Apple to require sandboxing in Mac App Store apps as of March 2012

Apple sent an email to registered developers today that's bound to ruffle some feathers -- again. As of March 2012, Apple will require all apps submitted to the Mac App Store to implement sandboxing. This isn't a new development, as Apple was initially going to require sandboxing starting in November of this year. Apple has apparently delayed implementing the rule for another few months, but the requirement itself may cause challenges for some Mac developers.

Apple's motivation behind requiring sandboxing is all about security: "Sandboxing your app is a great way to protect systems and users by limiting the resources apps can access and making it more difficult for malicious software to compromise users' systems." But the company's all-or-nothing approach is potentially problematic; "As of March 1, 2012 all apps submitted to the Mac App Store must implement sandboxing," Apple says.

Over the past few months, developers ranging from Daniel Jalkut to Dr. Drang to Real Studio to Peter Sichel have pointed to flaws and shortcomings in the sandboxing approach, including a buggy Carbon implementation and questionable support for most AppleScript-centric automation tools. Jason Snell and Andy Ihnatko have weighed in as well, concerned that sandboxing may lead to a dumbing down of Mac App Store options or the death of AppleScript itself. (Not all developers are upset, to be sure.)

The sort-of good news is Apple does allow for some exceptions to its pending sandboxing policy. "If your app requires access to sandboxed system resources you will need to include justification for using those entitlements as part of the submission to the Mac App Store," Apple says.

But then there's the bad news: "Apps that are being re-engineered to be sandbox compatible may request additional temporary entitlements. These entitlements are granted on a short-term basis and will be phased out over time."

Before the inevitable complaints about this policy kick in, it's worth taking a step back and remembering that unlike the iOS platform, the Mac App Store isn't the only legitimate way to get apps onto a Mac. That's probably cold comfort to developers who have found the Mac App Store an easier and more lucrative channel for app distribution than the traditional methods. There's also the fact that any discussion that begins with "The Mac App Store isn't the only way to get apps on a Mac" inevitably ends with the ominous pronouncement "yet."

That said, just like some iOS App Store restrictions, this new policy seems a bit on the extreme side. Just like the "no third-party IDEs" rule for the iOS platform last year, it also seems like a policy born in committee that may have sounded like a good idea to Apple at the time but is eventually destined to be modified or deprecated once its real-world implications for the Mac platform become clear. The fact that Apple has already delayed implementing the sandbox requirement by five months could mean further reprieves or workarounds for developers with affected products.