Feeds

Apple requires Mac App Store candidates to be sandboxed

Protection for your own good

The Power of One eBook: Top reasons to choose HP BladeSystem

Developers submitting applications to Apple's Mac App Store will soon be required to add an extra layer of security for their wares to be accepted.

Beginning in March, all apps submitted must implement sandboxing, a protection that tightly restricts the way applications can interact with other parts of the operating system. By isolating the app from sensitive OS resources, sandboxing minimizes the damage that can be done when vulnerabilities are exploited. It was significantly improved with this year's release of OS X Lion.

“The vast majority of Mac users have been free from malware and we're working on technologies to help keep it that way,” a blurb on Apple's developer news page stated. “As of March 1, 2012 all apps submitted to the Mac App Store must implement sandboxing.”

The move comes as the quality and quantity of malware targeting Macs has steadily risen over the past year. The recently discovered DevilRobber.A trojan, for instance, commandeers a Mac's graphics card to coin the digital currency known as Bitcoin, and OSX/Revir.A can install itself even without explicit user permission, bypassing a protection that has long brought comfort to many Mac fans.

Recent changes to the Flashback trojan prevent the malware from running on virtual machines, a stealth technique adopted years ago by Windows malware developers.

The new sandboxing requirement was quickly applauded by many security researchers, but the reaction among Mac developers was decidedly more mixed. According to The Unofficial Apple Weblog, Apple's sandboxing approach has the potential to interfere with some functions, particularly those involving AppleScript and the programming interface known as Carbon.

"For 99.44% of the applications out there, sandboxing is a workable technology, whose adoption curve is relatively flat and low-friction, and whose users won't notice any functional difference," Rich Siegel, founder and CEO of the Mac development house Bare Bones Software, said in an email. "Applications whose functional scope is in that last 0.56% will require solutions that take into account the notion of 'implicit user intent,' which to date hasn't been adequately addressed by the sandboxing model as currently presented."

Siegel's percentages are figurative and not intended to be taken literally.

The contrasting reactions highlights the longstanding conflict between the security and functionality of software. More often than not, when one is increased, the other suffers.

Ultimately, the new Apple mandate is a good thing. An analysis from last year showed that some of the most popular Windows applications, including Java, Apple Quicktime, and OpenOffice.org, failed to implement security protections that had been available for years in the Microsoft OS. What's more, the report found that the Mozilla Firefox, Chrome, and Opera browsers applied the mitigations inconsistently.

Clearly, the build-it-and-they-will-come approach doesn't always work when OS developers bake important protections into their systems. Apple's mandate may be painful for some developers, but if it protects end users, it will be worth the hardship. ®

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Whoah! How many Google Play apps want to read your texts?
Google's app permissions far too lax – security firm survey
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
OpenWRT gets native IPv6 slurping in major refresh
Also faster init and a new packages system
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.