseclicks to the system are not sandboxable.
All kind of apps that need to control arbitrary applications in some way are not sandboxable.
All kind of apps that need to send keyboard shortcuts (e.g. for pasting text or s.th. like this) are not sandboxable.
Apps that make use of the media keys on the keyboard are not sandboxable (or will lose this functionality)
This list can be continued for quite a while... you see sandboxing will eliminate many applications from the Mac App Store. Especially utilities. Those apps probably won't be pulled from the store, but their old, possibly insecure versions will stay there and the developers won't be able to update them, even if they'd like to. Hundreds of thousands or even millions of users will be affected by this. Also Apple provides no way to migrate App Store customers to non - App Store versions.
Also the licenses only allow the use of iCloud for App Store apps like nuckinfutz said. This creates a real two class system and I think it'll hurt the mac platform...
I refuse to buy MAS applications.
Why?
Because restrictions such as this "sandboxing" that are really just half-assed implementations by Apple hurt applications more then they improve them. You can't seriously tell me with a straight face that I should accept limited and broken applications over their unhindered and free counterparts sold directly from the vendor.
There is NO REASON why Xcode shouldn't come with an "entitlements" editor that allows you to pick and chose what system resources you need and how. This should get baked into the *.app bundle, and when a developer submits an application to Apple, the reviewers can decide if the application really needs what the developer said it does and if not- they can further discuss the issues with the developer prior to approval (for example, there's no reason why a game would need access to everything in ~/, but a search utility might).
Really, there's a thousand different ways Apple could have gone about this. The above is just off the top of my head.
But no, they decide to lock everyone into a strict set of granular choices, most of which are so restricting they're virtually useless. Ring a bell with iOS multitasking anyone?
I'm sure I'll have hoards of people running to Apple's defence here saying that the limited and crippled entitlement system Apple is forcing on everyone is "for your own protection".
The truth here is that there is NO REASON why we can't have a Sandboxing implementation that works well, is secure, and can handle anything developers might need. Except for Apple's own laziness and arrogance regarding their own decisions these days.
-SC
Developers can file bugreports / feature requests but often you just get the answer that the technology you need for your application is theoretically able to workaround the purpose of the sandbox and so they won't allow it....
http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9#sandboxing