Apple and Sandboxing Programs on Mac OS X

It would seem that Apple is moving towards further convergence of iOS and Mac OS X in terms of their control of what gets installed and how those installed programs operate and interoperate within the OS.

One of the security innovations of iOS is sandboxing. To sandbox a program means to run a program within a secure space that limits its access to files on the systems, to other processes running, and to hardware. Essentially, the program is walled off from everything else in the running OS. This is good for security, because a single compromised app cannot bring down the rest of the OS or delete/damage files in the sandboxes of other programs or subvert the OS by direct access to the system hardware.

There are two reasons why sandboxing programs on Mac OS X bothers me:

1) Apple is enforcing these changes through its Mac App Store. Developers need Apple’s App Store more than Apple needs the developers. Apple realizes that a centralized marketplace with its ease of use will encourage users to buy and install programs from the App Store more readily than through traditional boxed software or shareware. It is only another step after making developers build their software to be sandboxed to enforce an install new programs only through the Mac App Store.

2) If all programs eventually must be sandboxed to run on Mac OS X, then the ability to multitask in several programs drawing on a shared set of files will be a pain. Perhaps through iCloud or other cloud services, it will be possible to access files across apps, but I like to have my files stored locally in one place that I can easily locate and backup on my own. This kind of new app behavior will disrupt my workflow to the point that I would have to reinvent the workflow wheel.

We do not yet know if Apple will enforce sandboxing for any application installed on Mac OS X including those not obtained through the Mac App Store, but we do know that Mac App Store developers have until March 1, 2012 to implement sandboxing and submit their apps for approval for additional privileges [read more here on TUAW]. There are already over 500 comments on Slashdot regarding this news here.