Vitamin-R & the Mac App Store Sandbox

It is finally happening. Apple have made good on their promise/ threat of requiring all applications on the Mac App Store to adopt the Lion Sandbox technology by June 1st.

You may already have heard many Mac developers moan about this, while others are trying to see the bright side or are at least putting on a brave face. It’s all true and it’s all a lie.

First off, sandboxing does improve security. The idea is that every application that is launched by the operating system works in its own “sandbox”. It can do anything it wants within its sandbox, but when it tries to interact with the rest of your system by accessing files, connecting to the internet, talk to other applications, etc.. it is restricted by its “entitlements”. All this so that even if your application is infected by a virus or is deliberately “naughty” (aka malware), it can only do so much damage.

The kinds of entitlements that exist are defined by Apple and while it is the developers who decide which entitlements they believe their application needs, it is Apple that grants or rejects each entitlement.

The basic equation is this: the less your application is allowed to do, the less damage it can do. So if Apple is serious about the security aspect of the sandbox, it will grant what it deems to be the minimal entitlements required by the application.

Even though it means more work for developers, the sandbox in itself is not a bad idea. Security is good, right?

The rub lies in the fact that unlike iPad and iPhone applications which effectively take over your whole device, most Mac applications live in an eco-system together with other applications. They share files, they interact with other applications and the system to deliver an integrated user experience.

The sandbox gets into the way of all this. Sandboxed applications can only access files on your disk after you have opened them in the “Open…” or “Save…” dialog. They can only interact with other application via AppleScript if they have a specific entitlement for that specific application and that means that Apple has to grant that specific entitlement during the review process. Worse yet, there are no entitlements for a whole range of things that a powerful app could potentially want to do.

For many applications, this will mean that existing application features that have existed for a long time will need to be removed in order to comply with Sandboxing rules.

I have finished sandboxing Vitamin-R and I have managed to keep most of its features alive and well.

Some features, however, did not make the cut. So I have removed the following features from the Mac App Store version of Vitamin-R:

  • the ability to quit other applications from the “Eliminate Distractions” screen
  • the integration with NeuroSky’s MindWave brain computer interface

(There are entitlements for either of these things).

Other features require “temporary entitlements” that Apple may or may not grant.

The features “at risk” are:

  • Things integration
  • Things beta integration (new if accepted)
  • OmniFocus integration
  • Growl integration
  • The Hit List Integration

There is no rational reason for doubting that Apple will grant these entitlements, but the MAS review process is notoriously capricious. The term “temporary” also does not fill one with great confidence, so these features may well disappear somewhere down the line even if accepted now.

I will be submitting Vitamin-R 1.81 to the Mac App Store as soon as version 1.80 is released next week and if everything goes smoothly and Apple isn’t backlogged, it should be available within a fortnight.

On a personal note: I do not want to remove a single feature from any of my applications. Apple is forcing my hand and I’m doing what I can to preserve functionality. The versions of my software distributed via my own website will remain outside of the sandbox and thus unaffected.

I’m also looking into ways of allowing users who have purchased via the Mac App Store to download and use the “full” version of Vitamin-R from my website for free. This is made more difficult by the fact that Apple does not share customer data with third party developers and I thus have no idea of who buys my software on the Mac App Store.

I hope to have a simple solution ready sometime in June, but this again depends on whether the Mac App Store review team accept the solution.

If you are upset about losing features, the best idea is to let Apple know about it. We developers have already done all we can. There’s a “Support” link in the “Quick Links” section of the Mac App Store front page and of course there are Apple Stores all over the world.