This Week's Sponsor:

Kolide

Ensures that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.

Apple Pushes Back Mac App Store Sandboxing Requirement To March 2012

In an email to developers today obtained by iClarified, Apple has informed them that all apps submitted to the Mac App Store must implement sandboxing by March 1st, 2012. Originally Apple had told developers that the sandboxing requirement would take place this month. It isn’t entirely clear why Apple has delayed the introduction of this requirement but it does give developers a few more precious months to implement the restriction and resolve all issues that it might cause for their app.

In the email Apple notes; “Sandboxing your app is a great way to protect systems and users by limiting the resources apps can access and making it more difficult for malicious software to compromise users’ systems”. For those who aren’t familiar with the technical ‘feature’, John Siracusa has a great (and in-depth) discussion of the feature in his Mac OS X 10.7 Lion review on Ars Technica. In short, sandboxing restricts the number of actions that an app can do so that if the software is compromised, the amount of damage it can do is greatly minimised.

In Lion, the sandbox security model has been greatly enhanced, and Apple is finally promoting it for use by third-party applications. A sandboxed application must now include a list of “entitlements” describing exactly what resources it needs in order to do its job. Lion supports about 30 different entitlements which range from basic things like the ability to create a network connection or to listen for incoming network connections (two separate entitlements) to sophisticated tasks like capturing video or still images from a built-in camera.

In its email to developers, Apple also notes that if an app requires access to “sandboxed system resources”, the developer must also include justification for why it needs those entitlements when submitting the app to the Mac App Store. Finally, Apple notes that it is willing to offer developers additional, temporary, entitlements if the app is being re-engineered for sandboxing - but only on a short-term basis.

[Via iClarified, Image via Apple]

Join

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.

Former MacStories contributor.

graham@macstories.net