Apple's Mac App Store Sandboxing Requirement Gaining Renewed Scrutiny as Deadline Approaches

[Stella]

One problem here is, how the heck are you going to develop anything if they strip the OS down to iOS level?

Maybe we will see special "Developer" versions sold through the Dev center. Or, Apple will try to simplify development to an Automator style process.

The future freaks me out a bit as a sysadmin and developer.

If your using Xcode you do not need direct access to the terminal / command line. Any command line executables Xcode uses can be totally transparent to the user, more than it is now. Xcode at the moment makes it pretty obvious it's using terminal executables , but Apple can change this.

 

[calderone]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3)

One problem here is, how the heck are you going to develop anything if they strip the OS down to iOS level?

Maybe we will see special "Developer" versions sold through the Dev center. Or, Apple will try to simplify development to an Automator style process.

The future freaks me out a bit as a sysadmin and developer.

If your using Xcode you do not need direct access to the terminal / command line. Any command line executables Xcode uses can be totally transparent to the user, more than it is now. Xcode at the moment makes it pretty obvious it's using terminal executables , but Apple can change this.

You don't need it, but come on. What developer only sits in Xcode? And what if you want to do anything other than ObjC, Cocoa/Touch?

Python? Ruby? PHP? Running nginx locally? SVN?

There are many implications with such a move.

 

[albusseverus]

Sandboxing is about security. At this point it makes better sense to be conservative and then find safer ways to do inter-application security.

Consumers understand this. Many came from Windows where they had to deal with virus multiple times. Any mention of security to them is a positive.

Sandboxing is insane.

A security solution that involves preventing USERS for moving their data between applications - the single purpose of a computer (as opposed to Facebook/email/web that can be done on a post-pc iPad)…

…is just insane.

Completely negates the reason for owning a computer.

If this is what Apple's highly paid security experts (Rice, Krstić, Snyder???) came up with…

we're $crewed.

Time to start looking for a new OS, people. Better to just stop selling Macs, you know, like HP, than this.

 

[MagnusVonMagnum]

ok - so grab your tinfoil hats everyone, the conspiracy theorist has arrived...

If all of us walked into a bog box store and bought a brand new computer, and suddenly as we were checking out the sales person says "oh .. by the way... the only software this runs is from the manufacturer, you have to go to their store to get it" we'd all walk out (or laugh... or both).

but when apple says "the only software you can have is what we put on our app store" as it relates to mobile phones we say "ok!".

Some of us don't say OK and we have warned people that Apple is moving to take your remaining desktop freedoms of software choice away instead of opening up avenues for mobile, but we generally get booed and hissed at by the fanatical mainstream Apple user that seems to pervade every corner of the Apple Universe anymore. I think today's kids have no concept of the meaning of free choice and write it off as go to another platform if you don't like it (but when they all do it you find yourself lacking choices once again) and so it's really more of a "go away your anti-Apple expletive" than anything else since we all know that love is what drives Apple (unless your one of the poor overworked factory workers getting paid jack squat to make the products overseas and often dying in easily preventable accidents if they had any safety regulations what-so-ever. Sadly, they can't just go somewhere else because they live in a Communist society that won't allow them any freedoms. And we support that society because it makes a select few people in this country stinking RICH beyond all reason. I'd say we as a society are suckers and probably have it coming, especially in a digital age where freedom of information should make it easier (not harder) to organize against such one-sided 'racketeering' (what it looks like to me, but then I have ethical views, not legal ones in this regard).

 

[MattInOz]

I don't think Lion is Unix certified, Snow Leopard was.
http://www.opengroup.org/csq/public/search.mhtml?t=XY1&sort=bycomponent

Seeing the way OSX is going, I wouldn't be surprised if Apple bothered any more with Unix Certification. There is nothing stopping Apple from removing Terminal access from future versions of OSX ; whether they would or not is a different matter. Apple canned XServes et al, they didn't put as much effort into OSX Server as previous versions, so for some people, the sky is already falling - OSX can no longer / struggling to meet their needs.

Given how rigorous the OpenGroup is in defense of their trademark, I'm surprised they would let Apple be so open with the use of that trademark, if the product didn't comply. Yet Google only picks up the 2003-2004 Trademark dispute.

 

[tblrsa]

As long as the MAS stays an OPTION, I´m fine with sandboxing too. Just sell your app outside the store if it does not fit the guidelines. Most of my installed software is not coming from the Mac App Store in fact. See? Not much of a problem there.

However, MAS being the ONLY option to install software would defeat the purpose of owning a computer. At this point the Mac would be nothing more than another "console". I would not accept this downgrade of an ****ing expensive computer and jump ship. Might even install Windows again at this point.

 

[CFreymarc]

Dear God... there needs to be a new competitor in the desktop space like android is in the handheld space.. we need something that's not windows, and not mac.

Dude, it is called Linux. There are a plethora of audio redirection apps over there.

Apple Computer, Inc. becoming Apple, Inc. was more than just a name change. Apple is purging the last of the hippie, tie-dye anarchists that made the Apple ][ and early Mac work well. They are following the consumer drive that Sony has since iOS devices are the lion's share of revenue now.

Also, there is a growing jailbreak community for Lion, get with it!

 

[Fuzzi]

However, MAS being the ONLY option to install software would defeat the purpose of owning a computer. At this point the Mac would be nothing more than another "console". I would not accept this downgrade of an ****ing expensive computer and jump ship. Might even install Windows again at this point.

iCloud can already only be used by apps in the Mac App Store (because the licenses prohibit other usage). We'll see if Apple continues to add "App Store only" technologies to Mac OS X.

 

[KnightWRX]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3)



You don't need it, but come on. What developer only sits in Xcode? And what if you want to do anything other than ObjC, Cocoa/Touch?

Python? Ruby? PHP? Running nginx locally? SVN?

There are many implications with such a move.

Why would those be sandboxed ? You don't install them from the MAS.

None of the Unix tools would work from a sandbox, they need access to the filesystem without having to resort to Apple's Open/Save File Dialog, which is the only way to grant file reading/writing to applications in a sandbox.

So it's obvious Apple can't sandbox the whole system or else it will just be utterly broken. Same for XCode, it has to open/manipulate all the files from the SDK and other frameworks without being told which ones using the Open File Dialog, simply through #import and #include statement (for C, Obj-C, C++ obviously) to highlight syntax properly and auto-complete parameters. This can't work with current entitlements, but that's ok since Apple is Apple and doesn't need to follow the rules.

----------

Given how rigorous the OpenGroup is in defense of their trademark, I'm surprised they would let Apple be so open with the use of that trademark, if the product didn't comply. Yet Google only picks up the 2003-2004 Trademark dispute.

Stranger yet, is how Apple claims OS X Lion is certified :

http://images.apple.com/macosx/docs/OSX_for_UNIX_Users_TB_July2011.pdf

Yet the OpenGroup doesn't list nor provide a certificate for the certification on their site, even though the page says it is up to date.

I sent an e-mail to the OpenGroup, we'll see if they reply with something.

 

[bpaluzzi]

So I said "so don't put it on the store, just distribute online". and the guy .. literally said "look.. we want to stay in business, and if we don't put our stuff in the app store apple has made it clear they will not take our other apps".

Either one of you is lying, or this guy has no idea how things work with the App Store and Mac software development.

you will get great interoperability and wonderful design... as long as you don't mind giving up all your freedom and doing everything apple's way.. in the little sandbox they create for you.

Or, you know, you could just buy apps that aren't in the MAS. Just a thought.

Sandboxing is insane.

A security solution that involves preventing USERS for moving their data between applications - the single purpose of a computer (as opposed to Facebook/email/web that can be done on a post-pc iPad)…

…is just insane.

Completely negates the reason for owning a computer.

If this is what Apple's highly paid security experts (Rice, Krstić, Snyder???) came up with…

we're $crewed.

Time to start looking for a new OS, people. Better to just stop selling Macs, you know, like HP, than this.

Congrats. In a thread that is among the most "Sky is falling" that I've seen in a loooong time, you take the prize for "Most insane rambling". Brilliant work!

 

[calderone]

Why would those be sandboxed ? You don't install them from the MAS.

None of the Unix tools would work from a sandbox, they need access to the filesystem without having to resort to Apple's Open/Save File Dialog, which is the only way to grant file reading/writing to applications in a sandbox.

So it's obvious Apple can't sandbox the whole system or else it will just be utterly broken. Same for XCode, it has to open/manipulate all the files from the SDK and other frameworks without being told which ones using the Open File Dialog, simply through #import and #include statement (for C, Obj-C, C++ obviously) to highlight syntax properly and auto-complete parameters. This can't work with current entitlements, but that's ok since Apple is Apple and doesn't need to follow the rules.

Good work jumping in late, this was in reference to Apple stripping down Mac OS X further, removing terminal access and the likes.

 

[Stella]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3)



You don't need it, but come on. What developer only sits in Xcode? And what if you want to do anything other than ObjC, Cocoa/Touch?

Python? Ruby? PHP? Running nginx locally? SVN?

There are many implications with such a move.

Oh, I realize that.. I use both Python and SVN myself.

Command lines can be replaced by GUI apps....

Terminal can be easily removed.. from Apple's point of view, the Terminal is only used by a small percentage of users, and isn't relevent to the Apple's target market.

 

[till213]

How does that make the sandbox secure and flexible ? 1 process, multiple processes doing IPC, in the end, the sandbox is worthless if you have access to the system as a whole.

You're not a developer, are you? You didn't understand the concept of "sandboxing".

Sandboxing is NOT about making your application more SECURE! It's all about LIMITING damage that can be done IF something goes wrong ("stack overflow", "heap corruption", "SQL injection", you name it...).

So in the given FTP example: if an attacker manages - via web - to compromise the process which has the "networking entitlement" (but NOT the file read/write entitlement!) by e.g. having the user download a corrupted file, causing some weird buffer overflow or whatever, that doesn't help much the attacker, because she cannot download and INSTALL further malicious code! She cannot READ the user's file either (except those the user has selected via FTP already).

Now in order to actually READ/WRITE from the harddisk the attacker would actually have to compromise TWO processes - that is, find TWO exploits - and ADDITIONALLY make them communicate in such a way that they actually do what she wants!

And THAT's an order of magnitude more difficult than exploiting just one security hole in a process which can do everything the user can do.

Got it?

 

[KnightWRX]

You're not a developer, are you?

Yes I am (you'll notice I often post in the programming forums).

And everything you've said makes the system more secure (not the app itself or its data obviously, since that is inside the sandbox). Something I quite easily understand. Maybe you just wanted to type a long explanation of sandboxing and just need to quote someone, especially since none of your examples debunk what I've said.

The poster I was replying to was saying that a sandboxed application should be able to do IPC with services that give it system access. Doing so is just poking holes in the sandbox, rendering it worthless.