Under the iOS, applications are sandboxed, which means, more or less, that the app runs in its own virtual space, separated from other apps. If something goes wrong with that app, such as a crash, or perhaps because it has been compromised with malware, the OS and other apps are protected. This is one key reason why iOS security issues have been few and far between.
A similar feature is included in OS X Lion. The ability to send and receive data to the OS and other apps is strictly controlled, via a system known as “entitlements” (and don’t get me started, please, about the political use of that term). Sandboxing, you see, is a perfectly sensible means of protection for most of the apps you use. This scheme may work fine with mobile apps, but on a Mac, there are potentially serious pitfalls, because some of the key apps you may be using aren’t suitable for Apple’s current implementation of sandboxing, and therein lies a developer’s dilemma.
In recent days, Apple has notified developers that, as of March 1, 2012, all apps submitted to the Mac App Store must be sandboxed. If the apps perform functions that aren’t supported, those functions will have to be eliminated, or the app won’t be able to remain in the Mac App Store. While Apple has granted exceptions to some of these entitlements, those exceptions are strictly temporary. They can be cancelled at any time, meaning that the apps in question will be removed from the store.
The impact to the Mac user may be slim to none in most cases, but for many of you, it can be serious. Let me explain.
When I record episodes of my two radio shows, The Tech Night Owl LIVE [1] and The Paracast [2], I use audio apps that capture the signal from Skype and combine it with the audio from an analog mixing console that’s plugged into my iMac. Two such apps, which can also capture audio from Internet streams, iTunes and other software, are Ambrosia Software’s WireTap Studio, and Rogue Amoeba’s Audio Hijack Pro. I’m sure the developers behind these apps are pulling their hair out, or suffering sleepless nights, hoping for a clever solution, or praying Apple will relent and allow them to do their thing. With sandboxing, neither product will perform these basic functions.
Now I realize most of you don’t need an audio capture program, though they can also be used for such purposes as making a scheduled recording of an online audio event, similar to what you can do with your TV and a DVR. That’s a real plus.
Perhaps the most critical product that may be hurt by sandboxing is the backup app. Sure, Time Machine may be all you need, but some of us prefer more granular solutions, such as Shirt Pocket’s SuperDuper! Even such FTP apps as Panic’s Transmit (the one I favor) will suffer from similar issues, because they all need access to the entire Mac OS X file system to do their thing. A similar limitation also impacts Jon Gotow’s great Open/Save dialog enhancer, Default Folder X.
As you can see, the sort of sandboxing Apple visualizes can have unintended consequences, particularly when it comes to backup apps and other software that serve important functions that Mac users need. Now I do not pretend to understand the programming hurdles involved in providing safe support for such features, or whether Apple could enhance its repertoire of “entitlements” to allow these apps to continue to deliver all the features you expect.
I realize that no developer is forced to use the Mac App Store. The excluded products can still be offered from a software publisher’s own site, if that’s what they want. But that’s consigning these companies, many of which are run by one or two people from their home offices, to the back of the bus. It’s going to be understandably difficult to compete for attention with Apple’s own approved software repository.
Now between now and March 1st, it’s quite possible Apple will reconsider the entitlement setup, at least to the extent of offering workable solutions for the affected publishers. As it stands, if they want to stay in business, they’ll be forced to devise feature limited versions of certain apps, while discontinuing others unless selling them outside of the Mac App Store environment continues to pay off.
Sure, I realize staying out of the Mac App Store may make sense for a large company, such as Adobe, which also has limited versions of some of their products available from Apple. But the products that require special installers, which put files in all sorts of places on your hard drive, will never be compatible, unless developers find the means to simplify such setup routines.
As far as Apple is concerned, I do not subscribe to the theory, voiced by some, that they don’t want you to buy software outside of their App Store environments. I also do not believe that they want to somehow “ruin” the Mac experience, which is what one article claimed. It seems to me that Apple wants to make Mac OS X as safe as possible, but they need to consider the consequences more carefully. It makes no sense to limit the functionality of Mac apps simply to exert control. But it won’t hurt to make your views known to Apple. The more messages they get, the more they’ll look favorably upon doing the right thing.