Nov 03

So Apple finally announced that all App Store Apps must implement a technology called Sandboxing starting from March 2012. Sandboxing is a technology which forces Apps to run in a box with a lot of restrictions. It’s a bit like on iOS where every App only has access to its own data. Apple claims it’s for security reasons…

So what? This means the App Store will be even more crippled than it currently is. Many Apps which are currently in the Store will cease to exist.

Here a few types of applications that won’t be allowed to the App Store anymore:

  • Nearly every App which controls another App in any way. (so many little helper Apps will just be dead)
  • Apps which help disabled people, e.g. screenreaders or tools that help with typing or mouse movements
  • Apps that need to access files on the whole disk may eventually be forbidden too. (e.g. syncing or backup utilities)
  • All Apps which use the Accessibility API
  • All Apps which rely on Event Taps
  • Apps that control specialized external devices
  • Apps which listen to the Apple Remote Control (at least in the current implementation of the Sandbox)
  • In many cases developers who want to keep their Apps in the App Store will need to cripple them and implement a really bad user experience.
  • many more…

This means, BetterSnapTool won’t be allowed in the App Store anymore starting from March 2012. But don’t worry, I’ll continue releasing updates for all existing customers here if Apple really enforces Sandboxing.
I’ve been working on a new version of SecondBar, unfortunately this won’t be allowed either.

Also in my opinion Sandboxing causes a big security problem. If developers won’t be able to release security /bugfix updates for their existing applications anymore, all remaining bugs will stay there forever without any possibility to contact existing customers and warn them.

Sure you may say “ok, so distribute not over the App Store”. But this will become more and more complicated because most users like the App Store and Apple invests in marketing the App Store as “the only secure way to obtain software”. Also new technologies like iCloud are only allowed to be used for App Store apps.

Many, many developers don’t want Sandboxing and I hope Apple will listen to them and at least make it an optional technology.
Some people think Apple will enforce Sandboxing for all applications with the next major Mac OS X update. I doubt this very much, but if they do this it will be my last day on Mac OS. (this would kill BTT, too)

 

 

 

 

written by Andreas Hegenberg

One Ping to “Sandboxing in the Mac App Store”

  1. BetterSnapTool » BetterTouchTool, BetterSnapTool & SecondBar Says:

    [...] I may have to remove BetterSnapTool from the Mac App Store because Apple is going to introduce a new technology called “Sandboxing”, which was announced to become mandatory for Mac App Store apps starting in March 2012. Unfortunately this new technology is very restrictive and apps like BetterSnapTool can’t work with it. More on this topic here [...]


30 Responses to “Sandboxing in the Mac App Store”

  1. 1. Tobias Says:

    When you will leave OSX, please rewrite BTT for Linux. Then I might switch as well. :)
    Really, if there was as nice a hardware as the Macbook Pro running Linux properly with all bells and wistles, I’d wave goodbye to OSX.

  2. 2. Cheeku Jee Says:

    I also highly doubt that they will enforce sandboxing for all applications on mac. if they did, it would make os x pretty annoying and many people will switch to linux/windows. but it sucks that they are doing this for the app store.

  3. 3. Pooria Says:

    “”Many, many developers don’t want Sandboxing…””

    What about all those stupid, non-technical users (the 99%!) – What do they want?

    (don’t get me wrong, I’m a developer myself and have written a few dead useful SIMBL plugins that ‘mess’ with system applications and add missing features to them, and I can’t imagine browsing safari without my customized gestures for ‘open in new tab’, ‘next/prev tab’ and ‘close tab’.)

  4. 4. Andreas Hegenberg Says:

    @Pooria, I think even the non-technical users will be annoyed if their perfectly secure apps are not available via the App Store anymore or will be crippled in functionality.
    This will force users to download unsigned, non-sandboxed apps which haven’t been approved by Apple. (Like before the App Store existed)
    I think it would be much more secure if it would be possible to have every kind of App in the Store, given Apples strict approvement process this would definitely be more secure than force users to download those apps from somewhere else.
    Also by disallowing to use new techniques like iCloud outside of the App Store, Apple generates a two class system, which is imho really bad.

    (And there are many many non-technical users who want utilities which won’t be allowed in the store anymore)

    Sandboxing in general isn’t a bad idea but there have to be entitlements which allow apps to do everything they could do before. There is a lot of inconsistency with the available entitlements.
    E.g. currently there are (at least temporary) entitlements, which allow an App to access all files on disk but no entitlements which would allow an App to control other Apps (and many other things)

    I don’t think this will really increase security. I’m even able to write a sandboxed keylogger atm. (Which may be a bug, but bugs in the sandbox will always exist)

    So writing malware is still possible with sandboxed Apps. Apple says sandboxing will eliminate some attack vectors. That’s true, but I’m unaware of any mac-malware, which has used such attack vectors yet. Apps which need admin privileges have never been allowed in the App Store.

    I think the only thing users will notice is missing apps from the App Store or lost functionality.

    Here is a very nice writeup on sandboxing: http://blog.wilshipley.com/2011/11/real-security-in-mac-os-x-requires.html

  5. 5. Pooria Says:

    Yes, I too think that sandboxing in general is a great idea, but the current implementation is half-baked. There should be more entitlements…

    And thanks for the great link.

  6. 6. Jordan Says:

    I say to hell with the App Store anyway. Works for the iPhone but I’ve never understood it on the desktop.

    If you keep publishing outside the crApp Store you’ll keep me as a happy user and donator.

  7. 7. Andreas Hegenberg Says:

    @Jordan, I don’t think the App Store is bad. It actually is very nice for selling Apps because it does a lot of marketing work for you. (And I hate marketing work ;-))

    But this is only true as long as it allows a wide variety of apps and not only the ones Apple wants to see.

    Sure there are many things that could be better in the App Store (e.g. we should be able to release updates faster) but in general the concept is nice.

  8. 8. Greg Says:

    Hey Mate,

    Love your products. They helped me out so much when Lion came out especially, I upgraded both my MACBOOK PRO and use your tools on my MaC Mini Server as well, but I have a couple of old 10.4.11 Mac minis as well. I know you can’t support both formats, just wondering if you might have had an old version lying around. PS I liked your stuff so much not only did I buy it on the App store (the one that is there any ways) when I downloaded the other from your site I did make sure to put in a donation. So GREAT job no mater what the answer. Regards, Greg

  9. 9. jon Chui Says:

    As a fellow iOS dev i understand your pain. ;)

    As a daily user of your BetterTouchTool that sucks!!! But I did read in the email from Apple that a few apps will be given exceptions – and that you have to contact apple directly.

    You should do it! To back up your case, start a petition and get your users to sign it! I’ll be the first!

    let me know if you need any help with that or links to the email

  10. 10. Andreas Hegenberg Says:

    @jon they just worded it like this because it sounds better. In reality they meant you can ask Apple to give you entitlements from a very limited set of available entitlements. If you want s.th. that is not covered by these few entitlements you are fucked.

    Sure it’s possible to file a bugreport and request new entitlements but they won’t listen. (Especially entitlements for APIs like the Accessibility API won’t be given)

    I think if Apple really enforces sandboxing it will really hurt the Mac App Store and the whole Mac environment. I hope developers won’t cripple their apps just in order to be able to sell them via the App Store. If devs don’t cripple their apps there will be less apps to sell in the store and Apple will generate less revenue from the App Store… maybe this will make them rethink their decisions.

  11. 11. Dan Popplewell Says:

    I hope they let you stay in the App Store! Good luck.

    :)

  12. 12. Jack Says:

    I agree with you 100%. I converted to Mac about 18 months ago.

    When I switched, it was utilities like BTT and Witch which allowed me to bring the mac’s functionality back to that of Windows 7 which I was used to before that. The lack of these utilities would be a huge loss for OSX.

    It would be a shame if they did that, but if they do, I think I too will be joining you to switch to another OS.

  13. 13. Jon MacKinnon Says:

    Could you move the app into Bodega? (http://appbodega.com/)

  14. 14. Zac Says:

    Apple would be nuts to require all applications to be sandboxed. All popular software would leave apple which would lead to EPIC FAIL.

  15. 15. JimD Says:

    If Apple are doing this because of the exploit that idiot published in the iphone app store I believe it’s the wrong response. The problem with sandboxing is that it will force the users to start buying apps elsewhere. Eventually, some destructive lunatic will develop a virus or an exploit and do damage. Apple will still be damaged whether the app is from an Apple store or not. The user community will start thinking that Apple is becoming vulnerable just like Microsoft.

    In my opinion they need to strengthen the App store. I don’t mean writing more exotic code to detect problems. What I’m referring to is taking steps to make sure that they have a real identity and location for everyone that submits an app. The whole code audit function has obvious limitations. It’s not going to catch a really devious exploit. It would just take too long.

    If Apple opened the issue to the developer community and asked for help designing and implementing a system that would enable them to catch and prosecute a criminal it would be a very big step forward. If every attempt at exploitation was prosecuted to the maximum possible it would cut down on the quantity.

    The problem with the sandbox approach is that it just presents a challenge to devious criminals. One or more of them will eventually find a way around it. There hasn’t been a ‘lock’ designed anywhere that hasn’t been broken by someone.

  16. 16. brah Says:

    calm the fuck down u fucking fags. this is a good thing,

    having peace of mind and security is more important

    apps shouldn’t access my data, it should only access it’s own data.

    and u can still get the 1 or 2 apps that you need for windows manipulation direct from dev website if absolutely needed anyway.

  17. 17. brah Says:

    average user does not want to worry about if a program is doing something it shouldnt be being the scenes.

    and average users do not want to run little snitch either.

    by average users, this includes power users and enthusiast.

    u fuckers are all nubs

  18. 18. brah Says:

    average user does not want to worry about if a program is doing something it shouldnt be being the scenes.

    and average users do not want to run little snitch either.
    ..

    by average users, this includes power users and enthusiast.

    u fuckers are all nubs

  19. 19. Entegy Says:

    Methinks brah doesn’t understand how the MAS works. Apps are already vetted by Apple, so it’s not like they’re just downloading willy-nilly.

    The MAS is about to become really restrictive and most of my purchases there (such as BetterSnapTool!) have been utilities. Apple seems to really want nothing but the brain-dead using their products.

  20. 20. Jackson Says:

    Hey there, long time user of your apps, and follower on the blog. I’ve donated and bought the appstore version of bettersnap. I tried talking you into accepting donations years ago ;)

    I agree that sandboxing sucks, particularly since Apple has to decide who is _allowed_ to do what (you just know there will be exceptions, but somehow I doubt everyone will be on the same level playing field). Plus it doesn’t address the big picture unless it’s enforced on EVERY app in the OS. In order to do that, they’d have to force all apps to go through the app store for Mac OS… and in my opinion, that would DESTRORY Mac as a computing platform, and would likely relegate it to an entertainment/consumption device. If I couldn’t run my open source applications, my own locally developed apps, or the gobs of little tools and utilities that use Accessibility API, undocumented interfaces, etc…

    I’ve said this for years, and I sincerely hope it never comes down to it, but if Apple enforces their draconian iOS rules on the Mac platform, I’ll drop it like yesterday’s news. Of course I’ll probably change careers too, because I can’t imagine another platform I’d enjoy working on as much. I’ve been using Macs since the 80’s, professionally from the mid-90’s forward, and as much as I love Linux (and all the open source communities) no platform has given me as much freedom and enjoyment as OS X has. I loved Mac OS 6-9 (and used earlier versions), but OS X really, really made a HUGE jump. Having access to my favorite open source software, as well as best of bread commercial, closed source software, has been a dream come true. If that all comes to an end, I’ll be very, very sad. Of course I could jailbreak my desktop, but do I really want to worry about breaking the DMCA just to “use” my own computer? I really, really hope it doesn’t come down to that.

    Meh. Good luck with your battle. (I’m pretty sure we’re on the same side)

  21. 21. Jackson Says:

    One more thought on the topic:

    I fear that Apple will force this on users like a trojan horse, by saying “click here to get the latest iCloud and iSecure” features. (And in tiny print it will say that you’re only allowed to get apps from the app store).

    OR they”ll publicly draw a line in the sand and say “if you want to play in our environment (i.e., the app store and iCloud and what-not) then your Mac will only be allowed to run “secure” software, and only from the app store).

    They won’t force everyone to use the app store, but they’ll make their latest and greatest features force you to make that choice (and it will be a no-brainer to most people).

  22. 22. Jackson Says:

    Of course all of the things I suggest “could” help users in the longterm, if all of Apple’s efforts were executed flawlessly, and developers and users all happily ran towards the app store. But ultimately I think the temptation is too great for Apple to not want to lock the Mac platform down to their App store. Imagine the temptation of getting 30% of all revenue, from every app sold on their entire platform: all their laptops, desktops, etc… Obviously there are way more iOS devices than Macs, so for them to keep pouring resources into maintaining the Mac platform, I think they really want the extra revenue.

    Sorry for rambling…

  23. 23. Malih Says:

    Well, if it’s true that Apple will release a version of Mac OS with forced sandboxing, I’m regretting my decision to upgrade my old 2008 Macbook to my current 2011 Macbook already, should’ve bought an ASUS Ultrabook instead (?).

  24. 24. SixDays Says:

    Either Apple make it possible for developers to submit their apps with an option of not getting into sandboxed mode, or they will simply loose a lot of useful ‘little’ apps.

    My guess is that most productive tools borderlines what is ok and what is not. And sure sandboxing is great, but it does not suite everyone and everything.

    One application I was thinking about is ClamAV which is an open source antivirus application available for OSX at the Mac App Store. Can’t see that it or any other antivirus software would do with being sandboxed?

  25. 25. Robin Says:

    One more bad story around the MAS. I’m a very frustrated customer of a lot of apps who I got over bundles or other ways for a good price in the past and I bought for the usefully apps always the upgrade.

    But now a lot of these developers decide to switch to the MAS only, like 1Password from agileweb. Old customers got a not acceptable support around upgrading their bought software, because Apple didn’t allow to transfer old licenses / users to the MAS.

    Apple ignore that there are developers around the globe who programming and selling, before the MAS starting and now the thing with the Sandbox, who is simply a bad joke.

    Oh and I’m sure that Apple will quickly start to block software developing under 10.7 (Lion). Don’t let run and “old” System, but if you do it, die with your old buggy software :-X. 10.7 is a wonderful system who can deliver you some more new problems and kill some amazing 10.6.X features.

    I only can send out a wish that more developers would be like you and decide, to jump out of the MAS to show Apple, that a Mac OS is not an iOS.

  26. 26. walmartSavant Says:

    I have never downloaded anything from the App Store and never will if I possible can avoid it. I’ve been running one or more MacOSX boxes (I think I have purchased 5 MacOSX desktops and laptops in all to date) continuously since 2000. The App Store application marked the end of my honeymoon with Apple. Will be giving very serious thought to a box built for Linux next time around whether Apple gets its head out of its ass or not at this point.

  27. 27. Jacqueline Says:

    I’m one of those “stupid non-technical users” and I understand whats going on. I’m NOT happy about the whole issue of apps not working the way they were intended. In fact some of my apps already dont work they way they used to anymore due to this limitation. If Apple is doing this for security reasons they need to make it like the firewall. Give developers approved uses, then make it so the user has to allow them on their computer as well. I’d rather take my chances with malware. In fact the only one I’m aware of is the one with flash (and flash sucks anyway).

  28. 28. Macman Says:

    Apple has also killed Frontrow and any plugin developed for this, so the Apple remote is pretty much useless for most Apple products unless you buy a slow and crippled AppleTv.
    On all new machines they have literaly told people that they have been writing with the wrong hand all thier lives, and revesed the mouse scroll. You’ve goto have a pretty big head to pull than one off. Hidden all the scrollbar and botom information bar. Hidden all the description text under numerous icons in mail, confusing old users and making their mail harder to use for new users. Hiddden the one folder where you can delete things to fix a brocken app (library in home user folder).
    They dont provide any sort of decent manual for a new machine… Filled shopping centers with children called genuises , if thier genuises then I AM EINSTEIN!!
    Just yesterday i had an iPad customer that was given some bull by an Apple store child to buy Pages to open and edit Word, Powerpoint and excel documents. He got so frustrated when they did not even open up that he purchased a Pc laptop.
    Just proving that being the top dog also makes you God Damed Stupid!!! Any more of this and i will be moving to Linux.

  29. 29. Macman Says:

    P.s.
    For years people have been using Little Snitch to block what apps send or receive from the internet but Apple does not want you to use this App or thier game of secretly spying on you is up too and creating a global communist state. Dont stifle progress with red tape Apple firewalling is the democratic way to go.

  30. 30. Shopping Butik Says:

    Hi our kids new member! I need to say that this particular blog post can be awesome, awesome published and come by using about crucial infos. I have to see much more threads in this way .

Leave a Reply

i3Theme sponsored by Top 10 Web Hosting, Hosting in Colombia and Bluehost