• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Sandboxing. WTF?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sandboxing. WTF?

  • Subject: Re: Sandboxing. WTF?
  • From: Quincey Morris <email@hidden>
  • Date: Sun, 27 May 2012 22:23:56 -0700
On May 27, 2012, at 21:55 , Graham Cox wrote:

> users getting used to a nice feature that makes their apps easier to use

Of course, but that's one of sharp, hard-to-swallow corners. Insecure is insecure.

> I guess what pains me is that Apple have not as yet provided a sanctioned way to implement this feature.

AFAIK, you can still submit an un-sandboxed app and *request* an exemption until Apple provides an appropriate entitlement. Perhaps you might get it. Perhaps the need to access the iPhoto library might fall into this category.

Perhaps Apple might ask if you submitted a bug report asking for a new kind of entitlement for your situation, sometime in the year or so since the sandboxing requirement was first announced. :)

(I don't think the sandbox-aware bookmark thing was available till long after the original must-enable-sandboxing deadline of Nov 2011. I'm guessing it was only conceived after a bunch of complaints.)

> I could understand it to a degree if there was a major issue right now with malware using this sort of thing to do its dirty work that needed to be shut down urgently, but AFAICS, it's a non-issue in practice.

You mean like uploading the user's entire iOS contacts DB to a developer's own server? Or storing the user's cell tower connection history in a file? Those made apps easier to use. Made lawyers richer, too.

P.S. I'm not picking on your specifically. Call me a glass-quarter-full kind of person, but I think we (developers in general, over the past 50 years, not Mac developers specifically) have proved *repeatedly* that we can't be trusted to put user convenience first without creating truck-sized security holes. FWIW.


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Sandboxing. WTF?
      • From: Graham Cox <email@hidden>
References: 
 >Sandboxing. WTF? (From: Graham Cox <email@hidden>)
 >Re: Sandboxing. WTF? (From: Fritz Anderson <email@hidden>)
 >Re: Sandboxing. WTF? (From: Graham Cox <email@hidden>)
 >Re: Sandboxing. WTF? (From: Quincey Morris <email@hidden>)
 >Re: Sandboxing. WTF? (From: Graham Cox <email@hidden>)

  • Prev by Date: Re: Sandboxing. WTF?
  • Next by Date: Re: Sandboxing. WTF?
  • Previous by thread: Re: Sandboxing. WTF?
  • Next by thread: Re: Sandboxing. WTF?
  • Index(es):
    • Date
    • Thread