Sandboxing: What You Need To Know

With Apple’s self-imposed sandboxing guideline coming up on June 1st, developers have already started tweaking their applications to conform to Apple’s new guidelines. But what exactly is sandboxing and how will these changes affect apps in the Store?

Read on for our complete guide.

What Is Sandboxing?

Sandboxing is basically a term for restrictions implied on applications to stop them accessing certain system resources or functions. If it is enabled on an application, then the program cannot access certain features such as the ability to print or read and write from the file system (such as opening and saving documents).

App Store Sandbox

Sandboxing is a generic term for restricting applications accessing certain system resources.

This would obviously be an extreme case as most applications need the ability to read and write from the file system (for example, in accessing files necessary for the program’s running). Currently, there are no strict limitations in OS X on what system resources applications designed for the operating system can access, however Apple is looking to change this from June 1st by imposing tighter controls on what can be accessed by Mac applications.

The new guidelines will give developers the possibility to enable Apple-supplied entitlements that allow access to certain system resources, such as printing, network features and reading and writing from the filesystem.

Sandboxing Deadline

Apple has imposed a deadline of June 1st for all developers to submit their new "sandboxed" applications to the App Store

Why Are Apple Doing It?

Although this may be read by some as more stringent laws and regulations imposed by Apple, sandboxing does actually have its benefits. Programs firstly make specific use of the resources that are made available to it, meaning a more optimised running environment. Another advantage is error reporting. If a program crashes, then the OS X operating system can better isolate the problematic behaviour, seeing as it knows exactly what caused the crash (say, by accessing a certain resource) and for better security measures, block the program from modifying or accessing data in unauthorised ways.

The guidelines, which were originally planned to be implemented for March 1st, may have something to do with the upcoming Mountain Lion release, which is much more focused on security than previous releases (OS X has been criticised recently for its security, with some sources calling it “10 years behind Windows). The new upcoming Gatekeeper feature, a main feature of OS X 10.8, is designed to stop your Mac getting spyware and prevents the installation of malicious software from third-party sources.

gatekeeper

Gatekeeper, a feature present in the upcoming Mountain Lion release, is designed to boost the security of your Mac

What Is Going To Happen With My Apps?

It must be noted that these sandboxing guidelines only apply to any new applications submitted for distribution on the Mac App Store (this includes updates as well). Apple does not require applications to be sandboxed to run on OS X and therefore any applications that are distributed through the developers website are not subject to these changes.

There may be a problem here, though, as non-sandboxed applications that are distributed through the App Store may no longer be supported (as they do not conform to the guidelines) so for updates, you may have to turn to the developer’s own website in order to download future builds, instead of relying on the automatic update feature on the App Store.

Most of the changes that are implemented are likely to be behind-the-scenes, meaning that you will notice no visible change in the design and running of your favourite OS X application.

Do I Need To Do Anything?

Simple answer: no! Although these new guidelines are a bit of inconvenience for developers (seeing as they have to modify their programs to conform with them), it’s ultimately the end user that will benefit. If you’ve purchased apps from the Store, you can expect updates for them being pushed through in the next week or so, so keep checking back to make sure you’ve got the latest version.

Share Your Thoughts!

As always here at Mac AppStorm, we’d love to hear your thoughts and comments on this matter. Do you agree with the new sandboxing guidelines and do you think that they will help improve OS X security? Or is it more regulation imposed by Apple without much effect? Share your opinions in the comments section below!


  • George

    Why Are Apple Doing It? Shouldn’t it be Why IS Apple Doing It

  • Remon Pel

    I don’t this this is that big a problem. Apple are doing this to make the (osx) environment safer;
    If you choose to allow installations only from the app store for say, your grandmother, you will NOT have to worry about the machine; all she can install is safe. You don’t have to visit every week to remove virus xyz or malware cba. It’s CONVENIENT.
    And again, for your own computer; you can CHOOSE to allow all software sources, or choose on a per-install-basis.
    It gives you more security and total control over it. Windows should have had this 10 years ago. The virus/malware scene would be much much smaller if they (microsoft) had.

    • http://sethrattan.com Seth

      Making users administrators by default all the way through Windows XP was only the smaller half of Microsoft’s security/design blunder. The larger problem was that everyday-users-as-administrators unintentionally taught developers to write software that expected administrator level privileges — software that would break without those privileges.

      When Microsoft added semi-sensible, quasi-unix-like user privileges with User Account Controls in Windows Vista, users cried bloody murder because all of that poorly written XP software broke. It took what was essentially a re-release of the same operating system core (Windows 7) to fix the lazy mentality that “User Account Controls are stupid and annoying.”

    • http://sethrattan.com Seth

      As it relates to your comment, Gatekeeper, with its immediately available off switch for those who know what they’re doing and its happy lack of interrupting dialog boxes, is a better way to take users across the same bridge.

  • Pingback: This Week in App News | My Using App

  • Pingback: This Week in App News

theatre-aglow
theatre-aglow
theatre-aglow
theatre-aglow