This Week's Sponsor:

Kolide

Ensure that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.


Sandboxing and App Culture

Andy Ihnatko and Jason Snell have published two articles on Macworld over the weekend, covering the upcoming sandboxing restrictions that Apple will begin enforcing this November for Mac App Store apps (with its possible implications for Apple’s own technologies like AppleScript) and the broader subject of app culture, which in a way is related to sandboxing and might lead to an overly simplified software environment that some people imagined a year ago.

Ihnatko:

But I fret about AppleScript. I’ve come to think of it as a brilliant and infinitely-resourceful friend who’s been working for twenty years at a company that doesn’t seem to appreciate all of his or her contributions. I’m not worried about Apple killing AppleScript outright; I’m worried that the company doesn’t collectively feel like system automation is a feature that’s worth rescuing if the building ever caught on fire. Some day, Apple’s OS engineers will come up with an idea for a new system architecture that delivers a long list of benefits but which will require tons of work to prevent it from breaking AppleScript. And at that point, scripting on the Mac will finally die.

Snell:

Apple getting serious about app security is a good thing. Unfortunately, many of the apps we Mac users have come to know and love over the years require a broad amount of access to the system for a lot of their key functions. Not as much as SuperDuper, say, but still quite a lot. What I’m hearing from some Mac developers is that they may actually have to remove features from their apps, or reduce their functionality, in order to fit them inside Apple’s new sandbox.

Whilst after the Back to the Mac event in October 2010 we feared the Mac App Store’s lack of trials and license migration options for existing customers would kill the ecosystem and, ultimately, cause the Mac App Store to never take off, that hasn’t been the case. Apple is betting heavily on the Mac App Store as the future of digital distribution for desktop software, and it’s doing so by releasing Lion on the App Store, alongside several other apps (at a discounted price). Since January 6, when the Mac App Store opened for business, third-party developers have rushed to release their apps on it (most of the times with discounted prices) and Apple awarded those who did in time at last June’s WWDC. Some developers needed, obviously, to rethink how their apps would work with Apple’s Mac App Store rules.

The issue mentioned by Ihnatko and Snell isn’t a logistic problem with the infrastructure itself, it’s a real technical question that has arisen lately. How much will sandboxing entitlements affect the functionalities of existing apps? An example is the aforementioned 1Password, whose Mac App Store version won’t allow you to keep its database sync file in Dropbox if that folder is not under your User’s directory. The change wasn’t well received, but that’s just the way it works now. Starting November, it’s safe to assume other apps will need to be updated with this kind of tweaks – a restriction here, some documents can’t be accessed there, and so forth.

You can see how sandboxing, security and app culture are related in Apple’s App Store vision. The concept of “app” has evolved over time to indicate a piece of software that does one thing well, and Apple is doubling down on this new idea by enhancing security (which is a good thing) and making sure an app is limited “to just those operations that it needs to perform”. App and security have come full circle.

In the past nine months, the Mac App Store did just fine for the majority of developers without trials and demo versions. Then Apple introduced in-app purchases and delta updates. Every major change creates victims – those who couldn’t settle down in a new environment – and winners, literally. What will be interesting to observe in the upcoming months isn’t sandboxing itself of Apple’s evilness, but the trade-off third-party developers will seemingly have to come to terms with if they want to keep their apps on the Store., with the same degree of power and innovation we’ve become accustomed to in the past decades.

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.