App-ocalypse soon: Apple extends sandboxing deadlines, but restrictions loom
Image: Shutterstock
Apple issued a three month extension on application sandboxing today, giving devs a little more breathing room before new rules take over. June 1 2012 is now the enforcement date. We've been having many discussions about Mac development in the TUAW backchannel over the last week.
The introduction of GateKeeper and the notion of signed apps, sandboxing, and developer IDs have us talking about where Apple is taking the Mac, and will be moving Mac development in general. Overall, we think things are moving towards a win for consumers and better opportunities for devs. Read on to learn more about these technologies, and how they affect developers and App Store.
GateKeeper is Apple's new approach to making your Mac safer by giving you control over which applications may download and run on your computer. With GateKeeper, developers sign apps to authenticate them with the OS -- both apps that you purchase from the Mac App Store and, at the developer's option, also apps you purchase elsewhere.
With Mountain Lion, you choose which apps are allowed to run. You'll be able to disable GateKeeper and run apps from anywhere if you like, although this is not the default setting.
The thing is this: Apple continues moving towards a more controlled, less open, more appliance-like concept of what a Mac means. That redefinition is causing ripples, affecting app development more and more. Applications can do fewer things, access fewer system resources, and control other apps less than they did in the past.
Developers who choose to enroll in the Mac development program pay a $99/year fee just as those who enroll in the iOS development program do. Once enrolled, they can sign their apps as identified developers -- as well as gain access to early beta versions of unreleased operating systems.
When the iPhone SDK first debuted, many people including yours truly complained about what couldn't be done with the APIs: what files could be accessed, what routines could be called, and so forth. Coming from a general computing background, one learns to expect to build whatever one can imagine. If the building blocks are there, then why not build whatever tools you need? That all ties into a background of fully open computing.
Apple's policy split the dev community into the jailbreak world and the App Store world, with many people crossing over depending on what they were building. Under jailbreak, developers gain full access to the entire iOS file system and run apps in a fully privileged mode. This gives devs a much broader development vocabulary to work with. The jailbreak world became known for its innovation, with Apple mining those forward-looking ideas and free R&D and bringing them into successive iterations of their operating system.
At the same time, developers had to change. If they wanted to market through App Store, they had to relinquish product ideas that wouldn't work within the more closed-off system that App Store submission required and look instead for opportunities of development that were allowed.
No one can look at App Store today, with its countless apps, and say that Apple denied developers opportunity. It's just a somewhat different opportunity than many developers expected. It's an opportunity that restricted certain kinds of applications, most typically OS enhancements and utilities (which have flourished on other mobile platforms with less oversight of developer access). Overall, Apple has provided better tools, better marketing, and better sales avenues than had existed before. The end result has been apps that are significantly better than previous generations.
And now, Apple is doing the same thing for the Mac.
This is emotionally hard for some long-term devs like me. We want Linux-y freedom for whatever we want to build and distribute. Now, with sandboxing (a technique that restricts application access to full system files; all apps that are not sandboxed will be removed from the Mac App Store starting June 1st [Update: Older apps will still be on the store and allowed bug fixes- Ed.]) and GateKeeper (limiting apps to those that are signed and authenticated), Apple is setting a new default: software consumers will expect to be protected, and will expect that any item being delivered to them will comply with Apple policies.
We developers have two choices: either opt in to Apple's signing (developer IS) and/or distribution system (App Store), or limit ourselves to only those customers savvy enough to opt out to the "all's fair" system. It's essentially a Mac jailbreak--just without all the pain of waiting for the next untethered release. (Speaking of which, yes, it would be lovely if this idea goes exactly back to the iPhone, so we don't have to wait on those exploits and releases.)
Apple's brave new world for the Mac gets that there are "power" users and "consumers." And it also gets that the latter category vastly outnumbers the former. As it builds new and better operating systems that retain desktop functionality, it is shaping computing to match consumer needs and wants, not developers.
Not everything is roses. Some devs are complaining--with good reason--that Apple's approach to proprietary technologies will prevent them from selling off the App Store for iCloud features, for example. If you want to tie into those APIs, you won't be able to go to third party merchandising storefronts to sell your software. App Store-exclusive features will tie developers further into Mac App Store and to Apple's 30% cut. Those Apple-specific technologies will continue to grow over time.
What's more, developers must continue putting pressure on Apple to extend entitlements, allowing apps to grow the kinds of resource access they are allowed under Apple's sandbox system. The current set of entitlement restrictions seems unnaturally limited.
Just as iOS's App Store has responded to developer requests, the Mac environment will have to soften restrictive rough edges over time. A passionate and involved developer community will help those changes happen. Community-sourced advocacy such as Tim Burks' Open Radar project allow developers to cooperatively brainstorm and strategize about which access issues are the most important to them.
In the end, this is going to be an amazing end-point for consumers. You can talk about "what has existed for a generation," but that means things like Microsoft Word. There is no way anyone can argue that MS Word was an amazing end-point for general consumers.
It's a wake-up call for devs who have stuck with Apple through the dark years. Apple is changing up the game. Devs have to change it up too. And if Apple's success with iOS App Store is any indication there will be more opportunity and better chances at creating a living than ever before.
Thanks, Remy "Psy" Demerest, Kyle Kinkade, |Agent
Share
Source: http://tuaw.com/tag/mountainlion
No one can look at App Store today, with its countless apps, and say that Apple denied developers opportunity. It's just a somewhat different opportunity than many developers expected.
Add a Comment
I am not a geek, though I could pass for one. I have jailbroken my stuff, I have customized OS X with low-level utilities, I have hacked OS X, but I found myself regressing to the experiences I had in the Windows world, which defeated the purpose of switching to a Mac in the first place. I repented and I'll never do any of that again. I use my Apple gear as tools, not toys, and I don't have the time or expertise to figure out which overly imaginative program is mucking up my computer. If I wanted to spend all day troubleshooting and rebuilding my computer, I'd go back to Windows on a Dell. Developers who want to break the rules don't get my money.
February 27 2012 at 4:21 PM Report abuse Permalink rate up rate down Reply
Cocobongo
Gatekeeper? Hello Vista...
February 22 2012 at 7:10 AM Report abuse Permalink rate up rate down ReplyDo you think Apple could 'approve' their own applications, and like, check that they work before shipping instead of looking at other developers Apps in their AppStore?
Having just stuck Lion on (yes, I waited to upgrade... for the first time in 5 years...) I used to have a luverly 27" iMac, now it dies when it goes to sleep, needing power cycled, switching users sometimes causes menus in applications to be disabled until switching user again, Mouse cursor randomly changes, LaunchPad is an incomplete mess (no delete??? wtf!), Parental controls are broken on https sites... the list goes on. And this is just in the first 24 hours of playing with it.
Until Apple can QA themselves are they really in a position to cast a spell of 'approval' on anything on the Mac platform?
I understand signed apps and app store will be default settings in mountain lion. As long as apple is fair in cost and hassle to get a cert i don't see a major issue here. From what i understand it will be one cert per co/developer and its self signing. No perapp approval like IOS. Real question will be cost. for hobbyist programmers.
February 21 2012 at 7:44 PM Report abuse Permalink rate up rate down ReplyI am really torn as to how to feel about this change. I can see advantages AND disadvantages to this for both consumers and developers. But I do believe that Apple will have to fight the Apple-haters that will pile on over this. Claiming that Apple is making a money grab and limiting innovation. It works on the iOS side because that is the way it was introduced and the Android market is so fragmented that people enjoy the simplicity of uniform standards and just one place to go for their apps. THe fact that super-users can work around this is its saving grace. But it does appear that Apple is progressing towards making the computer an appliance. And that is how the younger generation sees it. They have always had a computer, just like they have always had a toaster. Both have their uses and they just want them both to work properly. Certain things computers do still astound me, but my 35 year old daughter just takes them in stride.
It will be interesting to see how it pans out.
The only real issue I see as a developer myself is bifurcation of app features; I don't believe that Apple should limit for example iCloud access to Mac App Store apps only. If the dev is known and signs their stuff, they should be good-to-go.
Otherwise, I feel the ML solution is pretty fair and flexible.
I can't wait for Steam to get on the App Store.
February 21 2012 at 4:56 PM Report abuse Permalink -1 rate up rate down ReplyI can't wait for steam to have a reliable OS X application. that "steaming" pile of crap needs an overhaul.
February 21 2012 at 8:55 PM Report abuse Permalink +3 rate up rate down ReplyDeals of the Day
more deals- Acoustic Research Digital Photo Frame with iPod Dock for $50 + free shipping
- Apple iPhone 4 8GB for Verizon, AT&T, or Sprint for $50 + pickup at Best Buy
- Unlocked iPhone 4S 16GB for GSM (AT&T, T-Mobile) for $619 + free shipping
- Apple iMac Core i7 Quad 3.4GHz 27" w/ 24GB RAM, 2TB HDD for $2,677 + $29 s&h
- Used Apple Magic Mouse for $36 + $4 s&h
- Skullcandy Riot Earbud Headphones for $10 + free shipping
Software Updates
more updatesFeatured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
8 Comments