The Mac App Store and the trouble with sandboxing

By Peter Cohen
last updated

Apple's requirements for apps sold in the Mac App Store prevents many useful utilities from being made available. Should Apple change its tune on sandboxing?

I've written before about some of the limitations that Apple imposes on game developers who want to sell their games through the Mac App Store. The problem isn't limited to games — Apple's rules for how Mac App Store apps work keep lots of different apps from being distributed.

The year after the Mac App Store launched, Apple announced that apps sold using the service would have to be sandboxed. Sandboxing is a security technique that's been around since the dawn of iOS apps — it restricts the access that an app has to other user data and other system resources other than what it needs to get its job done.

Sandboxing in the Mac App Store means that users can be reasonably assured that the apps they're downloading won't compromise the security of their computer or damage the system in any way; it also makes sure that apps won't interfere with each other.

Sandboxing enforces the idea that good fences make good neighbors — that applications work better if they don't interfere with each other or the operating system itself. That's all great in theory, but in practical terms it's not always the best solution, at least not on the Mac.

Take an app I use every day - TextExpander from Smile Software. TextExpander is a handy utility that enables me to type shortcuts (or as they call them, "snippets") that then get expanded into longer text. For example, when I type:

taapl

TextExpander knows and automatically expands it to:

[AAPL](/aapl)

So with TextExpander, I can save myself a lot of keystrokes in the course of a day. But in order for it to work, TextExpander needs to keep an eye on what I'm typing. So-called keylogging apps violate Apple's sandboxing guidelines because they require systemwide access, so Smile had to go outside the Mac App Store in order to sell it.

Customers who want the app can download it from their web site, and Smile no longer has to fork over 30 percent of their gross sales to Apple. But it does reduce the potential market for the product, because many more Mac users — especially those new to the platform — are more likely to buy something from the Mac App Store than elsewhere.

TextExpander is hardly the only app I use which has been affected this way. Another app that I rely on, Bare Bones Software's text editor, BBEdit, is available for sale in the Mac App Store. But that version doesn't support authenticated saves, because by their nature, authenticated saves allow you to change files you don't own). What's more, command line tools aren't included. In both cases, you can work around these limitations by going to the Bare Bones web site and downloading additional scripts and packages, but it's an inelegant hoop to have to jump through simply to obtain full capability.

There are lots of examples of apps that simply can't be sold in the Mac App Store altogether because of Apple's sandboxing requirements. Many apps that use plug-ins, apps that rejigger aspects of the operating system (some audio recording apps and screencasting tools) and others won't pass muster with Apple, and have no choice but to live outside the Mac App Store environment.

Like I said at the outset, sandboxing makes good sense for Apple from a security standpoint. That's one reason why Apple's Gatekeeper software, built into OS X, is restrictive — by default, it's set to only allow apps to be installed that originate from Apple or from "identified developers."

You can Control-click those installers to open them individually, or you can reset the Mac's security settings to allow apps to be downloaded from anywhere instead. But it's another barrier against the installation of software that might give a casual user pause when they try to download an interesting app from a perfectly legitimate developer.

It's hard to argue with the success of the Mac App Store. Since it launched in 2011 it's created a vibrant marketplace for Mac software developers to sell their goods. Its use of Apple ID credentials means that millions of customers can use it right away, even if they've never purchased Mac app software before.

But access to the Mac App Store, at least for the developer, comes at a price: working within Apple's restrictive requirements. And for some eminently useful software tools, that's simply not possible. Those developers will have to remain on the outside looking in, at least for now.

Is Mac app sandboxing a big deal for you? Have you had to go outside the Mac App Store to get the tools you need to do your work? Sound off in the comments, I want to know.

Peter Cohen
Peter Cohen
15 Comments
  • Default Folder X is also affected by this restriction, and it is the most useful utility i use day-to-day.
  • TextExpander, Hazel, and eCamm software like Printopia and PhoneView are apps I use daily that suffer from not being on the store.
  • Well I don't know about mac but for iPhone they can do something about it,and even for mac aswell..Restricting root access while granting apps inter-com permissions??
  • Pretty much every apps installed on my macbook are from the App Store. There are few exceptions like Adobe CS, Alfred (full version) and Bartender. Besides the ease of purchase and the possibility of being more secure, I've never any issues with my 2012 rMBP. Even the recent upgrade to Mavericks has been incredibly smooth sailing. Sent from the iMore App
  • I just experienced this last night trying to in stall my net gear genie app to control my router. I'm new to Mac so I had no idea why but I eventually figured it out using the built in help guide. I actually like the security of it not allowing untrusted apps to install without my permission. Once I learn and master Mac OSX everything I need to do will be much quicker. Coming from Windows and never using a Mac before there is definitely a learning curve but I'm also amazed at the similarities. Posted via the Android iMore App!
  • iOS has keyboard shortcuts.
    OS X doesn't ? Sent from the iMore App
  • I hadn't used a Mac newer than OS X Leopard, and was worried about software installation when I got my new Mac. So far I've been very happy, both with how Mavericks handles the App Store, and software from the internet.
  • I use aText from the Mac App Store as my text expander of choice and I haven't had any issues with it.
  • The points that you make are valid, but I don't think that the situation is as bad as your post makes it seem. I realize that there are apps that some of us need that are hobbled by Apple's restrictions, but consider the alternative we see with Windows. There are a plethora of download sites that peddle all sorts of crapware that masquerades as something useful. Cnet downloads is one of the most trafficked download sites for Windows users, and it's full of ads that misdirect the user from what they really came to download. It's a horrible experience. Apple has taken steps to avoid the kinds of problems that Windows users have to deal with. They have found a good balance between security and ease of use. Those of us who need apps that cannot do what they were designed to do with the restrictions that Apple places on apps on the App Store know where to get what we need, so we're not really harmed. Average, every day Mac users get a great purchasing experience that is secure and easy to use without the crapware. One last thing to consider is that some developers may want to sell multi-user licenses rather than allow a single purchase to be installed on several Macs. That could be another thing that keeps some apps off of the App Store...the desire to make more money from the customers who want to install the apps on more than one Mac.
  • Thanks Howie, after reading Peter’s piece I wanted to highlight the flip side of the coin and you pretty much sum it up for me :¬)
  • The biggest problem with Sandboxing is that Apple's own apps are exempt and they therefore have no internal experience of the pain felt by third-party developers. As long as that's true, this feature will remain a good idea poorly implemented. Personally I've no experience of this as I never buy from the App Store. I require the ability to try software before I buy it.
  • Of course Apple's own apps are exempt. They know better than anyone how to ensure that an app won't make the whole OS less secure, or cause stability problems. It's nice to try software first, but if you never actually buy anything from the App Store, then there's no harm done to you anyway.
  • I hope that's irony. Since Xcode, iWork, iLife et al are pushed through the App Store everyone gets to experience Apple's spotty software QA and technical corner-cutting not just those who are willing to trade the ability to make a sound purchase for a little perceived convenience.
  • Apple's concept (on OS X) makes a lot of sense and power users have the option to buy from other sources. I would like Apple to implement a permission system (similar to iOS guarding access to location data etc.) on the Mac, so they could over time allow users to grant some exceptions to sandboxing. Maybe this would also allow some additional apps to become available in the App Store. I rather have a problem with the current status on iOS. I want e.g. TextExpander support in Safari and Mail apps, and there is no way to have it (Apple's own auto-replace feature is pretty toothless compared to TE). And I want to be able to e.g. open a Markdown file in any of the apps that support it without creating duplicates (or even mailing them to myself, if an app lacks the "open in..." command). I want to be able to recover files from iCloud, even if the app no longer exists (or runs on a newer version of iOS). These things really get in the way and there is no proper solution (or, where jailbreaking options are available, they come at the cost of even less security and stability). Well, iOS7 was all about the look, maybe iOS 8 will "finally" address some of these issues :-)
  • The problem for me is that once you let the genie out of the bottle you can't put him back in. It will add more work for Apple to screen submissions to the App store in order to make sure some malware riddled app doesn't get out into the wild. Even with the screening if some app does make it onto Macs the damage is done. No one will attribute it to the developer it will be all Apple's fault. You have to remember that the Mac App store was created for accessibility to the general users. The apps that need special access is more for the power user. The creation of the Mac App store also didn't kill traditional avenues of advertising. So there are still tons of ways to get the word out about a developers software. Yes it would get an instant boost in the App store. Personally I rather having no need to install antivirus on my Mac.