Apple announced that starting next March developers will have to sandbox their apps in order to get them into the Mac App Store. The concept of sandboxing means the app runs with only limited access to other parts of the operating system or other apps. In order to make it into the app store the developer must state clear what resources it accesses and it can only access certain approved resources. For example, it can access files in a user’s Home folder but not in other system folders. The app must list the resources it access, what Apple calls “entitlements.”
Apple planned to implement this feature this year, but delayed the requirement till March for no publicly stated reason. The ultimate reason for this is security. Sandboxed apps are safer than apps that can access system resources. Windows historically struggled with security issues for this reason, although Windows Vista and 7 secures the operating system more aggressively than earlier versions of Windows. Windows 8 apparently will also include a similar security approach for Windows 8 native apps.
The practice of sandboxing will protect users from nefarious developers who hope to attack users, trying to access their system’s recourses to use it as spambot (using a computer to send out spam without the user knowing it) or for DDOS attacks (using many machines to attach a website without the users knowing it). Users also will want to secure their passwords and private information and won’t want apps to be able to make changes to system settings or files.
Developers may be bristling over this requirement, but in the long run users will appreciate the added level of security as the Mac OS X platform grows in popularity. The more users with OS X computers the more enticing those systems are to the bad guys.