Should Apple remove sandboxing from the Mac App Store?

Sandboxing in the Mac App Store has never been popular with developers. Should Apple remove it to encourage developers to put more of their software products in the Mac App Store?

Back in 2012 Apple announced that it would begin sandboxing apps submitted by developers to the Mac App Store. Apple made this decision to improve security and help protect Mac users from potentially malicious activity by software applications.

Here is Apple’s definition of sandboxing from its App Sandbox Design Guide document for developers:

A non-sandboxed app has the full rights of the user who is running that app, and can access any resources that the user can access. If that app or the frameworks it is linked against contain security holes, an attacker can potentially exploit those holes to take control of that app, and in doing so, the attacker gains the ability to do anything that the user can do.

By limiting access to resources on a per-app basis, App Sandbox provides a last line of defense against the theft, corruption, or deletion of user data if an attacker successfully exploits security holes in your app or the frameworks it is linked against.

App Sandbox is an access control technology provided in OS X, enforced at the kernel level. Its strategy is twofold:

App Sandbox enables you to describe how your app interacts with the system. The system then grants your app the access it needs to get its job done, and no more.

App Sandbox allows the user to transparently grant your app additional access by way of Open and Save dialogs, drag and drop, and other familiar user interactions.

More at the Mac Developer Library

In Apple’s case, sandboxing has proven to be quite unpopular with a number of developers, and some of them have even left the Mac App Store altogether rather than continue to deal with sandboxing.

A recent article on Seeking Alpha noted sandboxing as one of the problems that have caused the Mac App Store to lag behind in terms of profit generation for Apple:

Motel Moyen reports for Seeking Alpha:

Apple is killing the Mac App Store by not changing its policy requiring software developers to sandbox their submitted programs. Sandboxing meant industry-standard Mac software like Adobe’s Creative Cloud suite of products was never made available through the Mac App Store.

Adobe made $2.3 billion last year from its Creative Cloud subscription service. With its storefront 30% cut, the Mac App Store missed out on $690 million in 2015 just because Apple will not allow software developers to submit their apps without sandboxing.

Software developers left or avoided the Mac App Store because of this policy implemented in 2012. Bohemian Coding, maker of the former No. 1 top-grossing Sketch 3 graphic app, is just one of the many developers that abandoned the Mac App Store.

Sandboxing restricts full implementation of all the important features of programs like Photoshop CC. Consequently, a sandboxed app that doesn’t have the features (similar to that of the versions directly bought from the developers own online shop) is a big disservice to customers of the Mac App Store.

More at Seeking Alpha

Sandboxing should remain in the Mac App Store

I disagree with the writer at Seeking Alpha about sandboxing. Sandboxing is a useful security tool that helps protect Mac users from malicious applications. It’s not something that Apple should ever remove from the Mac App Store, particularly for the sole reason of improving profits.

Can you imagine what some users would say if Apple announced that it was removing app sandboxing from the Mac App Store to increase its software sales profits? I can only imagine the hue and cry that would come from some outraged users angry that Apple was putting money ahead of security.

But it’s clear that Apple needs to improve what features sandboxed apps can offer Mac users. This would go a long way toward improving relationships with Mac developers and would encourage more of them to remain in the Mac App Store. It might also help get some of the developers that have left the store to come back over time.

With WWDC happening next month, hopefully Apple will have some substantial improvements to sandboxing for Mac developers.

The Mac App Store needs other fixes too

While Sandboxing is an important issue for developers, there are other problems in the Mac App Store that need to be fixed.

Paid upgrades would be a big step forward for developers, and would help encourage additional developer participation. Selling software as a one-off purchase is a pretty tough business model in this day and age. So paid upgrades for significant new versions of an app would help developers create a more viable business model.

Another helpful fix for the Mac App Store would be usable app demos. Right now users have to buy an app to see how well it works for them, and some folks won’t pay for software without being able to try it first. So usable software demos could be a big help to developers and users alike.

Refunds are another problem that Apple could fix in an update to the Mac App Store. Users could be given a 24 hour time limit to get a refund for software they don’t want to keep. A “refund purchase” button built into the Mac App Store would be a big help for users.

Another problem with the Mac App Store is that developers can’t respond to reviews by users. On Amazon, for example, if a product gets a low rating from a customer, vendors can respond directly to the customer and offer assistance or even a replacement product. But developers still cannot do that in the Mac App Store.

So it’s clear that Apple can do quite a bit to improve the Mac App Store without removing the sandbox protection that it currently offers provides to its users.

What some of Apple’s customers think about removing sandboxing from the Mac App Store

The issue of removing sandboxing came up in a recent thread on the Apple subreddit and folks there weren’t shy about sharing their opinions, so I’ll leave you with this selection of comments from the thread:

Techsupportvictim: “I agree that the store needs work but I disagree that sand boxing is the issue. Sorry but as someone who spends 40 hours a week cleaning up the crap customers download to their computers lessening security is not the way to go.

Better meta data and searching yes. Better API for building apps sure Pricing like paid upgrades, bundling with tvOS and iOS yeah.

These I could easily get behind. But just dumping the sandbox no.”

David_Harrison: “I wholeheartedly agree. The work for the Mac App Store is not in lessening the consumer protections that are enforced. The work is for the macOS team to incorporate more areas into the sandbox so developers have more to work with. If that’s not possible without compromising users’ safety and protection, then it’s on developers to make sure they create a positive reputation that encourages users to bypass GateKeeper.

If Apple opened up the sandbox and allowed anyone in the store, we’d have moaning about how Apple is reducing competition for developers by centralizing app sales through the MAS and sapping their profits by 30%. Damned if you do, damned if you don’t.”

Rockybbb: “Personally I find myself liking the App Store more for the ease of maintenance and the peace of mind from sandboxing. ”

GasimGasimzada: “I agree that Mac App Store needs a good amount rework - supporting demo apps, adding versioning, allowing more lower level access through an API. Currently, there is an app called Veertu, which uses OSX Virtualization Framework, which allows creating virtual machines in a sandboxed environment and it is very fast. I hope they make one for creating network drives because Transmit app that I use cannot keep their app in the app store for that reason.

So, yes, there needs to be lots of work done but the last thing the app store needs is to allow non Sandboxed apps in the app store.”

More at Reddit

Did you miss a post? Check the Eye On Apple home page to get caught up with the latest news, discussions and rumors about Apple.

Copyright © 2016 IDG Communications, Inc.

7 secrets of successful remote IT teams