A developer writing software for Delicious Monster has an interesting take on Apple’s decision to push the sandboxing requirement for Mac App Store apps to March 2012. He says “they are forcing developers to use the wrong [tools].”
Will Shipley acknowledges in a blog entry that real security in Mac OS X requires Apple-signed certificates, despite Apple enforcing not one, but three ways to lift walls around its operating system and the apps running on it.
And Apple is currently not enforcing Certification enough, he says:
“There are three primary ways Apple increases security of applications running on the Mac and the iPhone: Sandboxing, Code Auditing, and Certification. While all these are incrementally valuable, none is perfect on its own.”
“The problem Mac developers are facing is that the two that Apple is enforcing on the Mac App Store (Sandboxing and Code Auditing) are implemented currently to be actively bad for developers and not particularly good for users. And the method that would provide the most benefit for developers and users (Certification) isn’t enforced broadly enough to be useful,” Will explains.
For Certification to work, OS XLion has to ‘know’ that the entitlements haven’t been changed since the last version of an app was posted by its developer, according to Shipley.
“…so if the user somehow gets a modified version of the application that’s been hacked, the signature will be off, and Lion won’t run the app,” he explains.
“Nifty. Except in practice, this has issues,” according to the software expert.
“One is, everything a developer might want to do has to have an entitlement enabling and disabling it, and those entitlements have to work. It’s an enormous job for Apple to take the entire operating system and rewriting it in terms of entitlements,” he says.
Will recalls a conversation with Apple’s former OS X chief, Bertrand Serlet, who once told him that “Mac OS X now has roughly as many instructions as we believe the human brain does. So: big job,” he writes.
Will’s full blog entry, which includes an explanation as to why Apple was forced to push the Sandboxing deadline to March 2012, can be found here
. Good read (albeit quite a lengthy one).