Apple will require all apps in the Mac App Store to employ sandboxing beginning in March 2012, aiming to make apps safer from malicious attack. The Cupertino company informed all registered developers in an e-mail sent on Thursday. Apple had planned to mandate sandboxing beginning this month, but for undisclosed reasons delayed the requirement.
Sandboxing is a method which developers use to limit exposure to system processes. The application is run in a protected environment and given a limited set of resources. This in turn makes it much harder for attackers to break in. “The vast majority of Mac users have been free from malware and we’re working on technologies to help keep it that way”, Apple argues.
While the move is aimed at protecting Mac OS users, it presents a host of challenges for developers. When building programs, Apple has allowed access to a select list of system processes, called “entitlements”. Here’s that full list:
- Read-only access to the user’s Movies folder and iTunes movies
- Read/write access to the user’s Movies folder and iTunes movies
- Read-only access to the user’s Music folder
- Read/write access to the user’s Music folder
- Read-only access to the user’s Pictures folder
- Read/write access to the user’s Pictures folder
- Capture of movies and still images using the built-in camera, if available
- Recording of audio using the built-in microphone, if available
- Interaction with USB devices
- Read/write access to the user’s Downloads folder
- Read-only access to files the user has selected using an Open or Save dialog
- Read/write access to files the user has selected using an Open or Save dialog
- Child process inheritance of the parent’s sandbox
- Outgoing network socket for connecting to other machines
- Incoming network socket for listening for requests from other machines
- Read/write access to contacts in the user’s address book
- Read/write access to the user’s calendars
- Use of the Core Location framework for determining the computer’s geographical location
Mac App Store apps would not have access to other processes. Access for applications not distributed through the App Store would be unaffected. Regardless, this change has some developers upset.
“The obvious counterargument is that it’s Apple’s store, they make the rules, and nobody forces developers to submit their apps”, software developer Pauli Olavi Ojalaw wrote Thursday to his personal blog. “However, the Mac App Store is increasingly the place where Mac users discover apps. Apple’s big push with making Lion and the pro apps exclusive to the App Store has guaranteed this”.
Access to select other non-sandboxed processes will be permitted, but Apple says it will gradually phase those out “over time”, and developers must request access or face rejection. Either way, it appears that the functionality of many Mac App Store apps may be greatly reduced, which in the end could force developers to attempt to promote their apps elsewhere.