The email is seen as confirmation that the sandboxing effort will go into effect after Apple pushed back the original November 2011 deadline to March which was subsequently extended again to June.
From the email:
As a reminder, the deadline for sandboxing your apps on the Mac App Store is June 1.
If you have an existing app on the Mac App Store that is not sandboxed, you may still submit bug fix updates after June 1. If you have technical issues that prevent you from sandboxing your app by June 1, let us know.
It is unknown why Apple decided to delay the security feature, but a report from November pointed out that a vulnerability allowed programs to exercise restricted functions in certain default sandbox profiles.
The sandboxing initiative looks to make Apple's OS X a more secure environment for users by restricting what operations an app can execute. First seen in OS X Leopard, the feature is designed to limit an app's actions to program-essential functions in order to prevent damage from malware attacks.
On Thursday, image-editing app Pixelmator became the first to adhere to the new Mac App Store sandboxing stipulations.
While sandboxing only covers programs installed through the Mac App Store, Apple will be implementing a system-wide solution called Gatekeeper in its next-gen operating system called OS X Mountain Lion. Appearing on its surface to be a more traditional anti-virus program, Gatekeeper goes deeper and, at its most secure setting, will only download and install verified code that carries digital signatures obtained through Apple's Developer ID program.
5 Comments
The new security features will be a mixed blessing.
I haven't read much on it, but I assume that there will be a way to just get no interference or minimal from GK? As in the "I actually know what I'm installing so let me do it" setting?
I haven't read much on it, but I assume that there will be a way to just get no interference or minimal from GK? As in the "I actually know what I'm installing so let me do it" setting?
Yep. there is a system setting to allow all installations.
I am just afraid that with the new configurable security settings, a new kind of social engineering attack will see the light.
Malicious apps may generate nag alerts on purpose, intending the user to get tired at some point and relax the sandboxing security settings.
I am just afraid that with the new configurable security settings, a new kind of social engineering attack will see the light.
Malicious apps may generate nag alerts on purpose, intending the user to get tired at some point and relax the sandboxing security settings.
Of course they will, you just have to be smart enough to realize that no legit company will ask for you to log in or enter your password information unless you initiate an action that requires it.