Dreading Apple’s upcoming sandboxing

Screen Shot 2012-02-16 at 11.55.08 PM

[Update: Apple gave us a 3 month reprieve. I'm still dreading this, though.]

I’m not looking forward to Apple’s impending move to sandbox all apps delivered through the Mac App Store. At the very highest level, I understand the technical motivation for doing it—one of the biggest reasons people don’t download software is that it’s nigh on impossible to know what software one can trust. And sandboxing makes the already well-policed App Store into an environment worthy of nearly implicit trust. The bottom line is that barring significant security defects, a sandboxed app just can’t do nasty crap to your computer. (Prior to the sandbox, an app only has to trick you personally, not your OS, before getting to do arbitrarily evil things.)

Unfortunately, like many well-intentioned technologies, sandboxing comes with some trade-offs. The biggest one for me in this case is that certain Mac App Store software that I have purchased and love simply can’t continue to work. Case in point: Flexiglass. I absolutely love the powerful desktop layout management features that it provides. And I enthusiastically purchased it through the Mac App Store so that I wouldn’t have to worry about creating a user account with yet another software vendor and remembering how and where to go to download it when it’s time for a computer upgrade. None of those good parts matter because the application fundamentally needs deeper access to the system than even the most generous application sandbox could possibly provide. This means that I’ll have to switch to directly downloading Flexiglass from its author’s web site, if they even have a way for me to transfer a record of my purchase over from the App Store.

Another thing that isn’t yet clear is if Apple’s first-party App Store apps will be granted additional entitlements. There doesn’t appear to be any way for third party applications to allow plug-ins written by other developers. And I can’t even imagine how something as complex and permission-intensive as XCode could possibly do its job without special immunity from sandboxing restrictions. (There’s absolutely no doubt in my mind that now that XCode ships via the Mac App Store that it’ll continue to ship that way—the experience is just too good. And getting so much better with each release.)

So I’ll probably continue to love the improvements that the App Store makes when it comes to maintaining my software collection, but I really don’t think that I’m going to love sandboxing, at least in its first incarnation when it hits next month. In the end, though, I remain hopeful that we can find some sort of happy place here—Apple is nothing if not stubborn and opinionated, but they have showed at least a few times that they’re capable of working with developers when their usually well-intentioned policies get in the way of actual user experiences.

Will they compromise on sandboxing? (Can they compromise on sandboxing and still manifest the ultimate PC security that they’re fighting for here?) I’m not sure. But I’ll be watching, with baited breath, as this story unfolds. I can hardly wait to see where 2012 takes us in the tech world!

Post a Comment

Your email is never shared. Required fields are marked *