Developers Sour On Apple Sandbox


Apple has gotten developers talking with plans to require that all applications submitted to the Mac App Store run in a closed container, called a sandbox, starting March 1, 2012.

Sandboxes heighten security by separating running applications, so they can't affect the operations of other software in the system. Apple is requiring the use of the security mechanism to help prevent malware from taking control of customers' computers.

"The vast majority of Mac users have been free from malware and we're working on technologies to help keep it that way," Apple said in announcing the requirement on its developer site Wednesday.

Apple has released a list of Mac OS X resources, called "entitlements," that will be available to developers. To use them, developers will have to submit for approval the exact resources their apps will need.

Such inflexibility has left some developers wondering whether innovation by third parties on the platform will be stymied. "This new policy seems a bit on the extreme side," The Unofficial Apple Weblog said.

Developer Joe Brockmeier, a Linux expert, said Apple's reasoning sounds good in theory, "but it's tying the hands of a lot of developers in terms of being able to distribute through the App Store."

Developers who sell Mac software outside of the App Store will be able to continue accessing the resources they always have, even if they are outside the new restrictions. While that implies options exist, some developers pointed out that Apple's decision to make the latest Mac OS X release Lion available on the App Store is an indication the company is moving toward making it a major source of consumer and professional applications. In the future, getting in the App Store could become pivotal to financial success.

"The Mac App Store is increasingly the place where Mac users discover apps," developer Paul Olavi Ojala, said in a blog post. "Apple's big push with making Lion and the pro apps exclusive to the App Store has guaranteed this."