Some Apps Can’t Play in the Sandbox
November 8th, 2011Under the iOS, applications are sandboxed, which means, more or less, that the app runs in its own virtual space, separated from other apps. If something goes wrong with that app, such as a crash, or perhaps because it has been compromised with malware, the OS and other apps are protected. This is one key reason why iOS security issues have been few and far between.
A similar feature is included in OS X Lion. The ability to send and receive data to the OS and other apps is strictly controlled, via a system known as “entitlements” (and don’t get me started, please, about the political use of that term). Sandboxing, you see, is a perfectly sensible means of protection for most of the apps you use. This scheme may work fine with mobile apps, but on a Mac, there are potentially serious pitfalls, because some of the key apps you may be using aren’t suitable for Apple’s current implementation of sandboxing, and therein lies a developer’s dilemma.
In recent days, Apple has notified developers that, as of March 1, 2012, all apps submitted to the Mac App Store must be sandboxed. If the apps perform functions that aren’t supported, those functions will have to be eliminated, or the app won’t be able to remain in the Mac App Store. While Apple has granted exceptions to some of these entitlements, those exceptions are strictly temporary. They can be cancelled at any time, meaning that the apps in question will be removed from the store.
The impact to the Mac user may be slim to none in most cases, but for many of you, it can be serious. Let me explain.
When I record episodes of my two radio shows, The Tech Night Owl LIVE and The Paracast, I use audio apps that capture the signal from Skype and combine it with the audio from an analog mixing console that’s plugged into my iMac. Two such apps, which can also capture audio from Internet streams, iTunes and other software, are Ambrosia Software’s WireTap Studio, and Rogue Amoeba’s Audio Hijack Pro. I’m sure the developers behind these apps are pulling their hair out, or suffering sleepless nights, hoping for a clever solution, or praying Apple will relent and allow them to do their thing. With sandboxing, neither product will perform these basic functions.
Now I realize most of you don’t need an audio capture program, though they can also be used for such purposes as making a scheduled recording of an online audio event, similar to what you can do with your TV and a DVR. That’s a real plus.
Perhaps the most critical product that may be hurt by sandboxing is the backup app. Sure, Time Machine may be all you need, but some of us prefer more granular solutions, such as Shirt Pocket’s SuperDuper! Even such FTP apps as Panic’s Transmit (the one I favor) will suffer from similar issues, because they all need access to the entire Mac OS X file system to do their thing. A similar limitation also impacts Jon Gotow’s great Open/Save dialog enhancer, Default Folder X.
As you can see, the sort of sandboxing Apple visualizes can have unintended consequences, particularly when it comes to backup apps and other software that serve important functions that Mac users need. Now I do not pretend to understand the programming hurdles involved in providing safe support for such features, or whether Apple could enhance its repertoire of “entitlements” to allow these apps to continue to deliver all the features you expect.
I realize that no developer is forced to use the Mac App Store. The excluded products can still be offered from a software publisher’s own site, if that’s what they want. But that’s consigning these companies, many of which are run by one or two people from their home offices, to the back of the bus. It’s going to be understandably difficult to compete for attention with Apple’s own approved software repository.
Now between now and March 1st, it’s quite possible Apple will reconsider the entitlement setup, at least to the extent of offering workable solutions for the affected publishers. As it stands, if they want to stay in business, they’ll be forced to devise feature limited versions of certain apps, while discontinuing others unless selling them outside of the Mac App Store environment continues to pay off.
Sure, I realize staying out of the Mac App Store may make sense for a large company, such as Adobe, which also has limited versions of some of their products available from Apple. But the products that require special installers, which put files in all sorts of places on your hard drive, will never be compatible, unless developers find the means to simplify such setup routines.
As far as Apple is concerned, I do not subscribe to the theory, voiced by some, that they don’t want you to buy software outside of their App Store environments. I also do not believe that they want to somehow “ruin” the Mac experience, which is what one article claimed. It seems to me that Apple wants to make Mac OS X as safe as possible, but they need to consider the consequences more carefully. It makes no sense to limit the functionality of Mac apps simply to exert control. But it won’t hurt to make your views known to Apple. The more messages they get, the more they’ll look favorably upon doing the right thing.
| Print This Post
Forgive me if I am incorrect, I haven’t looked into the sandboxing details at all. But wouldn’t a workaround for FTP clients (and perhaps other similar apps) be to restrict their file system access to an app-specific folder, similar to the Downloads folder already used by Safari and other apps? A user would have to use an application with full entitlements (like Finder) to move outgoing files into this region or incoming files out of this region into the general file system.
Or is the intent with sandboxing be that these app-specific areas are completely opaque boxes to all other apps?
Yes, this is an inconvenience for end users (as are many security-focused features, like passwords). But it seems like it would cover many use cases, and of course a full-featured version could be made available outside of the App Store for those that need it. The base version would be still have App Store visibility.
It’s better to assume that someone does what they mean to do. Apple knows what the consequences of their decisions will be — in this case, keeping apps from interacting (easily) — and yet they choose to go forward with it. Look at some of the consequences: data is far more easily kept on Apple servers for backup, rather than on those of some other company. Audio Hijack-style programs are hamstrung — which is exactly what Apple, their music content partners, and other, streaming-content companies want to have happen. It’s about tie-in and control, nothing more and nothing less. Is this necessarily wrong? No. But it’s also no accident.
I share your pain. I use Audio Hijack as well, for perfectly legitimate and legal uses, and would hate to lose that functionality. Who knows what other programs I like will be in trouble. Does the independent display engine in Mellel, say, violate any sandboxing rules? Except for Apple apps, I always get my other apps directly from the source. But how much longer will that be a possibility?
If Apple keeps going down the various paths they’re going — and if Microsoft remains relatively “open” (and it looks like they can’t lock up Windows 8 too much or they’d really screw their primary enterprise customers) — then I might be forced to return to the dark side. But who, as things are evolving, is really the dark side now?
@Ponter, Despite the cynicism, I do think Apple executives are smart enough to do the right thing. They just need to be moved in the right direction from time to time.
Peace,
Gene
@Ponter,
As far as Windows 8 being more “open”, if you read up on it, apps sold through the Windows 8 app store will also be required to implement sandboxing so MS is heading down the same path. Not only that, applications written for older versions of Windows will only work Intel-based Windows machines, not ARM-based Windows machines which can potentially create confusion for customers. One feature Windows 8 does have that Apple hasn’t yet implemented is a feature called “Contracts.” This allows apps to talk or share data with other apps.
For better or for worse, all the major platforms are heading towards a closed walled-garden approach.
Won’t developers still have the option to sell their products independently of the App Store, and won’t users still be able to purchase and use those apps? Apple is saying, we’ll curate the apps we sell from our store, which is their right. If you purchase them elsewhere, you’re on your own. Don’t see a huge problem there.
@Jim, It’s a matter of getting attention. The App Store will continue to garner more and more attention from Mac users, meaning they will pay less attention to third party software repositories. This is the environment where the large company will have the resources to market. The small companies will be forced to find a way to fit within the Mac App Store environment.
Peace,
Gene