Depending on whom you ask, Friday, June 1 was the best or worst thing to come to the Mac App Store since it opened its doors in 2011. As of now, new and significantly updated apps submitted to Apple's Mac App Store must implement sandboxing, which compartmentalizes what data and features a specific app is granted access to. Apps each can metaphorically play exclusively in their own sandbox, accessing only the data that Apple has granted that app entitlements to see.
Originally, Apple told Mac App Store developers that their apps would need to implement sandboxing by November 2011. In November, that deadline was extended to March 2012; in February, Apple extended that deadline again until June 1. That day has come; we've finally entered the sandboxed era.
[ For tips and tools for managing an enterprise Mac fleet, download InfoWorld's free "Business Mac" Deep Dive PDF special report today. | Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. ]
The plus side of sandboxing is that it means, in theory, that apps will become safer and more trustworthy: Your Mac prevents them from accessing files they shouldn't access. But that security comes with a price, at least in some cases. Some developers say that sandboxing will force them to remove features from their apps -- or, in some cases, to pull them from the Mac App Store entirely. For example, the sandbox generally prohibits actions like simulating key presses (like a typing expander tool might perform) or accessing root-level privileges (like executing certain command-line scripts).
It's easy to see why the sandboxing requirement makes sense from Apple's perspective: For one thing, it's worked great on the iOS App Store. From day one, apps for the iPhone (and later iPad) were sharply limited as to what features and data they could access on those devices, and the result has been an impressive track record for iOS security.
Although there was that address book kerfuffle and an occasional WebKit security exploit that needed patching, those were the security exceptions that proved the need for tight sandboxing requirements. Clamping down on what data apps could access from the get-go ensured that iOS would remain far less vulnerable to security threats than Android.
Clamping down on the data that Mac App Store apps can access empowers Apple to assure its customers that the third-party software they install is safe and won't compromise their Macs. And Apple certainly wants to reassure its users that Macs are supremely safe, especially after the disappointing blemish left by the Flashback Trojan horse. If Apple sees its alternative as waiting for the day a rogue Mac App Store title maliciously starts abusing user data, the sandboxing requirement seems like a no-brainer.