News: Apple Pushes Sandboxing Deadline to June 1

Posted on February 21, 2012

Although the deadline was supposed to be next week, Apple posted a notice on its developer site that it was moving the date for OS X apps purchased through the Mac App Store to be sandboxed to June 1. Essentially, this would make OS X apps behave like their iOS cousins—they cannot interact with your computer outside of their specific confines…

The post simply states:

We have extended the deadline for sandboxing your apps on the Mac App Store from March 1st to June 1st to provide you with enough time to take advantage of new sandboxing entitlements available in OS X 10.7.3 and new APIs in Xcode 4.3. Get more details about sandboxing your app and find answers to FAQs.

If you want to know more about sandboxing, John Siracusa explained it in his Lion review for Ars Technica:

Running an application inside a sandbox is meant to minimize the damage that could be caused if that application is compromised by a piece of malware. A sandboxed application voluntarily surrenders the ability to do many things that a normal process run by the same user could do. For example, a normal application run by a user has the ability to delete every single file owned by that user. Obviously, a well-behaved application will not do this. But if an application becomes compromised, it may be coerced into doing something destructive.

In Lion, the sandbox security model has been greatly enhanced, and Apple is finally promoting it for use by third-party applications. A sandboxed application must now include a list of “entitlements” describing exactly what resources it needs in order to do its job. Lion supports about 30 different entitlements which range from basic things like the ability to create a network connection or to listen for incoming network connections (two separate entitlements) to sophisticated tasks like capturing video or still images from a built-in camera.

I’m sure the deadline being pushed back is good news for developers still finding ways to work within the constraints.

This post has been filed in News