MUST READ: Congress demands answers from Google over Glass privacy concerns

Topic: Software Development

Apple to developers: Sandbox those Mac Apps

Summary: As of March 1, 2012 all apps submitted to Apple's Mac App Store must implement sandboxing

Larry Dignan

By for Between the Lines |

Apple told developers that they will have to implement sandboxing on their Mac App Store submissions as of March 1. As noted on TUAW, the sandboxing requirement is likely to ruffle a few feathers. However, sandboxing is a better security approach. It certainly isn't perfect, but the requirement isn't too far out of bounds.

Sandboxing isolates untested code changes such as malware and effectively quarantines it.

Apple said in an announcement:

The vast majority of Mac users have been free from malware and we're working on technologies to help keep it that way. As of March 1, 2012 all apps submitted to the Mac App Store must implement sandboxing. Sandboxing your app is a great way to protect systems and users by limiting the resources apps can access and making it more difficult for malicious software to compromise users' systems.

Topics: Software Development, Apple, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion

  • RE: Apple to developers: Sandbox those Mac Apps

    We are better, we don't get spyware and viruses.... I really get a kick out of seeing these every day. Just utterly pleasing to see Apple cultist getting a new foot up their a** as they begin to realize that they are not special after all.

    So Larry, lets reiterate the facts for a moment..
    -Mac's now get spyware and viruses
    -Mac's are PC's with INTEL hardware
    -Mac's can be hacked in less than 3 minutes with no tools or special software.

    Those of us that actually know what we are doing just want to slap a Fisher Price sticker on them. I mean my kids toys are more secure than a mac now...
    Nate_K
    Reply Vote

    • RE: Apple to developers: Sandbox those Mac Apps

      @Nate_K As I've been saying for years now. The lashings and beatings by Mac Fans are not in vain
      DreyerSmit
      Reply Vote

    • RE: Apple to developers: Sandbox those Mac Apps

      @Nate_K Hehehe. Fisher price :)
      sackbut
      Reply Vote

    • RE: Apple to developers: Sandbox those Mac Apps

      @Nate_K

      No, they don't get viruses (self propagating vectors). They are as susceptible as any system to trojan's when they can convince the users to install infected software. Every "infection vector" I have seen has required a user to manually install some sort of software that has an extra trojan payload, or download some sort of dodgy document in a proof of concept "hack" that is not seen "in the wild" and is not self propagating .

      For being so "insecure", no Mac user I know has any problems with security.
      chadpengar
      Reply Vote

      • RE: Apple to developers: Sandbox those Mac Apps

        @chadpengar

        That's because Mac *USERS* don't care about security. Mac *SUPPORTERS* do care about security and do have problems with it due to the afore mentioned user lack of care. :)
        PollyProteus
        Reply Vote

    • RE: Apple to developers: Sandbox those Mac Apps

      @Nate_K [i]Those of us that actually know what we are doing...[/i]
      I love it when small minded people post comments like this which obviously complete excludes them.
      non-biased
      Reply Vote

  • RE: Apple to developers: Sandbox those Mac Apps

    it's so easy to sandbox apps on OS X thanks to FreeBSD but doing the same thing in Windows is a nightmare
    shellcodes_coder
    Reply Vote

  • that's so micro$oftic!

    big brother is telling you what (not) to do.
    The Linux Geek
    Reply Vote

    • RE: Apple to developers: Sandbox those Mac Apps

      @The Linux Geek <br>Really, you take an article about apple to troll on MS? Also, ask any developer which OS has the more restrictive controls in place. Hint: it's not one of the 35 versions of Linux that hardly anyone uses.
      IndifferentDisdain
      Reply Vote

    • RE: Apple to developers: Sandbox those Mac Apps

      @The Linux Geek No, they're just telling what they will accept in their app store. If you don't want to do the least bit to use best practices on your crappy software and sell it as is, you can do so, but sell it on your own storefront.
      ssaha
      Reply Vote

  • RE: Apple to developers: Sandbox those Mac Apps

    [deleted]

    Must resist...
    WarhavenSC
    Reply Vote

  • RE: Apple to developers: Sandbox those Mac Apps

    People are getting bent out of shape on this. This is for those apps being sold through the Mac App Store by Apple. This is not a "locking down" of the system from a technical perspective. You can still sell your apps in the traditional way yourself, install whatever software you want, etc.
    chadpengar
    Reply Vote

  • Good For Them

    I'm glad to see Apple starting to start to lock down the ecosystem. Now if they would just announce that with the next release of MacOS the only distribution channel will be through Apple that would be good - but one would expect that if one also expects Apple to continue to merge iOS and OS X. I like them differentiating the OS in this way - if you want locked down, controlled, and uniform, we're your OS. If you want something else, you've got Linux or Windows.
    m0o0o0o0o
    Reply Vote

  • Limits?

    Can these apps use 3D graphics? If so, then are you sure your graphics drivers are flawless? (There's been bugs in them too...)
    Can they access each other? Store data in the same places, communicate locally (sockets, DBUS, etc...)?
    We've got more drivers too, and besides that way to break out there's often some holes in the sandbox.
    Etc...
    While I like the ideas of sandboxing, how useful is this? Either you lock things down HARD (Google's NaCl, or Sandboxie for regular software (quite a bit less secure compared with NaCl)) or you design the whole system around it with security in mind (Android with Dalvik & the Intents system and other APIs).

    Both is hard and there's tradeoffs. Limit what the app can do or have many more attack vectors that you need to secure?
    Natanael_L
    Reply Vote

  • Android Is Already Sandboxed

    Apps on Android are already held strictly at arm's length from each other and from the system, by leveraging the multiuser features built into the Linux kernel.

    Just another case of Apple copying its more advanced competitors, ho-hum.
    ldo17
    Reply Vote

    • RE: Apple to developers: Sandbox those Mac Apps

      @ldo17 Oh my god, is your small minded hatred so strong that you believe this comment is relevant in any way what so ever?
      non-biased
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close