Apple To Require Sandboxing For Mac App Store Apps

mario_grgic writes "And so it begins: Apple will require that all Mac apps submitted to the Mac App store stick to strict sandboxing requirements. This means you must ask Apple for read or read/write entitlements for additional folders outside your Application Support folder before your app is approved. There are also restrictions on direct hardware access, communication to processes your app did not start, or even something simple as taking a screenshot. All that is needed after this to turn your Mac into an appliance is to only allow app installations from App Store."

Apple is a business

[linumax]

And they're here to make money. There seems to be a large market for people who want pretty appliances with certain "limitations" that work painlessly. Limitations is in quotes because it's a limit to myself and many on Slashdot, but not to most casual users.

Re:Problem?

[tripleevenfall]

As much as people like we /. denizens will gripe about this, for the average user it's a good solution. Disable by default the installation of unapproved apps. Allow users to opt out of that feature if they so choose.

For most users, who will never figure out how to enable non-market apps, or will have no desire to anyway, this makes their PC much more secure. For "power users", it's trivial enough to live in the old world.

Re:Cue Apple fans saying "That could NEVER happen"

[dgatwood]

The only difference now is that Apple is defining a sandbox profile for normal applications and forcing developers to use it if they want their application in the App Store. It is not a whitelist of applications, it's just a default security policy that applications must work with. This is like Microsoft requiring applications to work as non-Administrator users for the Designed For... certification, or a Linux distribution rejecting suid root apps from the default repository.

Well, it's more like a range of default security policies tailored to the application, but yes. Apple has created a series of multiple high-level sandbox profile options that your app can choose from, depending on what it needs to do. If you are selling your apps on the Mac App Store, Apple vets those options to ensure that they make sense based on what your application does. If you aren't selling your app on the Mac App Store, this does not affect you at all, though you are strongly encouraged to sandbox your app because doing so makes the platform more robust against viruses, etc. At that point, the onus is on you to make sure that the options you choose are sane.

The big thing that makes the 10.7 App Sandbox different from the prior incarnations is the addition of PowerBox. By moving the open and save dialogs into a separate (system-provided) application that has the ability to add entitlements (capabilities) to your application's sandbox on the fly, it means that your app can access the files that the user specifies, and nothing else (outside of your app's personal scratch space). This is a significant win for security, as it puts the user directly in charge of what files an application can access.

I could go on for a while about privilege separation and techniques for making your app more secure, but that's a bit out of scope for this discussion forum. Go read App Sandbox Design Guide [apple.com] if you want more details.

Also, according to MacWorld, the original deadline was November (Source: MacWorld [macworld.com]). The news is that Apple pushed the deadline out by four months, not that Apple is going to require sandboxing. That story is so out of date that when I first heard it, I fell off my dinosaur.