Apple's March 2012 sandbox rule angers developers

Nov 05, 2011 by Nancy Owano weblog
Apple logo

Apple has finally issued its directive toward developers after a stalled November date. As of March 2012 Mac apps submitted to the Mac App store will have to abide by sandboxing requirements. While developers knew it was coming all along and accept the security benefits of sandboxing, angry comments this week indicate Apple may get a pile of complaints rather than Valentines from developers before March rolls around.

In addition to new apps, developers will have to change their existing Mac App Store apps to a sandbox rendering if they want to post an update. The rules will apply on apps offered through the Mac App Store.

For , the sandboxing edict is all about Mac security. “The vast majority of Mac users have been free from malware and we’re working on technologies to help keep it that way,” said Apple in its announcement.

Sandboxing refers to partitioning off an area whereby any resource operation deemed risky cannot be accessed. A sandbox is a restricted environment that bars access to unauthorized resources. Proponents say that sandboxing addresses the risk of malware; it is a sound way to protect systems. Limiting the resources that apps can access is a good thing, in the battle against malware.

Among the developer feedback this week were notes that developers working on simple apps are not likely to find the new rules painful but the rub might be felt by developers set to do work on a bigger scale. Some developers are bristling at the very thought of having to stifle their tendencies to think outside the “sandbox."

One of the comments posted is from developer Pauli Olavi Ojala, who says it's the extensible platform that makes it possible for third parties to create what other developers may never think of. Innovation can't happen, he says, in an environment where everyone is only doing what's expected.

Under Apple's upcoming sandboxing system, apps will be able to request "entitlements" to what they can access but Apple will then decide whether the requested entitlements are appropriate.

Surprisingly, numerous comments have been posted on Slashdot that think Apple's March edict is more sensible than draconian. "Common-sense security is being applied: No app should have permissions to do something it can't show good need for," was how one comment phrased it, and it reflects similar reactions, on how sandboxing is the right way to make computers more secure.

There were also stoic reactions on some sites, with acceptance that Apple is a force not to be reckoned with for any developer seeking a lucrative distribution path.

Which developer stance will resonate loudest come March is not yet clear. On one side, developers are confident that Apple is making a reasonable move out of security concerns and the move will not hinder them in the long run. On the other side is a stinging suspicion that Apple wants a sandbox environment so that Apple can exercise great control and lock down desktop content.

Almost as if technologist Tim Bray could see the future, he wrote this in 2008: "I don’t want to write code for a platform where there’s someone else who gets to decide whether I get to play and what I’m allowed to sell, and who can flip my you’re-out-of-business-switch any time it furthers their business goals."

Explore further: Messaging app seeks to bring voices back to phones

Related Stories

Apple to nix apps that tip off drunk drivers

Jun 09, 2011

(AP) -- After pressure from four U.S. senators, Apple Inc. has said it will start rejecting iPhone applications that tip drivers off about police checkpoints for drunken driving.

Apple’s App Store Downloads Top 1.5 Billion in First Year

Jul 14, 2009

Apple today announced that customers have downloaded more than 1.5 billion applications in just one year from its App Store, the largest applications store in the world. The App Store is also growing at an incredible pace ...

Adobe shares soar on Apple announcement

Sep 09, 2010

Adobe shares soared on Thursday after Apple appeared to open the door for programs converted from Adobe's popular Flash video software to run on the iPhone and other Apple devices. ...

Apple publishes guidelines for app approval

Sep 09, 2010

(AP) -- Apple Inc. gave software developers on Thursday the guidelines it uses to determine which programs can be sold in its App Store, yet it reserved for itself broad leeway in deciding what makes the ...

Apple removing risque iPhone apps: reports

Feb 21, 2010

Apple has begun removing risque iPhone and iPod Touch applications from its online App Store, including some which had previously been approved for sale, according to reports on Saturday.

Apple to open Mac App Store on January 6

Dec 16, 2010

Apple is planning a January 6 opening for an online shop stocked with software applications that add entertaining or functional features to the firm's Macintosh computers.

Recommended for you

Where's the app for an earthquake warning?

Sep 22, 2014

Among the many things the Bay Area learned from the recent shaker near Napa is that the University of California, Berkeley's earthquake warning system does indeed work for the handful of people who receive its messages, but ...

Hit 'Just Dance' game goes mobile Sept. 25

Sep 18, 2014

Smartphone lovers will get to show off moves almost anywhere with the Sept. 25 release of a free "Just Dance Now" game tuned for mobile Internet lifestyles.

Indie game developers sprouting at Tokyo Game Show

Sep 18, 2014

Nestled among the industry giants at the Tokyo Game Show Thursday are a growing number of small and independent games developers from Asia and Europe, all hoping they are sitting on the next Minecraft.

Review: Ambitious 'Destiny' lacks imagination

Sep 18, 2014

Midway through "Destiny," the new science fiction epic from "Halo" creators Bungie, a smug prince is musing on the hero's desire to visit a mysterious site on Mars.

User comments : 24

Adjust slider to filter visible comments by rank

Display comments: newest first

Vendicar_Decarian
1.9 / 5 (9) Nov 05, 2011
Oh Wow. Oh Wow. Oh Wow.
Roj
4.4 / 5 (7) Nov 05, 2011
I dont want to write code for a platform where ..someone else decides ..what Im allowed to sell
I don't wan't to use a phone that allows developers unsolicited logging of my activity, for sale to third parties.
Temple
5 / 5 (7) Nov 05, 2011
Note: This has nothing to do with iOS apps. It's a rule about getting an App on the Mac App Store, which is for desktop applications on the computer.

App sandboxing isn't a bad thing for consumers, and isn't really a bad thing for developers (no developer has to do it if they don't want).

App Sandboxing = Apps Doing only What they say they will do.

That's an inherently good thing. Apple has said that *if* you want to put your App on the Mac App Store, which is by no means necessary (unlike iOS devices), then you have to properly sandbox it.

IMPORTANT: You can have your sandboxed app do whatever you want it to do!

You just have to state at the outset what your app can do and you have to organize your code in a secure way, which prevents your app from doing what you didn't say it could do.

This is a good thing for users. Sure it's a bit of effort on the developers part (which is why Apple is phasing in this requirement slowly), but it's a much, much safer paradigm for users.
MorituriMax
1 / 5 (2) Nov 05, 2011
I dont want to write code for a platform where ..someone else decides ..what Im allowed to sell
I don't wan't to use a phone that allows developers unsolicited logging of my activity, for sale to third parties.


So don't use it.
Vendicar_Decarian
1 / 5 (4) Nov 05, 2011
"You can have your sandboxed app do whatever you want it to do!" - Temple

Pure ignorance.

Sandboxing exists in order to prevent apps doing things that the OS doesn't want them to do.

That is why Sandboxing was created.

TheEnd2
3 / 5 (4) Nov 05, 2011
I, as a user don't want you, as a developer, doing anything on my computer that my OS says you shouldn't be doing. Sandboxing will only give you the access you need to do what you say you need. If you try to do something you are not suppose to do... the OS should deny access! so the sandbox can do what ever you get permission to do.
Temple
5 / 5 (2) Nov 05, 2011
@Vendicar_Decarian:
"You can have your sandboxed app do whatever you want it to do!" - Temple

Pure ignorance.

Sandboxing exists in order to prevent apps doing things that the OS doesn't want them to do.

That is why Sandboxing was created.


There's ignorance afoot, but it's on your side. You can have your app do anything it wants (shy of masquerading as other signed apps), so long as you request the entitlement to do so. There are a set of common entitlements most apps will use, but if your application need access to the filesystem, or various hardware components, you can request those custom entitlements.

Once again, an app can do anything it could do outside of a sandbox, so long as the app developer identifies those actions ahead of time, and gets an entitlement from Apple.

Of course they could skip all that and just release their app via their own website, instead of having Apple vet and vouch for it.
Vendicar_Decarian
1 / 5 (7) Nov 05, 2011
"There's ignorance afoot, but it's on your side. You can have your app do anything it wants.." - TempleTard

In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites.[1]
The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

http://en.wikiped...ecurity)

In other words the sandbox prevents the application from doing whatever it wants in contradiction to your idiotic assertion that the application can do whatever it wants.

You have now publicly displayed your idiocy twice.
Vendicar_Decarian
1 / 5 (6) Nov 05, 2011
"Once again, an app can do anything it could do outside of a sandbox, so long as the app developer identifies those actions ahead of time, and gets an entitlement from Apple." - TempleTard

Ah... Now the story changes.

Developers might not like it that apple is creating an environment where they can flip a switch and invalidate every program in a class so that they can bring out their own version of something.

This is a real problem with a closed environment and a closed company like Apple.

It is all part of the megalomania that the Jobe brought that company.

hard2grep
1 / 5 (1) Nov 05, 2011
This is a good way to control hackers. Just simply own them.
TheEnd2
2.3 / 5 (4) Nov 05, 2011
WGAS what the developers want. If you don't like it, develop for windows or Linux. Personally, after the crap I've gone through in the past with viruses and crapware on windows... This is long overdue.
You have the choice to develop on what ever platform you choose, I have the choice to use what platform I choose. If apple wants to act as a filter to help keep the crap off it's platform then that's fine with me. That's one thing that apple has always understood, you can have the best fastest computer but if it's full of crap then the whole experience it trashed.
I have 5 macs in my house and 4-5 iOs devices and have yet to have to deal with a malicious piece of sw.
Vendicar_Decarian
2 / 5 (4) Nov 06, 2011
"I have 5 macs in my house and 4-5 iOs devices. - The End2

Wow, So you have been owned by Apple for a long time then.

Don't your neighbors laugh at you?

Now don't get me wrong.... I mean Apple computers have become fine machines since they became PC's. Apple iToys are very popular among those iRobots who tend to fall for iFads.

But who cares? They are just iToys.
Grallen
1 / 5 (1) Nov 06, 2011
Android has always done this. Well minus the pointless "you need our permission to ask the user for that permission".

Apple is just playing catch up. They have to.

I find it worrisome that they think that them reviewing whether or not they think a permission is justified will protect anyone.

If I wanted your phone book I would add a neat little feature that you can use text your friends! Wow isn't that great? Well since I have permission to access your contact list: I may as well send a copy of that back to the home server. While I'm at it why not your text history too?

The only thing that can protect you is you. Buyer Beware.
TheEnd2
1 / 5 (1) Nov 06, 2011
Wow, So you have been owned by Apple for a long time

After using and developing for Linux/*BSD for the better part of a decade I got sick of the politics in the developer communities. When I started having kids I took a look at what was out there. I ran FBSD for a while and although easier to maintain then Linux, it was still a PITA. The ports system is still the best repository system out there for servers. Since OSX is based on BSD I was drawn to from the beginning. I have been a happy user/developer since the first release. Your (VD) spew just shows the type of BS I am talking about.
sherriffwoody
1 / 5 (1) Nov 06, 2011

I have 5 macs in my house and 4-5 iOs devices and have yet to have to deal with a malicious piece of sw.


I have used windows 7 since its beta days and have also yet had to deal with malicious software. So whats your point. Apple products are by no means immune to it anymore, in fact are more vunerable to attacks if the coder so decides to attack an apple platform. One anti-virus company recently was reported saying MS os's are now more secure and proactive against malicious code where as they stated apple OS's were quite open and slow to react in comparison.
TheEnd2
1 / 5 (1) Nov 06, 2011
I have used windows 7 since its beta days and have also yet had to deal with malicious software. So whats your point. Apple products are by no means immune

No os is immune. It's a matter practicality. In ~10 years on Macs I have no infections. At work we get monthly emails warning of fishing attacks, viruses... We have a dedicated individual that is responsible for deling with viruses, crapware and the such. While windows is much better then it use to be. It still too much of a risk for me. Besides there is no compelling reason to use windows or Linux. They dont offer me anything. Also in this time I've found Apple designs and reliability much superior to a PCs. And when I need assistance, nobody beats apple for customer service, period!
Eikka
not rated yet Nov 06, 2011
Once again, an app can do anything it could do outside of a sandbox, so long as the app developer identifies those actions ahead of time, and gets an entitlement from Apple.


What if you were to write a program that uses plugins? Do you request for everything?


Of course they could skip all that and just release their app via their own website, instead of having Apple vet and vouch for it.


Which is like pitching your tent half a mile from the mall and hoping that the customers still come by.
Temple
not rated yet Nov 06, 2011
Eikka:
What if you were to write a program that uses plugins? Do you request for everything?


*If* those plugins need to access the filesystem or other areas, then you can either provide that access through the main application itself, or the plugins themselves would need to be sandboxed and/or have their entitlements accepted by Apple.

The whole idea of Sandboxing is to prevent malevolent code injection, even if it's malware in the form of a plugin (as you see a great deal of on other platforms). Yes, this added security adds an extra layer of 'vetting', but that's the price of a 'trusted' app.

Eikka:
Which is like pitching your tent half a mile from the mall and hoping that the customers still come by.


Hardly. The *vast* majority of all software is distributed via the internet. Unlike iOS, where it is the only means of installing software on the device, short of manually 'hacking' it, the Mac OS X desktop environment is wide open (as it should be).
sherriffwoody
not rated yet Nov 06, 2011
No os is immune. Also in this time I've found Apple designs and reliability much superior to a PCs. And when I need assistance, nobody beats apple for customer service, period!

Of course no OS is immune, but i disagree on a number of other points. In NZ apple is known for bad customer service and warrantee repairs. When it comes to reliability there is no difference these days for a few reasons. Apples are PC's as well, so you really should be saying mac vs win7 as the hardware is the same. I use macs and also have mac on a virtual machine on windows 7 and have the same amount of incidents with oSX as my asus running windows 7(which to be honest is virualy nothing). People who thinks apple device OS's are more stable and better are thinking about xp or vista days. Windows 8 is pretty impressive btw, linux seems to be going backwards, oSX seems pretty flat at the moment
TheEnd2
1 / 5 (1) Nov 06, 2011
sherriffwoody...


i can't speak to NZ but just search on[ JDPower apple] on your favorite search engine. They dominate the most of the areas they are listed in for consumer satisfaction and reliability.

A PC is most definitely not the same quality as a Mac! Apple designes all their boards, They don't buy off the shelf parts when possible. Much of their power supplies are also designed in house. The processors in the iPhone, iPod touch are also designed by Apple. They are similar architectures which is why you can run windows on a mac. Their designes are far superior to the average PC HW so no, I'm not comparing Macs to Windows (any version). There is no comparison with the OS's, Macs are far superior IMO.

So, tell me more about your OSX in a VM on Windows... I'm sure Apple would love to hear about this since it is strictly verboten by the OS!

Your post points do not stand up in the light of day!

TheEnd
Vendicar_Decarian
1 / 5 (2) Nov 07, 2011
"If I wanted your phone book I would add a neat little feature that you can use text your friends!" - Grallen

What this sandboxing feature is really for is to prevent applications from accessing system files. By preventing this, Apple prevents it's products from being Jail-Broken.

And that gives Apple absolute control over the products you purchase from them.

Consumer Freedom = 0 is the goal of all Corporations. Particularly Apple.
Vendicar_Decarian
1 / 5 (2) Nov 07, 2011
"A PC is most definitely not the same quality as a Mac! Apple designes all their boards, They don't buy off the shelf parts when possible." - TheEnd2

iPhone Antenna Problem.
iPhone 4s power Suckage problem.
GreenLiquid leakage problem on Mac G5 PowerMac.
Failing Capacitors on eMacs
Burn speed failures on Mac Superdrives.

General failure of AppleCare to provide timely service.

Etc. Etc. Etc.

Ya. Dell also designs it's own motherborads, and they are also pieces of crap as well.

They do things like imbedding ID chips in the power supply so that if an electrically compatible supply is used and the ID isn't right or non-existent then the Computer will purposely turn off the battery charging circuitry.

Of course, this is done - to serve you better.

The principle problem with Apple of course is that if you purchase one, you have joined the discontinued, poorly supported product of the week club.

Vendicar_Decarian
1 / 5 (2) Nov 07, 2011
What it really comes down to is that if you are a supporter of Corporate Fascism then buy an Apple Product.
sherriffwoody
not rated yet Nov 07, 2011
So, tell me more about your OSX in a VM on Windows... I'm sure Apple would love to hear about this since it is strictly verboten by the OS!

So tell me about the last time you speed on the road or ran a stop sign, I'm sure the police would love to hear about it, Irrelevant. Back to the conversation at hand, I know people with laptops manufactured or designed by apple that have had 3, 4 warrantee claims within 18 months. And have read about the service these apple owners recieve when they try to claim - They do get it in most cases but have to fight for the right. If my laptop, PC or tablet broke down 3 to 4 times within 18 months, I'd be asking for my money back and avoid the brand for some time. I admit apple are superior in one area - marketing - but that will change with no jobbie. If you can present me with modern, non biased, fair and even statistics pointing to macs being more reliable than all other brand pcs I'll eat my words. To me, Apple reminds me of communism