It’s June 1st, and that means Apple’s deadline for when Mac developers need to have their apps sandboxed has come to pass. After months and months of extending the deadline to iron out technical details, all apps submitted to the Mac App Store must now obey Apple’s sandboxing requirements. All existing Mac App Store apps cannot be updated until they meet the guidelines.
While sandboxing will mean safer and simpler Mac apps, there are some negative effects developers have to consider.
In case you didn’t know, sandboxing essentially refers to the restrictions that keep an app from interacting with system-level resources and files. The security measure is meant to keep viruses and malware from spreading inside OS X, and sandboxing also keeps any certain app from fatally damaging a core part of the OS. Each app plays in its own sandbox, and sand doesn’t get thrown across the playground.
Under Apple’s new sandboxing guidelines, developers must use a list of Apple-supplied entitlements to access system resources and features, such as sending a document to a printer or reading and writing to the OS X filesystem. An excellent security measure, but there are some bad side effects. Namely, apps that rely on direct access to OS X will not be able to do their jobs under Apple’s limited list of entitlements.
While the average Mac App Store user won’t notice anything different post-sandboxing, certain apps will have to remove features. Developers could then offer alternative, full versions of their apps on the web.
Macworld examined the cost of sandboxing, and there are certain kinds of apps that will need to have features pulled because of the new rules:
But that security comes with a price, at least in some cases. Some developers say that sandboxing will force them to remove features from their apps—or, in some cases, to pull them from the Mac App Store entirely. For example, the sandbox generally prohibits actions like simulating key presses (like a typing expander tool might perform) or accessing root-level privileges (like executing certain command line scripts).
Make sure to read the full article for specific takes from prominent Mac developers.