Mac App Store sandbox-only rule coming in March

The way Mac App Store-bought software works is changing. From March 1st, all Mac apps submitted to the store will have to run in a sandbox mode. What this essentially means is that apps will only be able to interact with other data in a set of predefined ways. Want to control your iTunes? Nope. Want to use something other than Time Machine for backups? Forget it. What about apps with plugins? That doesn't look likely either.

One developer has helpfully posted the list of allowed interactions on his blog. Pauli Olavi Ojala explains: "If your app uses Apple Events or Mach ports, Apple may grant you a temporary license to keep doing so, if you can make your case convincingly."

The entitlements are:

Read-only access to the user’s Movies folder and iTunes movies
Read/write access to the user’s Movies folder and iTunes movies
Read-only access to the user’s Music folder
Read/write access to the user’s Music folder
Read-only access to the user’s Pictures folder
Read/write access to the user’s Pictures folder
Capture of movies and still images using the built-in camera, if available
Recording of audio using the built-in microphone, if available
Interaction with USB devices
Read/write access to the user’s Downloads folder
Read-only access to files the user has selected using an Open or Save dialog
Read/write access to files the user has selected using an Open or Save dialog
Child process inheritance of the parent’s sandbox
Outgoing network socket for connecting to other machines
Incoming network socket for listening for requests from other machines
Read/write access to contacts in the user’s address book
Read/write access to the user’s calendars
Use of the Core Location framework for determining the computer’s geographical location
Printing

Does this mean we can expect similar from Windows 8's app store? Microsoft's previous track record points to no, but there's always the possibility that Apple's new rule will catch on and become commonplace. Similar lockdown has been seen in the mobile industry, with the shift to Windows Phone 7 influenced by the success of iOS. Moving to a brand new system of Metro-style apps would be an ideal time to introduce this, but only time will tell.

Report a problem with article
Previous Story

Social media is more important than food

Next Story

HTC announces Rezound, loves to groove to beats

47 Comments

Commenting is disabled on this article.

Funny, Apple is finally realizing that Security is important and how the void of App isolation is a major problem that is getting to a problem point.

However, it is also strange that their approach is to just lock everything down beyond what is needed instead of having real security measures and policies.

I see they have looked at the WP7 platform, as some of these limitation mimic what Microsoft set out for WP7, but without real security behind these changes it is kind of like throwing a blanket over a fire and calling something fireproof.

There is a reason malware has a very limited potential of ever touching WP7, and it is more than just the App isolation model.

Hmmm, not so keen on some this.
Of course if App developers stop submitting their apps I can see this being loosened.

Why am I not shocked at fanboys defending every totalitarian move by Apple that enslaves everyone (in this case devs) even further into the platform and under a lock and key?

If you truly believe that Apple won't eventually completely prevent side loading apps from any other source other than their Mac App store.. you are either delusional or very very naive.

Boz said,
Why am I not shocked at fanboys defending every totalitarian move by Apple that enslaves everyone (in this case devs) even further into the platform and under a lock and key?

If you truly believe that Apple won't eventually completely prevent side loading apps from any other source other than their Mac App store.. you are either delusional or very very naive.

This, it would turn out to be a corporate suicide.
All OS X nerds would tell the OS X average joes to steer clear of the new OS that will lock them into a place, that locks out many of their old beloved applications and hence also would get many files and memories unreadable.

Apple is smarter than this.

Even if not, jailbreaking Macs would become a quasi-de-facto-standard if pushed enough by Mac magazines, social places/friends and the like.

GS:mac

virtorio said,
Ah Boz, I love how you constantly out-shadow any valid points you might have with by loading your posts full of crazy.

Haha, I have the same sentiment as you, however I don't think he has a valid point here.
See above.

But often enough I can agree to him, too bad he goes crazy with many posts, so I barely can 100% QFT him...

GS:mac

Surprised to see such a positive feedback here on Neowin, whilst some of us Macrumors users bash that move like hell...

I understand both sides, but really, Apple should not take this route in the highest gear as they try to.

GS:mac

Glassed Silver said,
Surprised to see such a positive feedback here on Neowin, whilst some of us Macrumors users bash that move like hell...

I understand both sides, but really, Apple should not take this route in the highest gear as they try to.

GS:mac

To put it in a real life scenario. In a police state there is no crime either but you have zero freedom and expression because you are told what to do. Apple is making their platform into 100% "police state" like platform on OSX.

Of course this is bad.. making an application for OSX that only works with a set of rules severely limits the creativity and possibilities of your app. This is not a phone. This is a computer that requires a lot more freedom on an OS level if you want to have some advanced applications.

As I already mentioned below, this is a clear sign that Apple is turning OSX into iOS. First Lion changes to look like iOS, then Mac App store, then rumors they will be killing Mac Pros, now the sandboxing. It's 100% clear what they are doing.

Not that I care really.. I am dumping all my Apple hardware now cause I switched back to the real computing platform Windows 7 and can't be happier. And the last reason why I had Apple equipment and building apps for iOS is gone now when the mobile development tools are mostly cross-platform and can compile into iOS too.

I feel sorry for Mac users.

I think sandboxing apps is a step in the right direction. If Apple handles this well, such as with handing out temporary licenses, then Mac users will benefit from the added security and stability.

"Does this mean we can expect similar from Windows 8's app store? "

There will be similar sandboxing restrictions, but then again the only apps you'll be able to actually buy ON the Windows app store are Metro style apps anyway - the rest of hte apps will just link people to websites. If you want to get an idea of how much sandboxing Microsoft will impose on your apps, go read the documentation. I'm sure you'll be able to make an article out of it

~Johnny said,
"Does this mean we can expect similar from Windows 8's app store? "

There will be similar sandboxing restrictions, but then again the only apps you'll be able to actually buy ON the Windows app store are Metro style apps anyway - the rest of hte apps will just link people to websites. If you want to get an idea of how much sandboxing Microsoft will impose on your apps, go read the documentation. I'm sure you'll be able to make an article out of it

The Windows App Store will have both Metro and regular apps. They've already stated this.

GreyWolf said,

The Windows App Store will have both Metro and regular apps. They've already stated this.

What they've actually stated is you'll only be able to buy METRO apps on the store. Other apps will be listed - but as links to their official websites where you can get them from. Which is what I said

I like. Protects the users even more, especially from badly written apps that may or may not cause system/program instability? I would assume thats another reason for this.

I don't own a mac computer (yet) but I do own Apple devices. There is much peace of mind that comes from being able to browse the appstore and grab /anything/ you fancy without worrying about it being malicious. If that comes witht he Mac AppStore too then that must make people more confident with their app purchases too.

Maybe I am wrong, but are you more or less likley to try an app from a developer you have heard nothing about if you know for sure its not going to risk anything but a few $.

RobHague said,
I like. Protects the users even more, especially from badly written apps that may or may not cause system/program instability? I would assume thats another reason for this.

Um, it will protect users a bit, but it does nothing for stability. Isolation models don't inherently create stability.

Enron said,
Does this rule apply to Apple's own software that they sell on the App Store?

psh of course not, Apple can do what every they want with their API's and everyone else is limited.... wait this sounds familiar..... *thinks* didn't we have an huge lawsuit aimed at MS for doing that? naaahhh that can't be it..... </s>

neufuse said,

psh of course not, Apple can do what every they want with their API's and everyone else is limited.... wait this sounds familiar..... *thinks* didn't we have an huge lawsuit aimed at MS for doing that? naaahhh that can't be it..... </s>

Almost... the case with microsoft was that the API was there for people to use, but the documentation for them was not released at the time. Its not like at the time they released every API anyway and held just a few hidden ones back either, they generally only released API when they shipped a new development tools. But with Windows having 2 year life cycle back then (before windows xp'ss tretch) people got annoyed that there were software updates with no API.
Most of it was from developers who didn't want to check the for calls but were more then too happy to monitor the system for what was being called, pretty much spying on what Microsoft's apps were doing.

They're going to have to create some broader "entitlements" otherwise the AppStore will become useless

Rudy said,
They're going to have to create some broader "entitlements" otherwise the AppStore will become useless
Send Apple feedback on the entitlements you'd like to see. Just curious: what other entitlements are you looking for?

Elliott said,
Send Apple feedback on the entitlements you'd like to see. Just curious: what other entitlements are you looking for?
Well for instance an app like Transmit cannot work properly without file system access (more than just a few folders in the home directory...). There should be more entitlements and some more risky entitlements should extend the review period Apple has (even though really there's no set time limit anyway)

Good point. Yea, there are definitely some extra things that could be added to this list, and there's a good chance Apple will add them when developers, especially ones with clout (like Panic), suggest them.

Rudy said,
Well for instance an app like Transmit cannot work properly without file system access (more than just a few folders in the home directory...). There should be more entitlements and some more risky entitlements should extend the review period Apple has (even though really there's no set time limit anyway)

Well, you supply credentials to Transit in order to connect to a remote server and access files. It may just be one more step, but you may just need to supply credentials to access local files. If the user trusts the application on the remote server, why not the local one too?

It's nice to have peace of mind when you're downloading apps from an official source.

Also, iTunes controllers will still exist. Apple Events/AppleScripting will still be allowed as long as the developer specifies which app they're sending events too. Umbrella support for Apple Events (for apps like TextExpander and FastScripts) probably won't be allowed, though.

Ouch, but on the plus side...hopefully more devs will start writing for other platforms.

EDIT: haha, thought this said OSX.

techbeck said,
Ouch, but on the plus side...hopefully more devs will start writing for other platforms.

What other platforms? Doubtful Windows or Linux will get anything out of this. I also fail to see what's so terribly wrong with this move...

techbeck said,
Ouch, but on the plus side...hopefully more devs will start writing for other platforms.
The App Store is not the only way to distribute apps for OS X. It didn't exist until a year ago and devs got along just fine without it. Plus, most apps will fall into the sandboxing rules just fine.

techbeck said,
Ouch, but on the plus side...hopefully more devs will start writing for other platforms.
EDIT: haha, thought this said OSX.

Really need to not comment after I just got up from a nap...haha.

I just dont agree with all the rules and how more restrictive things are becoming over at Apple. Thats all...and MO.

techbeck said,
I just dont agree with all the rules and how more restrictive things are becoming over at Apple. Thats all...and MO.

Regardless if this actually improves security for the end-user? Nice one.

Beyond that, nobody is forcing anyone to make use of the Mac App Store. Some people, not saying that's you, tend to forget that.

.Neo said,

Regardless if this actually improves security for the end-user? Nice one.

Beyond that, nobody is forcing anyone to make use of the Mac App Store.

If anyone wants to post a malicious App, they will find a way to circumvent any kind of security. Comes a time when people should be smarter on what they download.

techbeck said,

If anyone wants to post a malicious App, they will find a way to circumvent any kind of security. Comes a time when people should be smarter on what they download.

You are probably right in that just because they are doing this doesn't mean there won't be exploits that may lead to a malicious outcome.

However, it does add an extra layer of security which is a good thing. This extra layer will lower the chances of apps doing malicious things within the user's data (which is currently a gold mine on just about every desktop OS platform since there isn't much security in place there).

Shadrack said,

You are probably right in that just because they are doing this doesn't mean there won't be exploits that may lead to a malicious outcome.

However, it does add an extra layer of security which is a good thing. This extra layer will lower the chances of apps doing malicious things within the user's data (which is currently a gold mine on just about every desktop OS platform since there isn't much security in place there).

True, and is why new protections and updates come out all the time. So I agree with you there. I just think it needs to start with proper education first. Know what to look for and know what and what not to do.

I'm so glad I don't make any software for OSX....Now Apple will tell you what kind of apps you can make and how they will work. Gotta love the walled garden.

And no, I don't expect Microsoft to do this. There is absolutely no reason to expect anything like that, so I don't know why it's worth mentioning.

Boz said,
I'm so glad I don't make any software for OSX....Now Apple will tell you what kind of apps you can make and how they will work. Gotta love the walled garden.

Of course, that is not true. The Mac Store is by no means the only way of getting software for your mac.

Boz said,
I'm so glad I don't make any software for OSX....Now Apple will tell you what kind of apps you can make and how they will work. Gotta love the walled garden.

And no, I don't expect Microsoft to do this. There is absolutely no reason to expect anything like that, so I don't know why it's worth mentioning.

so if you don't make any software for OSX, and you have a crapload of mac hardware, why do you have apple products then (like you always claimed you had them for development and work purposes) hypocrite? just admit it, you love their ****.

and the mac app store isn't the only way to get osx software genius...

Boz said,
And no, I don't expect Microsoft to do this. There is absolutely no reason to expect anything like that, so I don't know why it's worth mentioning.
If Microsoft cares about security, they'll do something like this. It's smart to sandbox.

Elliott said,
If Microsoft cares about security, they'll do something like this. It's smart to sandbox.

Why? I have a virus scanner that works fine. Bad applications will get reported anyway.

De.Bug said,

Why? I have a virus scanner that works fine. Bad applications will get reported anyway.

Its not bad applications, it's at risk applications too. ie. an exploitable application not sandboxed can exploit your system.

Microsoft will take care of it.

De.Bug said,

Why? I have a virus scanner that works fine. Bad applications will get reported anyway.

Yes, Bad Apps will get reported, about 72 hours after countless people have dead computers

rajputwarrior said,
well that's a douche move...

No it's not.

Microsoft is doing the same thing in windows 8 for metro apps, although with a more modern framework. And only metro apps will be downloadable directly from the Windows Store.

There are too many malwares out there to continue to rely on the old approach to let apps do whatever mess they want on the system or on the user profile.

Does this mean we can expect similar from Windows 8's app store?

Where were you during BUILD? they already answered that question, and the answer is yes. Are you really a tech journalist?

link8506 said,
Where were you during BUILD? they already answered that question, and the answer is yes. Are you really a tech journalist?

No, he's not a tech journalist. He's a writer for Neowin.