The Many Tricks team -- Peter Maurer and former Macworld senior editor Rob Griffiths -- is also concerned. "As of now, entitlements for the core features of many of our apps don't even exist, which means we cannot make them compliant at all," the developers said in an email interview. "In fact, these entitlements may never exist, as Apple appears to be in the process of redefining the fundamental concept of what third-party software is supposed to be capable of doing on the Mac." Many Tricks says that several of its apps -- Moom, Witch, and Time Sink -- "rely on the Accessibility API and inter-application communication to do what they do, and these features will not be available to us" unless Apple modifies its restrictions. Right now, the developers expect they'll need to pull all three apps from the store and rely on selling from their website instead.
The Many Tricks developers point out that many current Mac App Store apps -- including apps that control iTunes playback, apps that use AppleScript to send commands to other apps, and apps that capture keystrokes for text expansion -- simply can't comply with the sandboxing rules as currently stated. "In short, there are a slew of useful utilities that, if things don't change, won't exist in the sandboxed world of the future," they told Macworld.
How much work is sandboxing for developers?
Apple told developers that turning on "the default sandbox environment is as simple as checking [the right] checkbox" when they code their apps.
Enabling sandboxing is certainly that simple, Siegel said. "However, whether an application still works after sandboxing entitlements have been enabled is another matter entirely. The more broadly scoped and deeply functional a product is, the more engineering and testing are going to be required for it to function correctly when sandboxing entitlements are enforced.
Mueller questions Apple's timing for introducing the sandboxing restriction. "It's being introduced in the middle of an OS cycle," he wrote. "I could see Apple turning it on with the release of 10.8, but forcing the sandbox on developers with a 10.7.x update? That's crazy."
Marco Tabini, an occasional Macworld contributor and the developer of Mac App Store apps like Tunesque, notes that while respecting the sandboxing rules will likely be simpler for smaller apps, apps "aimed at power users are going to have a harder time, because [they] often interface with the operating system at a very deep level, and sandboxing makes that very difficult, or outright impossible."
Will sandboxing make us safer?
Apple suggests that the sandboxing restriction will keep Macs safer.
The Many Tricks developers concede that's true -- with a caveat: They compare it to "saying that by keeping your laptop plugged in at all times, you'll never run out of battery charge: It's true, but it doesn't mention the tradeoffs involved."
Beyond the obvious tradeoff of potentially limiting some apps' functionality, sandboxing really only makes you safer if you exclusively run Mac App Store apps. As Tabini explains, "If you download or acquire software from other sources, sandboxing is still optional… Since the majority of malware comes from untrusted sources, in the short term sandboxing is probably not going to make a huge difference."