As many of you know, Apple has decreed that all new Mac App Store submissions must comply with their new requirement for using the Mac OS X Lion “Sandbox”.
This is a security mechanism that restricts what applications can do. By default applications can do almost nothing other than bring up a window and respond to mouse clicks; there’s no access to your files, the internet, etc. This limits the damage that a crashing or virus-infected application can do. If the application, for instance, cannot access the internet or the file system, it can’t steal your data and it can’t transfer it anywhere.
It is then up to the developer to define which “entitlements” their application requires (e.g. I need access to user files, I need to be able to open a web browser on the product homepage, etc.) and up to Apple to grant or reject such entitlements. Obviously the fewer entitlements Apple grants the higher the security.
This is how iPhone and iPad apps have always worked: can’t do much, Apple decides what they can do.
It’s also the exact opposite of how Mac or PC or any other applications have traditionally worked. Mac applications by default have access to everything on your machine and the internet. The only restrictions are based on the file system permissions, so you can’t look at or change the files of another user unless you are a system administrator.
In principle, sandboxing does increase security and that is a good thing.
Unfortunately in practice, Apple have made a dog’s breakfast of both the technical implementation and the policies around the sandboxing.
While it is possible to define “entitlements” to cover almost every aspect of what an application could possibly want to do, Apple have not allowed third party developers access to these entitlements. For many things there are no “third party accessible” entitlements and for many other things, Apple is unlikely to grant those entitlements anyway. The mechanisms that are available do not allow for all existing features of existing applications to be preserved when that application is sandboxed.
I have spent considerable time adopting the Lion sandbox for the Mac App Store versions of my products, as I want to continue to update them in order to bring you the latest (and hopefully greatest) features.
Vitamin-R is the first of these sandboxed versions that I have submitted and now after two rejections it seems that it will finally be accepted.
In order to comply with the Sandboxing rules and Apple’s rejection of my request for several entitlements, the following features had to be removed:
- Support for the Neurosky Mindwave headset was removed
- The ability to quit applications in the “eliminate distractions” screen was removed.
- The ability to automatically close Finder windows in the “eliminate distractions” screen was removed
- Growl support was removed
Other changes include:
- If you use the Dropbox integration on Mac OS X 10.7.0, 10.7.1 and 10.7.2, you will be prompted to locate your dropbox folder every time you launch the application. (Upgrading to the latest Mac OS X Lion version will fix this).
- The download now includes the Noise Machine soundscapes files and is therefore much larger
- Many other minor and hopefully invisible changes
I understand that many of you will be upset to lose these features and all I can say is that “it wasn’t my idea”.
When I mentioned that these features had to be removed because of the sandbox requirement in the “What’s new” section of the Vitamin-R Mac App Store page, my “meta-data” was promptly rejected and I was asked to remove any mention of Apple policies.
In other words, I’m not allowed to use Apple’s Mac App Store to inform Mac App Store customers of what is going on, because that would make Apple look bad. Apple prefers its customers to be mad at me for complying with their rules rather than to put up their hand and say “it was us and we’re not sorry because we think we are right”.
Well, I’m gutted about the whole thing.
If accepted in its current form, Vitamin-R will have survived its migration to the sandbox relatively intact. Many of the features that had to be cut were minor and won’t be missed too much by most users.
In any event, if you have bought Vitamin-R on the Mac App Store and you are missing a feature you need, please just contact us at firstname.lastname@example.org and we’ll issue you with an unlock code for the “full” version.
Please don’t vent on the Mac App Store because this penalizes developers for something that they have absolutely no choice about. It also does not allow developers to respond to criticism as they cannot post replies and do not have any idea of who you are and how to contact you to resolve the problem.
Unfortunately, the new Mac App Store sandbox requirement means that henceforward there will be two versions of most Mac applications: a sandboxed one that misses features and a full one that is only available directly from the developer. You can basically choose between greater convenience and greater freedom. Usually it is convenience that wins out.