Apple extends Mac App Store sandboxing restriction deadline to June 1

Posted:
in Mac Software edited January 2014


Developers now have until June 1 to make their applications compliant with the new Mac App Store sandboxing restrictions, Apple announced on Tuesday.



The original deadline was March 1, but developers now have an additional three months to bring their software in line with the new rules. The sandboxing entitlements are already found in OS X 10.7.3 Lion and new APIs in Xcode 4.3.



Sandboxing of applications is Apple's initiative to make the Mac platform even more secure by restricting what applications can do within the operating system. This helps to prevent problems like malware taking over third-party applications and utilizing them to do something malicious.



The sandboxing strategy has been met with opposition from some developers who feel restricted by the changes and have even discovered flaws with the system. Last November, a security firm discovered vulnerabilities with the application sandboxing feature.



Apple initially intended to have all applications on the Mac App Store sandboxed when the service first launched in early 2011. But the company opted to give developers a reprieve until last November, and then again pushed the deadline back to March 1. The latest deadline of June 1 marks the third delay for Apple.



Sandboxing will play an even more important role later this year with the launch of OS X 10.8 Mountain Lion and the new Gatekeeper feature. With Gatekeeper, users will have the option of restricting a Mac to only install Apple-authorized software from the Mac App Store, effectively requiring that all software on a Mac comply with Apple's sandboxing rules.



Beyond the Mac App Store restriction, users will also be able to expand third-party software to allow applications from identified developers, if they so choose. Developers will be tracked by Apple with a secret key, and that key will be revoked for developers who are found to violate Apple's terms.



Finally, Mountain Lion users will also be able to allow applications on their system that are downloaded from anywhere, regardless of whether they are considered "identified developers" by Apple.



[ View article on AppleInsider ]

Comments

  • Reply 1 of 16
    rtm135rtm135 Posts: 310member
    This is basically the beginning of Apple locking down the rest of their systems. Microsoft is doing the same thing with Metro and Windows 8. It will increase security and reduce piracy. Basically a WIN as far as I'm concerned.
  • Reply 2 of 16
    solipsismxsolipsismx Posts: 19,566member
    Quote:
    Originally Posted by rtm135 View Post


    This is basically the beginning of Apple locking down the rest of their systems. Microsoft is doing the same thing with Metro and Windows 8. It will increase security and reduce piracy. Basically a WIN as far as I'm concerned.



    Are you suggesting that they will soon not allow you to install apps outside of the Mac App Store? I think the new option to sign apps that aren't in the App Store is a sign that they are not going to do that.



    I do agree this is a good thing. We're all up in arms that an app can read our iPhone's address book and copy its contents to a server without any safeguards but what about apps on the Mac? I have a lot more personal info on my Mac than I do on my iPhone and have no idea what information was data mined.
  • Reply 3 of 16
    Really?! An app of mine got rejected for not being sandboxed last week. A temporary reprieve! Nice.
  • Reply 4 of 16
    asciiascii Posts: 5,936member
    Since they've delayed it so long, perhaps they could get rid of the temporary entitlements that give full access.
  • Reply 5 of 16
    Quote:
    Originally Posted by rtm135 View Post


    This is basically the beginning of Apple locking down the rest of their systems. Microsoft is doing the same thing with Metro and Windows 8. It will increase security and reduce piracy. Basically a WIN as far as I'm concerned.



    I don't think Apple having the ability to grant permission for all applications is a good thing. It's going to be a nightmare for developers, an annoyance for users. It's 2012. How often do you really worry about security and what programs are legit? It wont help fight piracy unless they locked down everything, which they are not going to do. It's not so much about 'increasing security and reducing piracy' as it is them trying to push their App Store distribution channel. It's one thing to do this on phones, but I don't think it's their place at all to start overseeing and allowing every program written for OSX.
  • Reply 6 of 16
    Pirates can take an app, turn on sandboxing and replace the signatures, and now you have a securely sandboxed pirated app.
  • Reply 7 of 16
    diddydiddy Posts: 282member
    Yea, I don't see how sandboxing is going to stop piracy....
  • Reply 8 of 16
    gustavgustav Posts: 827member
    Sandboxing may prevent malware, but not piracy.
  • Reply 9 of 16
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by diddy View Post


    Yea, I don't see how sandboxing is going to stop piracy....



    If the default is to only allow apps from the App Store and the App Store only allows sandboxed apps then a user would have to specifically allow apps from unsigned sources to get a pirated app, but of course, anyone looking to score free pirated apps would likely allow this. So yes, sandboxing does not prevent piracy on OS X ML any more than it currently does on iOS once the user decides to jailbreak it. Sandboxing itself is only a damage containment mechanism if the app gets exploited.
  • Reply 10 of 16
    slurpyslurpy Posts: 5,382member
    Regardless of all the bitching and moaning here, sandboxing will benefit 95% of consumers in 95% of situations. For those of you who have very niche/specialized needs from certain software which sandboxing impedes, I' sure there will always be means to get that software and that functionality. For most people, (and by most people I mean not techblogs- the internet tends to be an echo chamber with no basis in reality) this will lead to a better experience with less potential for OS instability caused by rogue processes.
  • Reply 11 of 16
    Quote:
    Originally Posted by Slurpy View Post


    ... I' sure there will always be means to get that software and that functionality. ....



    Unfortunately, many developers will not support two methods of distribution for an app, even if they already have a store. Take Devon Technologies, for example. Their latest app is only available on the app store:

    http://www.devontechnologies.com/download/products.html
  • Reply 12 of 16
    Say what one will, most new users to Macs don't even know how to "install" a "program". Mac App Store will help with this.



    I'm all for Apple making these changes:



    1.

    Mac App Store for most if not all apps (advanced users can still manually install)



    2.

    LaunchPad improvements



    3.

    Dock changed to iOS multitasking bar ~ at the moment, it's confusing to have icons in the Dock, some running, some not, dragging in and out for adding and removing icons, plus it's redundant compared to LaunchPad.



    Again, new users (50% of those buying Macs) simply do not know how to install "programs", have no idea what the Dock does, how to use it, and simply don't understand the Finder. Should we be catering to a dumbing down of OS X? At the end of the day, I feel, we have to. OS X is brilliant but given advanced users will use it the way they like, the primary goal of OS X is to help solidify the Mac as a clear and undisputed alternative to Windows.
  • Reply 13 of 16
    Quote:
    Originally Posted by davida View Post


    Unfortunately, many developers will not support two methods of distribution for an app, even if they already have a store. Take Devon Technologies, for example. Their latest app is only available on the app store:

    http://www.devontechnologies.com/download/products.html



    Fair enough, but given the choice of software, and the ease of use of the Mac App Store, I'm not too sure what the damage will be if a lot of companies go exclusive with the Mac App Store.



    What are the downsides? I can think of one ~ SME and corporate installs may have reduced flexibility, but that was the argument with the Lion installer, which you can simply put onto an external drive.
  • Reply 14 of 16
    In 2014: "In Mountain Lion, we gave users the opportunity to turn off Gatekeeper, but few users ever did, so in 10.9, we're going to make it mandatory."
  • Reply 15 of 16
    Quote:
    Originally Posted by sunilraman View Post


    What are the downsides?... the Lion installer, which you can simply put onto an external drive.



    The lion installer doesn't have the DRM of other apps on the mac app store.



    The downsides to the mac app store are too numerous to list, but here are two more that I don't think have been mentioned:

    1. You can't sell an app.

    2. 3-5 year lifetime, after which Apple will stop supporting the DRM on your obsolete machine. Yes, I know this isn't explicitly stated, but neither has Apple committed to a period of support, so we fall back to history as a guide. Remember me.com? Core duo laptops? Core 2 duo macbooks after mountain lion?
  • Reply 16 of 16
    Quote:
    Originally Posted by davida View Post


    The downsides to the mac app store are too numerous to list, but here are two more that I don't think have been mentioned:

    1. You can't sell an app.



    I'm sorry, I think you're mistaken about the purpose of the Mac App Store.



    Quote:

    2. 3-5 year lifetime, after which Apple will stop supporting the DRM on your obsolete machine.



    Uh? you're joking, right?
Sign In or Register to comment.