Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple's Mac App Store Sandboxing Requirement Gaining Renewed Scrutiny as Deadline Approaches

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,547
30,865



Last November, we reported on Apple's plan to require all Mac App Store apps to be sandboxed, a move that would increase security by preventing apps from overstepping their bounds should they be affected by malware but which could hamper the functionality of certain apps. The requirement had been scheduled to go into effect in November but was pushed back to a March 1 implementation date as apparently sought to give developers more time to digest and prepare for the change.

sandboxing.jpg



With the implementation date now just a few weeks away, The Wall Street Journal again takes a look at the impact of the changes.
Sandboxing is fairly common in the mobile world, where Apple, Google Inc.'s Android and others have long required it as a safety measure to prevent an app from compromising other parts of the system. But some developers say sandboxing could cripple desktop software, which is often more sophisticated.

Mac developer Mark Munz, of Vancouver, Wash., says to comply with Apple's new rules, he has to remove key features of his text-reformatting app TextSoap that integrate with other programs.

As a workaround, he's working on a "helper app" that Mac App Store users could download separately to restore the extra functionality. "It sort of defeats the purpose of what sandboxing is about," says Mr. Munz, who is president of Unmarked Software LLC.
Click to expand...
The report also cites Flexibits co-founder Kent Sutherland, whose Fantastical calendaring app would be subject to sandboxing limitations on its ability to sync and import data from other applications. Apple's position that it will allow access to certain features only on a "temporary" basis leaves developers such as Sutherland uncertain about whether their apps will be able to continue to function in the future.

Apple notes that it is continuing to work with developers to increase the security of their applications under the new sandboxing requirements, with a source noting that "most" apps will not require any changes to meet the new policy. But as we noted in our earlier report, a number of high-profile apps that provide systemwide functionality may have to jump through new hoops to obtain approval for their continued functionality, and developers report that they are still finding bugs in the sandboxing procedures that leave uncertainty about just what is going to happen come March 1.

Article Link: Apple's Mac App Store Sandboxing Requirement Gaining Renewed Scrutiny as Deadline Approaches
 
Article Link
https://www.macrumors.com/2012/02/09/apples-mac-app-store-sandboxing-requirement-gaining-renewed-scrutiny-as-deadline-approaches/
BaldiMac

BaldiMac

macrumors G3
Jan 24, 2008
8,762
10,890
So, to be clear. It's a problem when Apple allows access to other application data and it's a problem when Apple doesn't allow access to other application data. :)
 
SuprUsrStan

SuprUsrStan

macrumors 6502a
Apr 15, 2010
715
1,015
*shrug* just pull the apps that's not updated from the mac store. It's not like this was just sprung on developers.
 
swarmster

swarmster

macrumors 6502a
Jun 1, 2004
641
114
BaldiMac said:
So, to be clear. It's a problem when Apple allows access to other application data and it's a problem when Apple doesn't allow access to other application data. :)
Click to expand...

Pretty much. Luckily, if you want to go the guaranteed-secure route, you can use Apple's App Store, and if you want to be able to do anything you can get your apps somewhere else. Everyone's happy!

...as I'm sure we'll see in the following comments.
 
P

posguy99

macrumors 68020
Nov 3, 2004
2,282
1,531
I didn't get my copy of Fantastical from the MAS, I imagine many other people didn't as well. Since the sandboxing rules only apply to applications sold by the MAS, there doesn't seem to be a problem.

BBEdit is the same, you get a semi-broken copy if you buy it from the MAS, vs the fully-functional one you get from Bare Bones.

Personal philosophy... only buy the application from the MAS if there's nowhere else to get it and there's no other application with equivalent functionality.
 
M

MacServiceGuy

macrumors newbie
Feb 9, 2012
9
1
apple sucks... There was sandboxing in lion prior to the app store...

ok - so grab your tinfoil hats everyone, the conspiracy theorist has arrived...

If all of us walked into a bog box store and bought a brand new computer, and suddenly as we were checking out the sales person says "oh .. by the way... the only software this runs is from the manufacturer, you have to go to their store to get it" we'd all walk out (or laugh... or both).

but when apple says "the only software you can have is what we put on our app store" as it relates to mobile phones we say "ok!".

so for my part, i'm leaving the iPhone completely and going android.

However, for desktop computers, i don't have the same luxury. And now that apple has its hands all over mac apps in their app store, it's already killing my productivity.

I can't believe people are putting up with this sandboxing bulls**t and not complaining. Are you f'n kidding me?!

Here at our studio we use an app called Wiretap Anywehre from Ambrosia software. It's an absolutely essential app for us for the radio show we produce so that we can route audio from any app to any other app. We've been using it for years without issue.

When lion was introduced it suddenly stopped working properly. We could not longer pick the app we wanted to route from and to - so now if we want to record audio we can record ALL system audio, or none.

Why? Because of sandboxing. They hadn't updated their app and they could have gotten around it and fixed it but when i called to find out why a fix was taking so long the answer was "because there isn't' one coming". when i asked why they said it was because of the new app store requirements around sand boxing. So I said "so don't put it on the store, just distribute online". and the guy .. literally said "look.. we want to stay in business, and if we don't put our stuff in the app store apple has made it clear they will not take our other apps".

are you f'n kidding me...

i tried to warn everyone about giving apple this kind of power....

Dear God... there needs to be a new competitor in the desktop space like android is in the handheld space.. we need something that's not windows, and not mac.
 
Apple Key

Apple Key

macrumors 6502a
Jan 4, 2012
561
0
MacServiceGuy said:
ok - so grab your tinfoil hats everyone, the conspiracy theorist has arrived...

If all of us walked into a bog box store and bought a brand new computer, and suddenly as we were checking out the sales person says "oh .. by the way... the only software this runs is from the manufacturer, you have to go to their store to get it" we'd all walk out (or laugh... or both).

but when apple says "the only software you can have is what we put on our app store" as it relates to mobile phones we say "ok!".

so for my part, i'm leaving the iPhone completely and going android.

However, for desktop computers, i don't have the same luxury. And now that apple has its hands all over mac apps in their app store, it's already killing my productivity.

I can't believe people are putting up with this sandboxing bulls**t and not complaining. Are you f'n kidding me?!

Here at our studio we use an app called Wiretap Anywehre from Ambrosia software. It's an absolutely essential app for us for the radio show we produce so that we can route audio from any app to any other app. We've been using it for years without issue.

When lion was introduced it suddenly stopped working properly. We could not longer pick the app we wanted to route from and to - so now if we want to record audio we can record ALL system audio, or none.

Why? Because of sandboxing. They hadn't updated their app and they could have gotten around it and fixed it but when i called to find out why a fix was taking so long the answer was "because there isn't' one coming". when i asked why they said it was because of the new app store requirements around sand boxing. So I said "so don't put it on the store, just distribute online". and the guy .. literally said "look.. we want to stay in business, and if we don't put our stuff in the app store apple has made it clear they will not take our other apps".

are you f'n kidding me...

i tried to warn everyone about giving apple this kind of power....

Dear God... there needs to be a new competitor in the desktop space like android is in the handheld space.. we need something that's not windows, and not mac.
Click to expand...

Apple is merely a world with rules. Imagine the world you live in without any rules what so ever.

It's not as if Apple is the only one producing software for their app store. Third parties are creating the apps. Additionally, in time the sandboxing rule will be ironed out to allow for additional software features as you mention.
 
F

Fotek2001

macrumors regular
Jun 16, 2005
106
0
London, England
syan48306 said:
*shrug* just pull the apps that's not updated from the mac store. It's not like this was just sprung on developers.
Click to expand...

You don't get it do you..? Sandboxing is currently a half baked idea riddled with bugs that makes it difficult, if not impossible to implement features that a lot of people consider essential to their apps.

Apps I use every day like Transmit from Panic and BBEdit from Barebones can't work to their full extent in a sandbox and are therefore blocked from the Mac App Store.

By way of an example, FTP apps are impossible under the sandboxing rules because apps can't browse the file system arbitrarily.
 
N

Nielsenius

macrumors 6502a
Apr 16, 2011
565
1
Virginia
I don't see this as a good move by Apple. Every app that rolls through the App Store's doors is checked and verified by some sort of team. Obviously, there have been incidents with a few applications that don't comply to Apple's rules. But, the vast majority of apps are legit. By requiring that all App Store apps be sandboxed is hurting the consumer. Some apps need a little bit more power over the operating system to work correctly. I, for one, am not happy about this move by Apple. I think it only validates the idea that they are control freaks with a locked-down system.
 
Apple Key

Apple Key

macrumors 6502a
Jan 4, 2012
561
0
Fotek2001 said:
You don't get it do you..? Sandboxing is currently a half baked idea riddled with bugs that makes it difficult, if not impossible to implement features that a lot of people consider essential to their apps.

Apps I use every day like Transmit from Panic and BBEdit from Barebones can't work to their full extent in a sandbox and are therefore blocked from the Mac App Store.

By way of an example, FTP apps are impossible under the sandboxing rules because apps can't browse the file system arbitrarily.
Click to expand...

I'm sure they are working on an alternative or a way around this.

----------
Nielsenius said:
I don't see this as a good move by Apple. Every app that rolls through the App Store's doors is checked and verified by some sort of team. Obviously, there have been incidents with a few applications that don't comply to Apple's rules. But, the vast majority of apps are legit. By requiring that all App Store apps be sandboxed is hurting the consumer. Some apps need a little bit more power over the operating system to work correctly. I, for one, am not happy about this move by Apple. I think it only validates the idea that they are control freaks with a locked-down system.
Click to expand...

The App Store is to help us find and manage our apps, and make the whole process more smooth than it currently is. That's all.

Everyone can still go to Transmit's site and purchase the software. It's really not that difficult... nothing has changed on that front.
 
Mad-B-One

Mad-B-One

macrumors 6502a
Jun 24, 2011
789
5
San Antonio, Texas
MacServiceGuy said:
Dear God... there needs to be a new competitor in the desktop space like android is in the handheld space.. we need something that's not windows, and not mac.
Click to expand...

I totally agree - it's called "Linux" - ever heard of it? Well, okay, it's geeky and the geeks who really understand and use it don't care (enough) that it has to be simple and understandable to be truely successful for the general public. I am not one of them. I can navigate my way around in Linux and could read up to do what I want if I would use it, but in al honesty, Linux has to look at Mozilla or Apple (or other UNIX systems) to see how users want to use products nowadays. No one will be successful if you have to use a dosbox comand in order to configure your computer. These times are over and gone.

PS: I used SuSe, Ubuntu, and RedHat before, not satisfying enough for me.
 
Roessnakhan

Roessnakhan

macrumors 68040
Sep 16, 2007
3,518
510
ABQ
At least it only applies to apps on the App Store and not just a general thing for the OS. If you want to install an app that runs no holds barred you still can, just not from the App Store. If there comes a day when that isn't the case is when I'll take issue.
 
nuckinfutz

nuckinfutz

macrumors 603
Jul 3, 2002
5,539
406
Middle Earth
MacServiceGuy said:
so for my part, i'm leaving the iPhone completely and going android.

.
Click to expand...

Stopped reading here. Nothing informative is going to come afterwards..that is a given.
---------------------


Sandboxing is about security. At this point it makes better sense to be conservative and then find safer ways to do inter-application security.

Consumers understand this. Many came from Windows where they had to deal with virus multiple times. Any mention of security to them is a positive.
 
M

MacServiceGuy

macrumors newbie
Feb 9, 2012
9
1
Mad-B-One said:
I totally agree - it's called "Linux" - ever heard of it? Well, okay, it's geeky and the geeks who really understand and use it don't care (enough) that it has to be simple and understandable to be truely successful for the general public. I am not one of them. I can navigate my way around in Linux and could read up to do what I want if I would use it, but in al honesty, Linux has to look at Mozilla or Apple (or other UNIX systems) to see how users want to use products nowadays. No one will be successful if you have to use a dosbox comand in order to configure your computer. These times are over and gone.

PS: I used SuSe, Ubuntu, and RedHat before, not satisfying enough for me.
Click to expand...

I really wish i was geeky and could do this, i'd switch today. i'm pretty tech savvy, but not to the unix degree :mad: :confused: :(
 
Apple Key

Apple Key

macrumors 6502a
Jan 4, 2012
561
0
Roessnakhan said:
At least it only applies to apps on the App Store and not just a general thing for the OS. If you want to install an app that runs no holds barred you still can, just not from the App Store. If there comes a day when that isn't the case is when I'll take issue.
Click to expand...

100% agree. I'm all for Apple taking steps to make the OS more secure.
 
M

MacServiceGuy

macrumors newbie
Feb 9, 2012
9
1
Mr. Retrofire said:
I do not need a sandbox. I'm not a kid. Or who needs limited functionality?
Click to expand...

that is a brilliant quote - so succinct,and so accurate - yet so much to it.

this describes the entire apple experience.

you will get great interoperability and wonderful design... as long as you don't mind giving up all your freedom and doing everything apple's way.. in the little sandbox they create for you.

so stupid... can't wait till i can get away from this crap
 
nuckinfutz

nuckinfutz

macrumors 603
Jul 3, 2002
5,539
406
Middle Earth
Sandboxing in conjunction with a curated store works.

iOS has far less Malware than Android.

Consumers are happy as witnessed by the outstanding sales of Macs and iPhone/iPod Touch/iPads.

No developer is forced to create a Mac App Store version of their app but there are benefits if they choose to do so.
 
Skoua

Skoua

macrumors member
Sep 26, 2011
39
75
Paris
It's just weird that Apple requires apps to be sandboxed before figuring out a way to work around the problems sandboxes cause.

For now, I don't see much nice things coming from the MAS: editors releasing updates later because of Apple validation, the 30% cut from editors who need more the money than Apple, slow and unintuitive MAS...

When I can, I just try to avoid buying from MAS for now, until Apple makes it more usable and less hard to comply with for editors.
 
T

thekeyring

macrumors 68040
Jan 5, 2012
3,485
2,147
London
What? Why do Mac App Store apps need sandboxing as a way of keeping them secure?! Surly Apple aren't going to let developers post viruses into the Mac App Store anymore than with the iOS App Store, so the apps don't need to be sandboxed?
 
ArtOfWarfare

ArtOfWarfare

macrumors G3
Nov 26, 2007
9,561
6,059
rossip said:
There seems to be a lot of misunderstanding about what sandboxing really is. I recommend everyone read this article before complaining.

http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9#sandboxing
Click to expand...

Alright, I took a look at it. I revealed the sandbox column and had a look at what's not running sandboxed.

IORegistryExplorer*
BatteryStatus**
Activity Monitor*
Dock*
Fusion
Flash Player
Numbers*
Spotify
Finder*
EyeTV Helper
Software Update*

*Apple is trying to enforce a rule they don't even bother following.
**And it looks like they're looking to kick me out of the store just as I've arrived... I get the sense that BatteryStatus isn't going to work in a sandboxed environment.

Oh well, I suppose I'll finish development of it this month and just see how long it takes Apple to take it down.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom