Mueller agrees: "People are still going to download apps off the Internet," he wrote. "The only way to keep folks even remotely safe from malware is to only allow applications that Apple allows you to run," he added. That's precisely how iOS works; you can only install apps from the App Store, unless you jailbreak your device.
Mueller predicts that one day Apple may employ the same restrictions on the Mac -- that you'll only be able to install apps from the Mac App Store. "Why wouldn't they? What's the downside [to Apple]?" he wrote.
What's Apple's goal?
While many of the developers we spoke to are understandably concerned, it's clear that many apps, across many categories, will be minimally affected by the sandboxing policy change. And there's considerable evidence that Apple's working to figure sandboxing out in way that works for as many developers as possible:
First, there's the delay on implementing the rule change from by an additional four months, from November to March -- which gives developers more time to understand the rules and comply, and gives Apple more time to listen to developers and adapt the rules accordingly. Apple's developer website includes a section devoted to sandboxing, and a prominent feedback form on the page is labeled: "Your feedback is valuable, and helps inform the direction of our sandbox API development."
What minimal public comments Apple employees have made are similarly promising. Apple engineer for core OS security Ivan Krstić continues to engage with developers via Twitter, encouraging them to file bugs with Apple if they are worried about sandboxing's impact on their apps. Krstić assured one developer that "We understand the need for your use case"; he told another that filing bugs is necessary because it will "give us feedback that we can turn into fixes."
On three major platforms -- the Mac, the iPhone, and the iPad -- Apple clearly owes a portion of its tremendous success to its developers. "There's an app for that" exists only because of the successful developer ecosystem Apple created for iOS; that many iOS developers are embracing the Mac App Store is a wonderful thing for Apple. One hopes that the developers who spoke with Macworld and the security engineers at Apple can work together to come up with smart, secure solutions that keep the apps we love as feature-packed as they already are.
Staff writer Lex Friedman doesn't let his kids play in the sandbox.