More on sandboxing at WWDC

Friday, June 10th, 2011 Jim Underwood, Chief Architect

I should correct something from my earlier post. I said sandboxing had come to iOS.

Some of you probably noticed that the subject of the sentence was Lion. And that is indeed the case – Lion has landed squarely in the sandbox.

Apple is dead serious about this business of protecting you from unruly or compromised apps. Beginning in November, if you want to distribute Mac apps on the App Store, they must be “sandboxed” and Apple has brought the concepts from iOS to OSX land.

This has undoubtedly done a lot to fuel the rampant speculation that OSX is soon for the scrap heap to be replaced by virtually weightless MacBooks with the A5 processor and a flash drive. Hmmm, sounds a lot like a …. Well the gent that did the presentation on the sandboxing technology did a great job advancing the vision and I came away impressed if still a bit skeptical.

Anyway, Apple would like you to break your big old monolithic app up into bits that (1) interface with the web, (2) process data locally and (3) read or write data from files outside the app’s “container”. To do that they announced a new set of technologies that “just work” of course but sound a lot like COM to me. Yikes. Well we’ll have to wait and see. A good thing we are not on the App Store with OM for Mac.

But a good sandboxing might make for a strong customer story, e.g. “iPass enthusiastically embraces Apple drive for App security”, etc. Sign me up. Still, I noticed that Apple had done a middle of the road compromise in the “entitlement” approach to security that certainly makes it easier for developers to characterize their apps but remains a simplified, and therefore less specific technology than the more fine-grained Android privilege profile approach.

But middle of the road may be good enough – I read that iOS +AppStore is now widely regarded as the most secure OS/App integrity technology on the planet. And that ladies and gentlemen is not just from the Steve’s mouth.