What is sandboxing?

Sandboxing requires applications to only use the very minimum of system requirements and APIs. By limiting the access to the system to only the areas which the application actively requires access to, users' data is safer - and should any malware attempt to 'hijack' a sandboxed application the damage this hijacked application could do is limited.

Right now, every application has full access to sensitive information on your Mac: for example, Address Book has access to your entire filesystem. All that access isn't really needed in most cases.

New applications with the basic sandbox applied have no access to the filesystem, and every time a feature of the Mac is required, it has to be explicitly opted into – this could be network access, USB access, printing, Photos folder access, and location services.

Requesting the ability to use location services from within the sandbox still enforces the OS X prompt asking the user if they'd like to grant the application access to location data. The difference is that, by default, sandboxed apps don't have the ability to ask the system to prompt the user.

Keith Blout from Schrivener developer Literature & Latte explained: “Under sandboxing, you have to request certain entitlements - saving and loading from file, access to the camera, access to the internet and suchlike.”

Many developers are happy to support Apple in the changes. Scott Marc Becker of IGG Software, developer of iBank, said: “We're equally committed to three things that all come into play here: the Mac platform; security; and the user experience. Given those considerations, we're supportive of Apple's changing requirements - not just Sandboxing, but Gatekeeper and all of the other features or demands of OS X, iOS or the Mac App Store that protect users from the wide variety of threats encountered on other platforms.”

Public Space’s Frank Reiff agreed, to an extent: “Theoretically, there is a real, measurable increase in security for the end-user and as a developer as well as Mac user, I'm of course fully supportive of this.”

Open Planet Software’s Karen MacLean told us: “Sandboxing is a 'last line of defence'. It will not prevent malware or attacks but is designed to limit the possible damage that can occur should our app, or a system component we use, be compromised. It's a bit like the airbag in your car - it wont stop you having an accident but you will sustain significantly less damage than you would have without the airbag.”

Cognito’s Grant Cowie agreed that the measures aren’t really enough to combat malicious software. “For our users, it won't make any real difference (apart from loss of functionality). Apps that deal with sensitive data still need to make their own security provisions to protect that data from exploits. Sandboxing does nothing in that regard.”

“Sandboxing limits damage from compromised applications (such as from remote exploits), and it guarantees that an app that a user installs does only what it says it does. Widespread adoption of sandboxing would effectively stop the Trojan horse threat if customers only ever install sandboxed applications,” added Cowie.

“There is no question that it is, long term, a good thing. On the iOS platform, sandboxing provides customers with the confidence to buy and install apps from the store without worrying that it is going to compromise their device or personal data. Obviously providing the same confidence when it comes to buying Mac software must ultimately be good for that software market too,” said Cowie.

However, he added: “Apple is in a position to apply considerable pressure though simply by making it scary for customers to buy non-sandboxed apps in the store.”

Page 1: Confusion and concerns And why isn’t Apple listening?
Page 2: What is sandboxing? And will it work? 
Page 3: Is there really a Mac security threat? And will Sandboxing remove it?
Page 4: The case of the evolving sandbox guidelines And how Apple needs to get its act together

Developers may ditch Mac App Store over sandboxing issues