Change is coming to the Mac App Store. On Wednesday Apple announced that as of March 1, 2012, all apps submitted to the Mac App Store will have to implement a security system called sandboxing in order to gain approval. The result will be safer apps, but some developers fear that sandboxing may force them to strip out certain features.
Wednesday's announcement to developers is actually a reprieve: When Apple first unveiled the sandboxing requirement at June's Worldwide Developer Conference, it was supposed to go into effect this month.
Sandboxing is a security system that regulates the power individual apps can wield on your Mac. More technically, "sandboxing" means limiting an individual application's access to your computer; rather than allowing it full access to, say, your Mac's memory or file structure, a sandboxed app is instead confined to its own dedicated space.
Gus Mueller of Flying Meat Software compares it to the playground sandbox from which the computing concept takes its name. "We were handed a couple of toys, and if we wanted out of the box, or wanted to [use] something not given to us by our parents, then that's too bad," he told Macworld.
That ensures an application "does only what the user allows and expects it to do in response to the user's wishes, and no more," Rich Siegel of Bare Bones Software explained via email. Requiring apps to employ sandboxing ensures that those apps can't act too maliciously. If an app can't get at other data on your Mac, it's much harder for that app to perform evil tasks without your permission.
When developers submit apps that adhere to Apple's sandboxing restrictions, they can request specific "entitlements" for their apps, like read/write access to the user's Music, Downloads, or Pictures folders, interaction with USB devices, printing, access to the built-in microphone, and others. Unlike other platforms (including Windows and Android), which display a list of features that apps will be able to access and ask for a user's approval, Apple will determine whether an app should be granted the entitlements the developer requests as part of the Mac App Store approval process.
You already encounter sandboxing on a daily basis -- if you use an iPhone, iPad, or iPod touch. iOS apps can't see other apps' documents, can't adjust your device's settings, and essentially can control only themselves. It's an approach Apple wants to bring to the Mac App Store side of things.
Apple's sandboxing rule, as currently outlined, affects only new apps and updates to existing apps submitted on or after March 1 of next year. But that puts some developers in a tough spot. Some will have to make changes to their apps in order to continue offering existing features. Others fear that some features may simply not be allowed in the sandbox and might have to be removed entirely.