Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Nov 2, 2011, 10:44 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Mac App Store Sandboxing Requirement Pushed to March as Uncertainty Looms




When Apple launched OS X 10.7 (Lion) to the public in July, most of the media focus was on the user-facing changes, such as the iOS-like Launchpad, or trackpad scrolling direction. In Lion, Apple also made a number of under-the-hood changes in their security model that may start affecting Mac App Store customers in the near future.




Amongst the many new features in Lion, Apple included a more robust sandboxing system that can prevent 3rd party applications from causing unintended damage. In their Lion review, ArsTechnica explains how sandboxing works in general:
Quote:
Running an application inside a sandbox is meant to minimize the damage that could be caused if that application is compromised by a piece of malware. A sandboxed application voluntarily surrenders the ability to do many things that a normal process run by the same user could do. For example, a normal application run by a user has the ability to delete every single file owned by that user. Obviously, a well-behaved application will not do this. But if an application becomes compromised, it may be coerced into doing something destructive.
Developers of these sandboxed applications must take special measures to break up their application into individual processes that only are able to do exactly what they need. Apple still allows user initiated actions to perform as expected and override the sandbox, but app-initiated actions in sandboxed applications will be restricted. This means that system wide file access and inter-app scripting and interactions will not be allowed.

Apple had originally told developers that sandboxing would become a requirement for Mac App Store apps as of November, 2011. Tonight, however, Apple emailed developers that the Sandboxing requirement will now go into effect on March 1, 2012.
Quote:
As of March 1, 2012 all apps submitted to the Mac App Store must implement sandboxing.
While sandboxing will increase the security of Mac App Store apps, there have been concerns that the restrictions will stifle features and innovation on the Mac platform.




Mac Apps that may be affected: TextExpander, CoverSutra, Transmit, Fantastical
In October, Macworld published a pair of articles from Jason Snell and Andy Ihnatko expressing their concerns about the new restrictions.

Snell reported that he had heard that some Mac developers will be removing features from their apps or reducing their functionality to fit them in Apple's sandbox.
Quote:
Not only does this approach risk turning the Mac App Store into a wasteland of arcade games and one-trick-pony apps, it risks dumbing down the Mac app ecosystem as a whole. While developers can always opt out of the Mac App Store, they're reluctant to do so.
Examples of Mac Apps that will be affected include iTunes controllers (Tagalicious, CoverSutra), inter-app communication (Fantastical), apps that browse the file system (Transmit), system-wide keyboard shortcut utilities (TextExpander), file syncing, and backups utilities.

While Apple is offering developers some short term exceptions to get around sandboxing, the company promises that those exceptions will be temporary. Some developers have said there is a lot of uncertainty around how long Apple will allow these apps in the Mac App Store after the deadline. With the new delay until March, some developers are holding out hope that Apple may be trying to come up with a better solution than simply pulling these apps off the Mac App Store.

As Snell points out, developers can choose to distribute their non-sandboxed apps outside the Mac App Store, but those developers would be giving up a huge distribution point.

Article Link: Mac App Store Sandboxing Requirement Pushed to March as Uncertainty Looms
MacRumors is offline   0 Reply With Quote
Old Nov 2, 2011, 10:49 PM   #2
slrandall
macrumors 6502
 
Join Date: Jun 2011
Good. More secure, more efficient apps.
slrandall is offline   -19 Reply With Quote
Old Nov 2, 2011, 10:50 PM   #3
syan48306
macrumors 6502
 
Join Date: Apr 2010
Wut?

Either I'm more tired than I think I am or that was a dense read.
__________________
2012 rMBP 15: 2.6 QM i7, 8 GB RAM, 512G SSD
syan48306 is offline   -3 Reply With Quote
Old Nov 2, 2011, 10:51 PM   #4
MultiMediaWill
macrumors 65816
 
Join Date: Aug 2010
Location: Illinois
We don't care. Just pay attention to my redesign iPhone.
__________________
Click here for the iPhone 5 iOS 6.0 Jailbreak!
MacBook Pro 15" 2011 , 2.2 GHz Quad i7, 750GB HDD, 8GB RAM, Anti-Glare
iPhone 5 32gb
iPad 3 16gb
MultiMediaWill is offline   -39 Reply With Quote
Old Nov 2, 2011, 10:53 PM   #5
Kaibelf
macrumors 6502a
 
Kaibelf's Avatar
 
Join Date: Apr 2009
Location: Chicago, IL
I'm all for sandboxing. If a dev wants to cry about their "innovation" being stifled because their program only affects what it's meant to, then they can go compromise someone else's machine, because I don't want their crap poking around in my files and logging my keystrokes.
Kaibelf is offline   -21 Reply With Quote
Old Nov 2, 2011, 10:55 PM   #6
Mr Astonishing
macrumors newbie
 
Join Date: Sep 2011
Location: SLC, UT
I'm no genius when it comes to computers, or the whole "sandboxing process," however; I do see that Apple originally told developers they wanted Mac Store apps to have sandboxing as a requirement by November 2011, but all I could think about when I read this post was the Chrome book. I know it's not the exactly the same and I'm not saying Google did it first. I just thought I would bring that up.

http://www.youtube.com/watch?v=U1bzZ...layer_embedded

EDIT: This will be awesome for the App Store. I'm all for it! Like slrandall said, "More secure, more efficient apps."
__________________
|24" iMac, 3.06 GHz, 8 GB RAM, 1 TB HD| |16 GB iPod Touch (2nd Gen)| |iPad Mini 16 GB| |iPhone 5 16 GB|
Mr Astonishing is offline   -7 Reply With Quote
Old Nov 2, 2011, 10:58 PM   #7
Stella
macrumors 603
 
Stella's Avatar
 
Join Date: Apr 2003
Location: Canada
Absolutely correct - sand boxing is bad for innovation. Already we see differences in the same piece of software that is distributed outside app store vs in appStore - for example 1Password, BBEdit, Drive Genius.. lots of others - the versions in the appStore are crippled vs those outside.

Many existing great software will never be allowed in - due to the functionality they provide, i.e., LaunchBar, BetterTouchTool, PathFinder.

Yes, you can still download from outside the app Store but over time more and more applications will be found exclusively in the AppStore.

Either remove the sand box or lighten up the restrictions.

Mac software flourishes happily at the moment without sand boxing... almost all ( read 99.99% are safe - a handful are not ).

Quote:
Originally Posted by Kaibelf View Post
I'm all for sandboxing. If a dev wants to cry about their "innovation" being stifled because their program only affects what it's meant to, then they can go compromise someone else's machine, because I don't want their crap poking around in my files and logging my keystrokes.
Your paranoid, no doubt about it. 99.9999999999999999999999% of Mac applications outside the Mac AppStore are absolutely safe.
__________________
Hardware / Software: The right tools for the job - be it Apple or otherwise.

Last edited by Stella; Nov 2, 2011 at 11:05 PM.
Stella is offline   15 Reply With Quote
Old Nov 2, 2011, 10:59 PM   #8
arn
macrumors god
 
arn's Avatar
 
Join Date: Apr 2001
Send a message via AIM to arn
Quote:
Originally Posted by Kaibelf View Post
I'm all for sandboxing. If a dev wants to cry about their "innovation" being stifled because their program only affects what it's meant to, then they can go compromise someone else's machine, because I don't want their crap poking around in my files and logging my keystrokes.
I suspect it affects more apps than you realize.

arn
arn is online now   25 Reply With Quote
Old Nov 2, 2011, 11:00 PM   #9
AppleScruff1
macrumors 603
 
AppleScruff1's Avatar
 
Join Date: Feb 2011
One step closer to total Apple control.
AppleScruff1 is offline   23 Reply With Quote
Old Nov 2, 2011, 11:03 PM   #10
Mr. Gates
macrumors 68020
 
Mr. Gates's Avatar
 
Join Date: Jun 2009
Location: --Redmond --------- ----------------Washington---
Whats next ?

Apps no longer utilize the file system ?

Can we just make the iMac a big iPad now ?.....That's really what we all want ...Right ?
__________________
This is a RUMOR site For speculation and discussion.Not a Fan-Club. Just because we are interested in Apple rumors it doesn't mean we should be frothing at the mouth with Apple rabid comments.
Mr. Gates is offline   16 Reply With Quote
Old Nov 2, 2011, 11:03 PM   #11
calderone
macrumors 68040
 
calderone's Avatar
 
Join Date: Aug 2009
Location: Seattle
Quote:
Originally Posted by Kaibelf View Post
I'm all for sandboxing. If a dev wants to cry about their "innovation" being stifled because their program only affects what it's meant to, then they can go compromise someone else's machine, because I don't want their crap poking around in my files and logging my keystrokes.
That is just it: many apps will no longer be able to do what they are intended to do.
__________________
ACSA, ACMT
calderone is offline   16 Reply With Quote
Old Nov 2, 2011, 11:04 PM   #12
AppleScruff1
macrumors 603
 
AppleScruff1's Avatar
 
Join Date: Feb 2011
Quote:
Originally Posted by Mr. Gates View Post
Whats next ?

Apps no longer utilize the file system ?

Can we just make the iMac a big iPad now ?.....That's really what we all want ...Right ?
We want what Apple wants us to want. Even if we don't want it.
AppleScruff1 is offline   -2 Reply With Quote
Old Nov 2, 2011, 11:06 PM   #13
Amazing Iceman
macrumors 68020
 
Amazing Iceman's Avatar
 
Join Date: Nov 2008
Location: Florida, U.S.A.
I would vote for sandboxing with some kind of security mechanism that would permit sandboxed apps to safely interact with other apps and other parts of the OS. This would allow specialized utilities to run without problems or limitations.

I'm sure Apple will provide a way to accomplish this.
__________________
17" MacBook Pro (2007) iPad Air WiFi+Cell 128 GB iPhone 5s 64 GB T-Mobile AppleTV 2
Follow @AmazingIceman for useful tech info and more (mention MacRumors).
Amazing Iceman is offline   0 Reply With Quote
Old Nov 2, 2011, 11:06 PM   #14
Mr. Gates
macrumors 68020
 
Mr. Gates's Avatar
 
Join Date: Jun 2009
Location: --Redmond --------- ----------------Washington---
Quote:
Originally Posted by AppleScruff1 View Post
We want what Apple wants us to want. Even if we don't want it.
"Oh yess Doctor ..More ...More ...Give it to me good !"





Gimme punishment
__________________
This is a RUMOR site For speculation and discussion.Not a Fan-Club. Just because we are interested in Apple rumors it doesn't mean we should be frothing at the mouth with Apple rabid comments.
Mr. Gates is offline   6 Reply With Quote
Old Nov 2, 2011, 11:07 PM   #15
the8thark
macrumors 68030
 
the8thark's Avatar
 
Join Date: Apr 2011
Quote:
Originally Posted by Mr Astonishing View Post
I'm no genius when it comes to computers, or the whole "sandboxing process," however; I do see that Apple originally told developers they wanted Mac Store apps to have sandboxing as a requirement by November 2011, but all I could think about when I read this post was the Chrome book. I know it's not the exactly the same and I'm not saying Google did it first. I just thought I would bring that up.
I agree 100%.

You can not have 100% security and 100% freedom for developers. Impossible. You need the right balance between security and freedom to developers.

Most people do not care about this as long as the apps do what they say they should do. I think this though a good idea is Apple's paranoia talking. OS X is already the most secure platform out there. Not perfect. But no platform is perfect.

Apple believe this increased freedom is worth the slight loss is developer freedom. If the developers agree that'a another matter.
the8thark is offline   0 Reply With Quote
Old Nov 2, 2011, 11:07 PM   #16
Stella
macrumors 603
 
Stella's Avatar
 
Join Date: Apr 2003
Location: Canada
Oh ROTFL!!! Great caption and picture!
Quote:
Originally Posted by Mr. Gates View Post
"Oh yess Doctor ..More ...More ...Give it to me good !"


Image


Gimme punishment

Quote:
Originally Posted by the8thark View Post
Apple believe this increased freedom is worth the slight loss is developer freedom. If the developers agree that'a another matter.
Problem is, its not a *slight* loss of developer freedom, its actually quite a lot more than you realize.
__________________
Hardware / Software: The right tools for the job - be it Apple or otherwise.
Stella is offline   13 Reply With Quote
Old Nov 2, 2011, 11:08 PM   #17
AppleScruff1
macrumors 603
 
AppleScruff1's Avatar
 
Join Date: Feb 2011
Quote:
Originally Posted by Mr. Gates View Post
"Oh yess Doctor ..More ...More ...Give it to me good !"


Image


Gimme punishment
True Appleonian's are a bit masochistic.
AppleScruff1 is offline   1 Reply With Quote
Old Nov 2, 2011, 11:09 PM   #18
ScottishCaptain
macrumors 6502a
 
Join Date: Oct 2008
Quote:
I would vote for sandboxing with some kind of security mechanism that would permit sandboxed apps to safely interact with other apps and other parts of the OS. This would allow specialized utilities to run without problems or limitations.

I'm sure Apple will provide a way to accomplish this.
What makes you think that?

10.7 is the first step towards the iOS-ification of Mac OS X (not the other way around). Just wait until developers have to resort to retarded hacks to move data between applications because absolutely everything is sandboxed and there's no shared storage between apps.

I swear to god, this walled garden ******** needs to stop. Apple is feeling more like a trash compactor then a green garden filled with wonderful things. Everyone and everything is being crushed into their idea of a perfect platform, and since their vision is ultimately flawed (where your desktop becomes a giant iPad, which is just a giant iPhone)- it's not going to end well for anyone.

-SC
__________________
2010 Mac Pro (MacPro5,1), 2*2.93ghz, 64GB, 4x2TB, Apple RAID Card, 5970 GPU, 2xSD, Eizo CG276W
ScottishCaptain is offline   17 Reply With Quote
Old Nov 2, 2011, 11:09 PM   #19
Rodimus Prime
Banned
 
Join Date: Oct 2006
My fear is this is one step closer to App making the App store on OSX the only way to install stuff on OSX.

Quote:
Originally Posted by Kaibelf View Post
I'm all for sandboxing. If a dev wants to cry about their "innovation" being stifled because their program only affects what it's meant to, then they can go compromise someone else's machine, because I don't want their crap poking around in my files and logging my keystrokes.

There is a different between poking around and logging and Apps that need access to that low level stuff to work correct. Several examples have been sited.

Apps that say add system wide keyboard shot cuts or overrides can not be sandbox as they need to grab key strokes at all time. (key logger would store them. This one would say be looking with an if statement and then do said action if it happen but does not store anything)


Another App that many of us used that would work like crapped if sandboxed would be dropbox. That is an example of an App that sandboxing would destroy
Rodimus Prime is offline   13 Reply With Quote
Old Nov 2, 2011, 11:11 PM   #20
jackrv
macrumors 6502
 
Join Date: Jul 2011
Quote:
Originally Posted by Stella View Post
Absolutely correct - sand boxing is bad for innovation. Already we see differences in the same piece of software that is distributed outside app store vs in appStore - for example 1Password, BBEdit, Drive Genius.. lots of others - the versions in the appStore are crippled vs those outside.
This could eventually be fixed by Apple releasing specific APIs (they may already do, I am not an Apple developer). I see this is an ongoing Work-in-progress kind of thing.
__________________
2010 iMac 27" i5 16Gb - iPhone 3GS - Samsung Galaxy Nexus (don't hate!) Airport Extreme Base Station Airport Express
jackrv is offline   0 Reply With Quote
Old Nov 2, 2011, 11:12 PM   #21
vitzr
macrumors 68030
 
Join Date: Jul 2011
Location: California
It just shocks me at how easily the fanbois with no clue buy into the lip service from Apple. Under the guise of safe & secure, yeah right. Once again proving how quick they are to go with whatever spin Apple puts out. No Kool Aid required.
vitzr is offline   7 Reply With Quote
Old Nov 2, 2011, 11:14 PM   #22
Stella
macrumors 603
 
Stella's Avatar
 
Join Date: Apr 2003
Location: Canada
Quote:
Originally Posted by jackrv View Post
This could eventually be fixed by Apple releasing specific APIs (they may already do, I am not an Apple developer). I see this is an ongoing Work-in-progress kind of thing.
The API is already there to allow the functionality to be implemented. If the API wasn't available, the software wouldn't exist ( or use entirely private API calls - cough *BetterTouchTool* ).

There is a great argument for not allowing private API calls ( because these may change at any time - public API is far more stable ).
__________________
Hardware / Software: The right tools for the job - be it Apple or otherwise.
Stella is offline   0 Reply With Quote
Old Nov 2, 2011, 11:15 PM   #23
arn
macrumors god
 
arn's Avatar
 
Join Date: Apr 2001
Send a message via AIM to arn
Quote:
Originally Posted by vitzr View Post
It just shocks me at how easily the fanbois with no clue buy into the lip service from Apple. Under the guise of safe & secure, yeah right. Once again proving how quick they are to go with whatever spin Apple puts out. No Kool Aid required.
There's no debate that sandboxing is more secure. It is.

The question is how much you really care about it at the expense of certain types of applications.

arn
arn is online now   9 Reply With Quote
Old Nov 2, 2011, 11:15 PM   #24
smulji
macrumors 6502
 
Join Date: Feb 2011
Quote:
Originally Posted by Kaibelf View Post
I'm all for sandboxing. If a dev wants to cry about their "innovation" being stifled because their program only affects what it's meant to, then they can go compromise someone else's machine, because I don't want their crap poking around in my files and logging my keystrokes.
I'm all for sandboxing as well but I think the March 1, 2012 deadline is too soon. March 1, 2013 is a fair deadline as it gives developers enough time to develop apps with sandboxing in mind.
smulji is offline   0 Reply With Quote
Old Nov 2, 2011, 11:18 PM   #25
ruinfx
macrumors 6502a
 
Join Date: Feb 2008
what about an app like growl?
__________________
15" 2.3GHz Retina MacBook Pro
8GB iPod Touch 4G
ruinfx is offline   5 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Intel's Processor Roadmap Leaves Uncertainty for Apple's 2014 Mac Updates MacRumors MacRumors.com News Discussion 380 Apr 10, 2014 04:29 PM
Corporate exchange email pushed passcode requirement TSKY74 iPhone 9 Sep 6, 2013 09:55 PM
Age Requirement to Work in an Apple Store and Coaching Please? (Louisville Area) BMNEUR Apple, Industry and Internet Discussion 4 Aug 2, 2013 01:46 PM
Apple pushed out a very minor App Store update gforce216 iOS 6 9 Oct 24, 2012 02:35 PM

Forum Jump

All times are GMT -5. The time now is 09:48 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC