Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac App Store Sandboxing Requirement Pushed to March as Uncertainty Looms

ruinfx said:
what about an app like growl?
Click to expand...

Growl had to be altered.. it could no longer be a System Preference. Also you *have to* have an icon on the menu bar ( which can fill up very quickly ).

The changes forced upon by Growl angered a lot of people - especially because they are now charging for it ( but thats their decision to charge ).
 
Amazing Iceman said:
I would vote for sandboxing with some kind of security mechanism that would permit sandboxed apps to safely interact with other apps and other parts of the OS. This would allow specialized utilities to run without problems or limitations.

I'm sure Apple will provide a way to accomplish this.
Click to expand...

If you want the sort of mechanism you described in a mobile platform, go develop for Windows 8. It has exactly this mechanism you just described - it's called Contracts.

If you go on Marco Arment's website, Marco.org (he's the developer of Instapaper), he writes an article calling for Apple to implement exactly this.

So we'll see, if in time, Apple put this in a future version of iOS. I hope they do.
 
Last edited:
as usual the macrumors crowd blowing media rumours out of proportion. Have a little faith in Apple yah? After all they beat every other company. Do you enjoy to cry and complain all your life?
 
This is pretty sad, and anyone who thinks it will not adversely affect innovation and app functionality is not a developer. Apple is on its way to taking a piece of almost every sale on the platform and strictly controlling what is available to most users - wouldn't surprise me if in a release or two you have to jailbreak your Mac to get anything other than Apple approved content.

The fanbois will of course defend the decision as increasing security on the already-most-secure platform, yadda yadda yadda, but the truth is this is all about making sure Apple gets a huge cut of ISV sales and can control innovation and competition on the platform almost entirely - want to make something Apple wants to do itself or doesn't entirely like? Soon, the vast majority of users will never see or consider it because it won't be on the App Store and Apple will tell them that apps from other places are "not secure."

They may kill the golden goose with this idiocy, and if so, will richly deserve it.
 
Give Users a Choice

Perhaps Apple should educate consumers about sandboxing and then describe all apps as "sandboxed" or "not sandboxed". Those who want the safety and are willing to accept limitations can feel secure with Apple's guidance. Those willing to take a measured risk should do their homework and allow greater developer freedom.
 
Arg

Hearing stuff like this pisses me off. Why does Apple development always make crappy choices. i.e the way LIon saves... balls! Now they are going to ruin the way developers make apps for the system.
 
You can already see the affect on iOS that sand boxing has, severely restricting applications.. no Black List calling apps, no profile apps ( i.e., change ring tone, Bluetooth on off at given times or events ), for example.

Applications that other platforms may take fore-granted just aren't available, and very useful ones too... except on Cyndia.
 
Kaibelf said:
I'm all for sandboxing. If a dev wants to cry about their "innovation" being stifled because their program only affects what it's meant to, then they can go compromise someone else's machine, because I don't want their crap poking around in my files and logging my keystrokes.
Click to expand...

Now, now don't talk like that ;) your going to get all the Android/Windows people made at you :D

----------
Stella said:
You can already see the affect on iOS that sand boxing has, severely restricting applications.. no Black List calling apps, no profile apps ( i.e., change ring tone, Bluetooth on off at given times or events ), for example.

Applications that other platforms may take fore-granted just aren't available, and very useful ones too... except on Cyndia.
Click to expand...

I hear another satisfied Android users, anyone else?:rolleyes:
 
kiljoy616 said:
Now, now don't talk like that ;) your going to get all the Android/Windows people made at you :D

----------



I hear another satisfied Android users, anyone else?:rolleyes:
Click to expand...

Actually I have an iPhone..... :roll eyes: And yes, I miss not having those applications I've just mentioned, or being able to change the default Camera application to Camera+ ( via the Lock screen ). And I've never owned an Android phone either.

And.. those Android owners who are satisfied with their phone, do you have some kind of problem with them - otherwise why would you make that sarky comment?


I don't think you actually understand the implications of sand boxing OSX applications.

List the OSX applications that you use ( this goes for any one who likes the idea of sand boxing in its present form ) .. I wonder how many of those won't be allowed or would have to be crippled to get on the AppStore?
 
Last edited:
gwest said:
Perhaps Apple should educate consumers about sandboxing and then describe all apps as "sandboxed" or "not sandboxed". Those who want the safety and are willing to accept limitations can feel secure with Apple's guidance. Those willing to take a measured risk should do their homework and allow greater developer freedom.
Click to expand...

Apple doesn't give users choices. It's Steve's vision.
 
Stella said:
Actually I have an iPhone..... :roll eyes: And yes, I miss not having those applications I've just mentioned, or being able to change the default Camera application to Camera+ ( via the Lock screen ). And I've never owned an Android phone either.

And.. those Android owners who are satisfied with their phone, do you have some kind of problem with them - otherwise why would you make that sarky comment?


I don't think you actually understand the implications of sand boxing OSX applications.

List the OSX applications that you use ( this goes for any one who likes the idea of sand boxing in its present form ) .. I wonder how many of those won't be allowed or would have to be crippled to get on the AppStore?
Click to expand...

But, if Apple taking their 30% and using a sandboxing framework is so terrible, then developers can still develop independently. No sandbox, no 30%. Hell, out of the apps I bought last year, I have bought a whopping 3 off the App Store (Twitter app, GeekTool and Knights of the Old Republic) everything else, from Photoshop and Sketchbook Pro to Toast and Bowtie, I got from the developers' websites or Amazon/Staples.

So, if GeekTool has to be pulled or whatnot, I can still get it, for free, at their website.
 
Mac App Approvals

Doesn't Apple hold the same Steve Jobs control for OS X apps as they do iOS apps, where the initial release and every following version of the app must be approved? If so, then I find this highly unnecessary.

I am also curious if reports of systems getting hacked by an app downloaded from the Mac App Store have ever surfaced.
 
Windows 2000 had ACLs (Tiger v10.4.0 in 2005). Lion has now a form of Isolated Storage, Windows Vista had Isolated Storage in 2006. So how secure are we within the Mac OS X environment?
 
I don't see what Apple is so paranoid about when it comes to Mac App Store apps. As has been pointed out, Apple already approves Mac App Store submissions, so why restrict them even further, thereby making the App Store distribution model even less attractive to real developers?

It does seem like Apple is planning for a future in which Mac OS X will only install apps from the App Store, and users who find that unacceptable will have to jailbreak their Macs just like iOS devices have to be jailbroken. It would be an absolute scandal even today to clamp down on the platform like that, but a few more years from now, with the increasing iOSification of the Mac, I could envision it coming to pass.
 
All in all it's good, they just need to get the implementation of it right I believe.
 
Apple Big Mac said:
I don't see what Apple is so paranoid about when it comes to Mac App Store apps. As has been pointed out, Apple already approves Mac App Store submissions, so why restrict them even further, thereby making the App Store distribution model even less attractive to real developers?
Click to expand...

This model isn't to prevent malicious Mac App store apps. It's to prevent apps from being exploited/hacked to do bad things.

Running an application inside a sandbox is meant to minimize the damage that could be caused if that application is compromised by a piece of malware. A sandboxed application voluntarily surrenders the ability to do many things that a normal process run by the same user could do. For example, a normal application run by a user has the ability to delete every single file owned by that user. Obviously, a well-behaved application will not do this. But if an application becomes compromised, it may be coerced into doing something destructive.
Click to expand...
 
Rodimus Prime said:
My fear is this is one step closer to App making the App store on OSX the only way to install stuff on OSX.
Click to expand...
The day this happens I'm switching back to Windows or Linux. It's one thing to have an app store on my smartphone or tablet, but when you try to control my full-blown computer this way, it irritates me. I also, think this Sandboxing stuff is a precedent to a future like this. I sure hope not though.
 
Last edited:
Apple will not put OS X "in jail" as long as Microsoft doesn't sell Office in it. :rolleyes:
 
Everyone should just stop using the Mac App store. Apple doesn't need any more control over OUR computers. They also don't need to take money away from the developers that supported their platform.
 
arn said:
This model isn't to prevent malicious Mac App store apps. It's to prevent apps from being exploited/hacked to do bad things.
Click to expand...
Now I understand. Thank you for the clarification.

I find this ridiculous. The people that would get the maleware on their machine that exploits an app are the same people that would get maleware on their machine that compromises their system anyways.

Doing this would make it harder for all three parties: hackers, developers, and users. That's a 1/3 gain; this isn't worth the loss.
 
skottichan said:
But, if Apple taking their 30% and using a sandboxing framework is so terrible, then developers can still develop independently. No sandbox, no 30%. Hell, out of the apps I bought last year, I have bought a whopping 3 off the App Store (Twitter app, GeekTool and Knights of the Old Republic) everything else, from Photoshop and Sketchbook Pro to Toast and Bowtie, I got from the developers' websites or Amazon/Staples.

So, if GeekTool has to be pulled or whatnot, I can still get it, for free, at their website.
Click to expand...

I agree with you. But I also agree with the story commentary:

"As Snell points out, developers can choose to distribute their non-sandboxed apps outside the Mac App Store, but those developers would be giving up a huge distribution point. "


This "huge distribution point" will become more and more important as the MAC gains more traction. Small developers will find it hard to sell their applications because users ( are too lazy - in part ) won't be bothered to find external resources such as MacUpdate and other software sites.

Personally, I'm very concerned that these are the last few years of "open computing" that we enjoy today in the Apple environment. Computers will become locked up, at the expense to the consumer in regards to the variety and flexibility of software, especially in the Apple world.
 
Last edited:
Exotic-Car Man said:
Now I understand. Thank you for the clarification.

I find this ridiculous. The people that would get the maleware on their machine that exploits an app are the same people that would get maleware on their machine that compromises their system anyways.

Doing this would make it harder for all three parties: hackers, developers, and users. That's a 1/3 gain; this isn't worth the loss.
Click to expand...

It is not necessarily the case that users would have to make an active choice to install something that exploits their application.

Suppose that some VC darling launches a new location-based social-network for pet owners. The application takes off and soon one million pet owners are running the application on their laptops.

Suppose that the application developers publish an XML feed that lists some updates about that user's friends. The success of the application attracts attackers that discover that the developer built the application in a lazy way that did not use the maximum security available. The developers do not have to be malicious; it is not a deliberate bug in the software.

An attacker could distribute software that publishes fraudulent XML data across their network. It's not likely that someone could spoof the server when you are at home, but if these users bring their laptops to a coffee shop or someplace else with an open network, it is not that difficult for someone to pretend to be the server that your application believes the XML feed is coming from.

Downloading and parsing data from the internet can be dangerous and if the application developers did not go out of the way to manage the data in a secure way, an attack could feed the client application data that is deliberately designed to give them access to arbitrary system resources.

Sandboxing helps defend against this by limiting access to arbitrary resources. As people use laptop computers more than desktop computers, defending against these kinds of network attacks becomes more and more important.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back