• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Sandboxing die.die.die
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sandboxing die.die.die

  • Subject: Re: Sandboxing die.die.die
  • From: Britt Durbrow <email@hidden>
  • Date: Wed, 22 Aug 2012 18:33:48 -0700
I don't think that it's physically possible to resolve this issue - basically, we're trying to have our cake (er, have our security) and eat it too (er, use the functionality of the app).

Consider a 'shoebox' app that doesn't deal with run-of-the-mill media (photos, movies, etc)... let's say it manages CAD/CAM files - something that Apple won't have an API for. And it integrates into your CAD/CAM programs via plugins, and an intranet/internet/cloud document sharing system. By definition, the only behavioral difference between this app and a cyber-espionage-enabled app is where the data gets sent: the good app sends it to MyAwesomeCloudCollaborationSite.com, the bad app also sends it to EvilHaxorsGonnaSpyOnYou.com... and there's no programatic way to tell the difference between the two.

Or perhaps a more widespread target: an app that manages receipts and credit card data, no matter where in the file system they end up (email, PDFs, MS Office documents, whatnot), and integrates with a cloud system for collaborating with accountants, banks, the IRS, etc... again, the only way a good app differs from a bad one is who is on the other end of the network socket.

Security is always at odds with ease-of-use and functionality; and while an insecure system can be useless due to the inability to trust it, an overly secure system will be also useless because the security measures prevent it from doing it's job... so by demanding total security (all MAS apps must be sandboxed); Apple has also rendered an entire class of apps nonfunctional. Part of the rationale that I've heard for the current set of sandboxing requirements is that it protects unsophisticated users... who, unfortunately, are the very users who would need a cross-app shoebox system the most.

(note: due to that 90% sales figure, for the purposes of this discussion, I am considering not selling thru the MAS to be a non-option for economic reasons; even though technically speaking, as of today an unsandboxed-but-signed app works OK on a default install of Mountain Lion)
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Sandboxing die.die.die
      • From: Graham Cox <email@hidden>
References: 
 >Sandboxing die.die.die (From: Graham Cox <email@hidden>)
 >Re: Sandboxing die.die.die (From: Jens Alfke <email@hidden>)
 >Re: Sandboxing die.die.die (From: Kyle Sluder <email@hidden>)
 >Re: Sandboxing die.die.die (From: Jayson Adams <email@hidden>)
 >Re: Sandboxing die.die.die (From: Kyle Sluder <email@hidden>)
 >Re: Sandboxing die.die.die (From: Jayson Adams <email@hidden>)
 >Re: Sandboxing die.die.die (From: koko <email@hidden>)

  • Prev by Date: Re: Sandboxing die.die.die
  • Next by Date: Issues with NSMutableOrderedSet moveObjectsAtIndexes:toIndex:
  • Previous by thread: Re: Sandboxing die.die.die
  • Next by thread: Re: Sandboxing die.die.die
  • Index(es):
    • Date
    • Thread