Today June 1, 2012 is sandboxing day for apps on the Mac App Store


June 1, 2012 marks the dateline by Apple that requires all apps on Mac App Store to be sandboxed. Sandboxing is a mechanism where apps are run in its own security context, where permission is required if the app needs to access to resources outside its own app sandbox. And not all resources are available for access by sandbox app.

App sandboxing is default under iOS since day one. But due to OS X’s open architecture by design, not all developers welcome app sandboxing with open arms. This is specially true for existing Mac app, as some app features (such as accessing system kernel) are just not possible under sandboxing. 

The June 1 dateline was first delayed from last November to March 1, and then extended to June 1. Part of the delay is due to uncertainty about implementation by developers, and its impact on apps functionality due to lack of sandboxing API for some system functions. 

With this sandboxing requirement, all apps available under Mac App Store are authorized by Apple, has limited or known access to system resources, and are considered more secure by design.

The Gatekeeper functionality in Mountain Lion is an additional step taken by Apple to make OS X a more secure platform. When Gatekeeper is on, only apps developed by Apple-registered developers are allowed to be installed outside of the Mac App Store. The apps have all access to system resources like any apps outside of Mac App Store. Developers are given keys to sign their apps. And Apple can revoke the key if developers are found to violate Apple’s terms.