Home > Apple > Why Apple’s Mac App Store…

Why Apple’s Mac App Store ‘sandboxing’ is ruffling developer feathers

The iOS App Store has been a huge hit, inspiring app store imitators on nearly every platform. Meanwhile, Apple’s personal-computer equivalent, the Mac App Store, has also been a ferocious market-share grabber,  not least because it’s the only way to obtain the newest OS X update.  But while consumers love the one-stop convenience, the Mac App Store is becoming a lot less popular with the other half of the sales equation: developers.  Macro Arment, creator of Instapaper, has issued a blistering critique of the Mac App Store, and many other developers are speaking openly to long-time Apple source Macworld about their frustrations with the outlet.

Central to Arment’s critique is Apple’s newly-required “sandboxing,” which severely restricts developers in the name of security.  Every computer user, and especially the kind of non-technical users that Apple pursues, wants to feel confident that their applications aren’t going to erase their files, spam their friends, or contribute to the self-awareness of Skynet.  Apple users used to consider themselves happily virus-immune, but malware is starting to show up on the platform as its popularity makes it a more appealing target.  So Apple first implemented Gatekeeper, a system application that restricts your ability to install non-App-Store software, and then declared that by the end of summer, all apps on the Mac App Store had to keep away from any operations that Apple deems risky to security, unless they specifically petition Apple for “entitlements” to access those system calls.

But it’s tough for an application to do anything interesting without some access to things in the operating system.  Granting entitlements seems like a reasonable compromise, but as developer Wil Shipley noted, Apple hasn’t even created creating entitlement categories for all the things that developers commonly do, and actually reviewing every entitlement submitted would require a QA department the size of an iPad owner’s smug self-regard.  That means developers are going to have to either pull their software from the Mac App Store, or eliminate some of the features that make their software appealing.  

So Apple has demanded sandboxing to give consumers the security they want, but developers are saying it’s going to force them to abandon features consumers use.  Security versus power: It’s like a Dark Knight movie in your Home directory!  Of course, developers could simply stop distributing their software through the Mac App Store, but that only works until Apple decrees that every application installed on your Mac has to be sandboxed, a nightmare already haunting many users.  

Apple, of course, would rather have everyone stay in the Mac App Store and comply with sandboxing.  Those lovable rogues at One Infinite Loop have weathered storms of outrage before and come out on top, and they have reason to believe this is the kind of kerfuffle that vanishes once developers acknowledge that Apple has made customers happy in a way that those insensitive programmers never could. 

So far, plenty of developers are angry and are fleeing the app store in not-insignificant numbers,  but others have found sandboxing to be less restrictive than they expected.  Some well-informed writers say it’s all proven to be nothing but Internet hullabaloo  while users seem not to have noticed.  Still, as long-time Apple observer Andy Ihnatko says, “It’s going to take some time — maybe even a couple of years — before developers learn how to do everything they need to do under App Store restrictions, and Apple learns which of these restrictions could stand some loosening up. And until that happens, there will be some very real limitations on how good a Mac app can be.”  It remains to be seen whether users are willing to put up with a few years of sub-par software, or whether developers will put up with years of arbitrary treatment, while Apple figures it all out.

Get our Top Stories delivered to your inbox: