Printed from http://www.electronista.com

Dev pulls MplayerX from Mac App Store over sandboxing tech

updated 01:45 am EDT, Tue August 21, 2012

Latest of many Mac developers to abandon Apple app distribution

Popular video playback application MplayerX is no longer being updated on the Mac App Store. Citing Apple's sandboxing rules, the developer is claiming that the step is coming only after "arguing with Apple over three months" trying to make the newest version of the application function under the new Apple guidelines. The latest developer to pull out of the Mac App Store has reignited the debate of Apple as software curator for its devices.

MplayerX features affected by the sandboxing rules include the automatic loading of subtitles for videos and the ability to play the next episode of a TV show in a folder. Many applications will never be able to be sold on the Mac App Store due to close integration with the kernel of the OS violating the sandboxing requirement, such as most of the Rogue Amoeba line of audio enhancements, with the exception of audio-capture tool Piezo.

The MplayerX developer isn't alone in abandoning the Mac App Store. Codebase version control app SourceTree's developers announced that after March 1 that they would not be updating the application because of Apple's addition of the sandboxing requirement. Listing seven major functionalities that would have to be removed with a restricted version of the application, the developer stated that "tools which perform more complex behaviour, particularly when that involves integrating with other apps and tools, do many things that simply aren't catalogued in the sandbox."

For now, applications can be purchased and installed outside of the Mac App Store. External distribution, the way it was done before the Mac App Store came on line, is the only way some of the kernel-altering applications can be distributed. Apple has implemented a more extensive system-wide security feature in conjunction with sandboxing, called Gatekeeper in OS X 10.8 Mountain Lion. By default, Gatekeeper only allows applications downloaded from the Mac App Store, and apps that are digitally signed with an Apple Developer ID.

Developers, in discussing their concerns with sandboxing and Gatekeeper, see a potential future where the Mac App Store becomes the only venue for OSX application distribution, in much the same way that the App Store is the only place to purchase applications for the iOS unless the device is hacked, which Apple attempts to prevent with every hardware and OS iteration. Dave Howell from Avatron discussing his AirDisplay software and its inability to ever be sandboxed, possibly fearing this outcome said "The host software [for AirDisplay], with its kernel extensions and other low-level components, would never qualify for app store distribution anyway, so no sandbox issue there (at least unless Apple finally shuts down support for third party drivers completely, heaven forfend!)"

Overall, the sandboxing effort is intended to increase security in OS X by limiting the operations a program can execute to program-essential functions, thus hindering malware. OS security is a game of one-upmanship where the OS manufacturer increases security as a result of a threat, and the malware "community" increases efforts to break the OS or changes the vector of attack. This then forces the OS developer to increase security, and the cycle continues. Security measures are often a balance between user accessibility, openness, and convenience versus saving the user from themselves and preventing an action that the user unwisely initiated from taking place, such as opening a malware-laden app. At this time, and for the foreseeable future, despite no credible, persistent malware threat to OS X, all new applications and updates on the Mac App Store are expected to comply with the sandboxing requirement.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. Zanziboy

    Forum Regular

    Joined: 08-27-08

    At this time, and for the foreseeable future, despite no credible, persistent malware threat to OS X, all new applications and updates on the Mac App Store are expected to comply with the sandboxing requirement.

    Read more: http://www.electronista.com/articles/12/08/21/latest.of.many.mac.developers.to.abandon.apple.app.distribution/#ixzz24A74AnSs


    I disagree. There have been a number of credible threats to the platform recently, which has prompted Apple to take an extreme stance on security to ensure the safety of the platform for novice users. Expert users will no doubt continue to download programs from external sites in addition the the Apple App Store.

  1. mr100percent

    Forum Regular

    Joined: 12-06-99

    So? Maybe the Mac App Store isn't meant to sell every single kind of software. You can't put Kexts (kernel extensions) in the Mac app store either, despite the amazing low-level OS stuff it can tweak. Nor can you put OS skins or software drivers in the store either. MplayerX, as much as I like it, kinda crosses Apple's security boundaries, and I don't fault Apple for it. Lousy situation I guess.

  1. hayesk

    Professional Poster

    Joined: 09-17-99

    Originally Posted by mr100percentView Post

    I don't fault Apple for it. Lousy situation I guess.



    I agree with you in that the Mac App Store isn't meant to sell everything. However, I think a number of developers will agree that sandboxing is a bit too limiting. There are certainly more entitlements that Apple could address.

    I don't think Apple will attempt to make the MacOS only able to use Mac App store apps because of these limitations though. A large portion of their users depend on interoperability and low level access that a desktop OS allows.

    Apple gets away with it on iOS not only because they want to ensure that it remains secure, but to also ensure that developers don't try to cram desktop software onto it without designing it for the device properly. Allowing such poorly designed software detracts from the user experience from the device.

  1. chefpastry

    Mac Enthusiast

    Joined: 11-14-05

    There's a reason why it's called "sandboxing".

  1. elroth

    Junior Member

    Joined: 07-05-06

    It's more like sandbagging developers. A system that doesn't allow AudioHijack Pro or Fission or MPlayer is just not a good system, whatever the intentions are.

  1. Spheric Harlot

    Clinically Insane

    Joined: 11-07-99

    Originally Posted by elrothView Post

    It's more like sandbagging developers. A system that doesn't allow AudioHijack Pro or Fission or MPlayer is just not a good system, whatever the intentions are.



    It does, though. By default, even!

    It just won't sell them to you directly.

    Snark aside: The point of the App Store is to have a resource for users to download stuff from that can in no way damage, slow down, or even just *affect* their system, nor can it delete any of the user's data.

    It's the Disney Channel of software distribution. It won't show "9½ Weeks", and it won't show "Blade". That's not necessarily unfair to production companies, and it doesn't mean it's a bad system. It's just limited to very specific things.

  1. besson3c

    Clinically Insane

    Joined: 03-03-01

    The developers of Postbox had to yank it from the store too.

    Why doesn't Apple just put up a warning about apps that don't support sandboxing or something? Users that want the app are going to get the app, and then the possible malware, all this system does is provide a bit of a deterrent at the expense of making life potentially difficult for developers.

  1. Spheric Harlot

    Clinically Insane

    Joined: 11-07-99

    Originally Posted by besson3cView Post

    Users that want the app are going to get the app, and then the possible malware, all this system does is provide a bit of a deterrent at the expense of making life potentially difficult for developers.



    I don't understand the "users […] are going to get […] the possible malware" bit.

    The Mountain Lion default Gatekeeper setting allows for running App Store installations and code-signed external downloads.
    It does not permit unsigned code and throws up a warning if you try to run it. Why does getting the app elsewhere necessarily open up the user to malware risks, given that code-signing is mandatory by default?

    Also, as I wrote, this is not just about malware. This is also about inadvertently deleting or overwriting user data, about affecting system performance, about transparency to the user, and about being able to just test and delete something easily.
    It seems completely logical that anything that would require a kernel extension, for example, would not be allowed.

  1. graxspoo

    Fresh-Faced Recruit

    Joined: 11-22-08

    I agree with Spheric Harlot. Sandboxing seems like an enormous overreach on Apple's part. As a Mac developer I'll point out that my company has been chasing after Apple's shifting platform for over a decade. First it was Carbon, then Mach-O, then Xcode, then Intel, then the EOL of Quicktime, and now Cocoa and 64-bit. Sandboxing is a bridge too far. If Apple wants to cripple their platform and sell only 'baby' versions of software, good luck to them, but we're seeking greener pastures.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Epson WorkForce DS-40 scanner

In this day and age, there's a significant amount of pressure to go paperless, and downsize the amount of things that one collects ove ...

Sponsor

toggle

Most Commented

 
toggle

Popular News