Apple has informed developers that, as of March 2012, any app submitted to the Mac App Store will have to include a sandbox. The move is an intriguing one from Apple, which has kept a low profile on security and typically handles Mac security on its own.
The statement from Apple comes at a time when the company is moving to a more controlled and regimented model of application delivery for its Mac OS X users. It introduced the Mac App Store earlier this year, modeling it after the iTunes App Store that iPhone and iPad users must use to download software for their devices. Right now, Apple has not made the Mac App Store the only place that OS X users can get software, but the company could move in that direction at some point.
But for now, Apple, which is typically tight-lipped on security issues, is telling app developers that they’re going to need to add an extra layer of security to their submissions if they want them to make it into the App Store.
“The vast majority of Mac users have been free from malware and we’re working on technologies to help keep it that way. As of March 1, 2012 all apps submitted to the Mac App Store must implement sandboxing. Sandboxing your app is a great way to protect systems and users by limiting the resources apps can access and making it more difficult for malicious software to compromise users’ systems,” the company said in a statement on its Developer site.
The iPhone has sandbox protection built into its iOS operating system, and the iTunes App Store has a strict review process that is designed to prevent malicious or Trojaned apps from making their way onto users’ devices. That same level of protection looks to be the goal of this move by Apple.
“I’m not surprised at all, really. The reason there’s been no malware on the iPhone is the App Store and the review process,” said Charlie Miller, a security researcher and principal research consultant at Accuvant Labs. “There’s no real malware protection built into OS X right now, except the one that has about three signatures. So I think what Apple wants to do is move toward the iPhone model. At least for now you can still randomly download stuff, but they want to move toward the iPhone model where they have control of it.”
It’s not clear from Apple’s statement what the nature of the sandbox will be or how much work it will require for developers. Sandboxes in general are designed to prevent applications from taking actions that they shouldn’t be allowed to take and stopping attackers from jumping from one compromised app to another. Implementing an application sandbox on OS X will help add another layer of protection against attacks and help prevent a successful attack against one app from compromising the entire machine.
But it also will give Apple other benefits.
“It’s smart that they’re doing it because they realize that if their platform is successful, at some point malware is going to be a problem,” Miller said. “But the ulterior motive is that it gives them more control over the platform, which has always been the case for the iPhone.”