Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple sends out sandbox deadline reminder email to developers

Last updated

With Apple set to flip the switch on its Mac App Store sandboxing system, the company sent out an email to registered developers on Friday reminding them that enforcement of the new rules will being on June 1, 2012.

The email is seen as confirmation that the sandboxing effort will go into effect after Apple pushed back the original November 2011 deadline to March which was subsequently extended again to June.

From the email:

As a reminder, the deadline for sandboxing your apps on the Mac App Store is June 1.

If you have an existing app on the Mac App Store that is not sandboxed, you may still submit bug fix updates after June 1. If you have technical issues that prevent you from sandboxing your app by June 1, let us know.

It is unknown why Apple decided to delay the security feature, but a report from November pointed out that a vulnerability allowed programs to exercise restricted functions in certain default sandbox profiles.

The sandboxing initiative looks to make Apple's OS X a more secure environment for users by restricting what operations an app can execute. First seen in OS X Leopard, the feature is designed to limit an app's actions to program-essential functions in order to prevent damage from malware attacks.

On Thursday, image-editing app Pixelmator became the first to adhere to the new Mac App Store sandboxing stipulations.

While sandboxing only covers programs installed through the Mac App Store, Apple will be implementing a system-wide solution called Gatekeeper in its next-gen operating system called OS X Mountain Lion. Appearing on its surface to be a more traditional anti-virus program, Gatekeeper goes deeper and, at its most secure setting, will only download and install verified code that carries digital signatures obtained through Apple's Developer ID program.



5 Comments

wizard69 21 Years · 13358 comments

The new security features will be a mixed blessing.

technohermit 18 Years · 563 comments

I haven't read much on it, but I assume that there will be a way to just get no interference or minimal from GK?  As in the "I actually know what I'm installing so let me do it" setting?

charlituna 16 Years · 7217 comments

Quote:
Originally Posted by technohermit 

I haven't read much on it, but I assume that there will be a way to just get no interference or minimal from GK?  As in the "I actually know what I'm installing so let me do it" setting?

 

Yep. there is a system setting to allow all installations. 

vanfruniken 21 Years · 260 comments

I am just afraid that with the new configurable security settings, a new kind of social engineering attack will see the light.

Malicious apps may generate nag alerts on purpose, intending the user to get tired at some point and relax the sandboxing security settings.

radjin 14 Years · 165 comments

Quote:
Originally Posted by VanFruniken 

I am just afraid that with the new configurable security settings, a new kind of social engineering attack will see the light.

Malicious apps may generate nag alerts on purpose, intending the user to get tired at some point and relax the sandboxing security settings.

Of course they will, you just have to be smart enough to realize that no legit company will ask for you to log in or enter your password information unless you initiate an action that requires it.