Apple Requiring Devs to Sandbox Mac App Store Software by March 2012

In an attempt to make its OS more secure, Apple has given developers a hard deadline of March 2012 to make sure their applications available through the Mac App Store are properly sandboxed – a rule not unlike one that mobile App Store developers have to adhere to.

Sandboxing is the technique of keeping a piece of software inside of a virtual container, so that in the case of an exploit or crash, the rest of the system should remain safe. Most recently, Google helped popularize the term thanks to the sandboxing done with its Chrome Web browser.

That said, while sandboxing is fine for some things, such as a Web browser, for any other application the requirement will limit what the software can do. There will be no applications that can touch any system files, or really any other application on the machine. Don’t expect power user or tweaking tools to be found on the Mac App Store after March.

What Apple is doing here is taking away the freedom developers have, which to me, is nonsense. It’s highly unlikely that any of the programs people purchase and download off the Mac App Store are a major threat, and by doing this Apple shows it has no confidence in its OS to protect its users from malware problems. At the same time, Apple’s job will be made easier with the sandboxing rule. If no software can ever work outside itself, then the risks are low – why not just approve everything?

It’s important to note that the sandboxing rule affects only those applications found in the Mac App Store, but given the rising popularity of the platform, developers are of course going to want to take advantage of being made available there. For some though, wrapping a sandbox around their application is not going to be ideal, or even possible in some cases.

I hope this isn’t the beginning of things to come. I’d hate to see Microsoft go down the same path with Windows.