Weekly Poll: Is Mandatory Sandboxing a Good Thing?

As of 1 March, 2012, all new apps/updates submitted to the Mac App Store will be forced to implement a security feature called sandboxing. In brief, sandboxing limits the scope of each application by restricting how much of your system that app has access to. Developers will have to go through Apple and request specific entitlements in order to receive permission to stretch the limits a little further and give their apps access to certain information.

The benefit here is obvious, your system will be much safer given the restricted access that apps will have. The downside though is a big one for seasoned Mac users and developers of particularly powerful utilities as this restriction has serious potential to limit features. As Techworld.com reports, Alfred’s developers have hesitated to submit the Alfred Powerpack to the Mac App Store for this very reason.

Back in June, I wrote and published an article titled“1984 and the Future of Mac Software” containing a fairly gloomy outlook on the future of the Mac should it continue down its current road towards heavier developer regulation. It seems fairly obvious that Apple wants control over every aspect of what does and doesn’t make its way onto your Mac. That’s not inherently a bad thing though, iOS serves as a great example of a successful system (that users love) which happens to be very tightly controlled by Apple.

Ultimately, whether or not sandboxing is a good thing is completely up to you. We want to hear what you think. Vote in the poll above and leave a comment explaining your answer.

Hat tip to SmileyKeith for submitting this poll idea via Twitter. Shoot us a tweet at @MacAppStorm with the hashtag “#appstormpoll” if you have a poll idea you’d like to see published.


Add Yours
  • From a user standpoint its excellent as you know your system is going to be safer from probably the biggest vulnerability to Macs and thats bugs and exploits in the software.

    From a developers standpoint well its one less and increasingly popular revenue stream so I can see there dilemma from there view.

    But its not like Alfred, Carbon copy Cloner and others that won’t be able to implement the sandboxing level required will be unavailable or made obsolete by this move they just won’t have a place on the MAS.

  • I can also see it being a good and a bad thing. I can see why Apple are doing it and it will stop people from being able to install anything dangerous on their Mac via the App Store. That said, as a developer, it’s obviously going to be limiting. I know you can still install via the web but the App Store is a very good platform for getting your app noticed. Apple’s terms also prohibit you from advertising alternative versions of your application in the App Store versions. So for example, Alfred can make no mention of the Powerpack in the Mac App Store version of the software. So it’s quite firmly shutting the door on a good revenue stream for a lot of developers.

    If Apple are going down this route, I’d much see them implement something like a “App Store Certifed Developer” or similar. A qualification that developers can apply for (and perhaps pay for) that allows them to submit un-sandboxed applications to the App Store. Apple could vet these developers and perhaps their applications. Developers who are producing serious applications to make a living & take a lot of care, would be able to prove they produce decent code and move on unrestricted. That guy who’s learning to program and has accidentally created an application that in certain situations causes your Mac to explode, won’t get past the first hurdle.

  • This is no surprise, and it shouldn’t be to anyone. It happens everytime one of these “big box” variations of internet hub stores pops up.

    On one side, its about a operation protecting its customer base from second and third party retailers (developers) being inresponsible, which is something that Amazon has consistently failed at in its nearly total retroactive approach to problem solving. Of course the model is different when products are delivered electronically, as the risks are higher.

    But much as it might seem nice that Apple is attempting to be more proactive, they are also responsible for auto-delivering… and directly installing… software purchased through their big box. That was a foolish choice, for it makes them directly responsible for putting something foul into someone’s computer. Hence they now have to be more invasive as well on the wholesaler side.

    As said, it was inevitable, and I shake my head at anyone who didn’t see this coming. It was so obvious. Not only is the AppStore killing off all the “mom and pop” stores on the internet, they are not attempting to dictate what and how those operations can produce products.

    Software should be sold and delivered as an installable package that can also easily be backed up for reuse / re-installation without having to depend on some drive cloner like TimeMachine… which inevitable fails or corrupts for so many people that Apple has given up trying to address it.

    Its Apple takes its fingers out of our machines, and out of that of the developers, and becomes a pure retailer, selling products with the warning that the manufacturer is ultimately responsible (though they will assist in all ways with customer satisfaction and corrections) then they wouldn’t have to burn so much time and piss off so many people. If they think forcing developers to submit to a screening process this like this is going to save them time and money, they are sadly deluded.

    • ADDITIONAL… Computers don’t and won’t “explode” based on installing some commercial package of software, and that’s not even what Apple is doing this new step for. So let’s skip that particular metaphor.

  • I’m not about to turn over system admin rights to Apple. I quite capable of deciding what I do on my own computer.

    I’m ready to abandon the Mac App Store. There’s already too much control over apps in the store anyway. The only benefit I see to the store is visibility. Why not start an app store that will give people the freedom to use whatever software they want? Oh wait…. http://www.macupdate.com. ….but make that into a friendlier environment, one that can track and install updates easily! oh wait, http://appbodega.com/

    The Mac App Store will probably take over eventually (if Apple doesn’t cripple the apps too much), but until the killer apps are in the App Store only, I’m staying far away. I thought it was cool that Apple was making Mac software easier to find and use, but it looks like they are just exercising more strict control.

    It makes sense business-wise: Force users to be safe and you won’t spend so much time and money supporting users who have other developer’s bugs causing problems. …but I don’t work for Apple. I want my own system to have more capability. I don’t want to give up my power for Apple’s profits.

    • Thanks for those links, Lynque, as I didn’t know about the second one. I’m not crazy about the way macupdate does certain things, but at least I’m the one who decides when and where I put in the products I buy… and can always store the product BEFORE putting it in my system.

  • Apple wil not avoid malware by adding sandboxing. When you download illegal stuff you’ll always run the risk to have an infected computer. App Store is not going to change that.

    After years of being Apple fan, my fate is decreasing. What will pro users need to do?
    No Final Cut, Xserve, … rumors of Mac Pro, Logic, …

  • The thing that gets me about sandboxing and the rules implied by Apple is that it looks like an “iOS-ification” of Mac OS X. Frankly I have a phone and a computer. I don’t want to use my computer as a phone. I want a computer to be a computer, that’s why I bought one. (And a phone to be a phone) I might be a truck though.