By Apple has recently announced that it requires all applications that are available in Mac App Store to be “sandboxed”. The company says that this is “a great way to protect systems and users by limiting the resources apps can access and making it more difficult for malicious software to compromise users’ systems.”
This surely seems to be great since all users want to avoid malicious software and this kind of programs. But this will also mean that the apps will be more limited in what they’ll do. That’s because their access to system resources will be limited. Apple’s decision has raised many questions and has put developers in a tough situation. They will have to either comply with this decision and thus remain in the Mac App Sore or to develop and work independently.
Apple planned to implement the requirement in November but as we can see, it gave developers some extra time to get used to that. As mentioned earlier, the company wants to be sure that the apps and programs that are distributed through Mac App Store are as secure and safe as possible.
What sandboxing means is a technique that acts as a defense against compromised applications. So, a virtual barrier known as a sandbox is set up around a running program. Thus, that program will be isolated from the rest of the system. Developers will have to turn on sandboxing for their programs beacuse the system itself can’t do that.
Once the sandboxing is on, the program will have no access to system resources like user documents, network as well as the ability to open and save files. The programs will have no access to peripherals (cameras and printers), locations and central services either.
So, Apple decided that sandboxing would be mandatory from now on for all those programs that are distributed through Mac App Store. Thus, Apple will review all the entitlements implemented by the developer. These entitlements are sandbox rules that will allow the programs to access the needed source that has been defined in the entitlements.
If Apple thinks that the program’s entitlement access is too broad, then the program will be rejected. The good thing about all this is that programs will be protected from each other in order to protecting data. Applications won’t interfere with each other.
The user experience shouldn’t be affected by this sandboxing. Some apps may lose a feature or two but the user will have a more stable and secure system. It seems that Apple will start to enforce sandboxing next year. Still, if users and developers want to install programs that are not sandboxed on their Mac,they should know that these will be available at other sources besides Mac App Store.
