Share

Top 5 Stories

News

Apple gives developers more time to add sandbox to Mac apps

24 February 2012

Apple is extending the deadline for application developers to include a sandbox in any app submitted to the Mac App Store until June 1.

The deadline extension is intended to give developers “enough time to take advantage of new sandboxing entitlements available in OS X 10.7.3 and new APIs in Xcode 4.3”, Apple said on its Developer site.

In November, Apple informed developers that they would have to include a sandbox in new applications for the Mac App Store by March 1.

"The vast majority of Mac users have been free from malware and we're working on technologies to help keep it that way. As of March 1, 2012, all apps submitted to the Mac App Store must implement sandboxing. Sandboxing your app is a great way to protect systems and users by limiting the resources apps can access and making it more difficult for malicious software to compromise users' systems”, Apple said in a November post.

Dennis Fisher explained in a Threat Post blog that the Mac App Store was introduced in early 2011 as an “OS X analog to the iTunes App Store, allowing users to download software from a central source. Unlike the iPhone app store, the Mac App Store isn't the sole source for OS X applications, at least not yet. But Apple is introducing some of the same requirements for that store that it has with the iTunes store.”

Commenting on Apple's original announcement, Charlie Miller, a security researcher at Accuvant Labs, said: "I'm not surprised at all, really. The reason there's been no malware on the iPhone is the App Store and the review process. There's no real malware protection built into OS X right now, except the one that has about three signatures. So I think what Apple wants to do is move toward the iPhone model. At least for now you can still randomly download stuff, but they want to move toward the iPhone model where they have control of it."

This article is featured in:
Application Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×