Marco.org

Daniel Jalkut on Mac-app sandboxing:

To increase adoption, Apple should expand the current list of entitlements until it covers every reasonable behavior that users expect from Mac apps. A good test for this is any app that is currently available in the Mac App Store. Having been approved by Apple’s own reviewers, and purchased by Apple’s own customers, the merit of these apps should be considered implicit. If a Mac App Store app’s reasonable behavior cannot be achieved in the confines of the sandbox, it should be considered a sandboxing bug, and a new entitlement should be added.

The current list of sandboxing entitlements is pretty short, but Apple’s about to start requiring every app in the Mac App Store to fit within their constraints.

The App Store’s prior rules already kept out a lot of useful apps that need complete filesystem access, such as the excellent SuperDuper! backup tool. The sandboxing requirement will further restrict what can be in the Store.

Sandboxing is a great idea. But if too few developers can use it, most users will never be able to run a sandboxed-apps-only setup, removing much of the purpose of sandboxing in the first place.

And if Mac users perpetually remain accustomed to looking outside the App Store for robust software, it hinders everyone in the App Store ecosystem, including Apple.