Apple has moved its deadline to require "sandboxing" of apps in its Mac App store
back again, this time to June 1, after receiving pushback from developers. Apple initially set the deadline for November 2011
, then reset it to March 1. Sandboxing requires developers to gain permission to access parts of the Mac OS and hardware, something they previously could do on their own. It's designed to limit the damage that any malicious app could do. Though the technology is available in OS X Lion, a new security measure called Gatekeeper, due in the new OS Mountain Lion
this summer, can be configured to allow Apple to disable them if they become troublesome, Macworld reports. Macstories reports on the uproar
over the policy:
...sandboxing has been heavily criticized in the past months as it would theoretically prevent apps that rely on system-level technologies such as AppleScript from working, as they would require an entitlement that Apple isn’t providing. Similarly, apps that would require access to an entire user’s filesystem would be problematic with sandboxing fully enforced (think backup utilities such as SuperDuper). ...With Gatekeeper and Sandboxing seemingly aimed at fixing different problems with OS X security, a number of third-party developers asked Apple (again) to reconsider the list of entitlements for the sandbox and figure out a way to work with longtime Mac developers to keep their apps in the Mac App Store.
And Daniel Jalkut of Red Sweater Software wrote
Apple should embrace the utility of sandboxing by shifting their focus away from sandboxing only Mac App Store titles, to a strategy that would sandbox virtually every Mac app, inside the store or out. Given the current limitations of sandboxing, a significant number of developers will not adopt the technology, so its usefulness to users and to the security of the platform will be diminished. Apple can turn that around so that sandboxing is a worthy counterpart to Gatekeeper, and a technology that any developer in his or her right mind would feel foolish not to incorporate.