Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Dev pulls MplayerX from Mac App Store over sandboxing tech

Dev pulls MplayerX from Mac App Store over sandboxing tech
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Aug 20, 2012, 09:49 PM
 
Popular video playback application MplayerX is no longer being updated on the Mac App Store. Citing Apple's sandboxing rules, the developer is claiming that the step is coming only after "arguing with Apple over three months" trying to make the newest version of the application function under the new Apple guidelines. The latest developer to pull out of the Mac App Store has reignited the debate of Apple as software curator for its devices.

MplayerX features affected by the sandboxing rules include the automatic loading of subtitles for videos and the ability to play the next episode of a TV show in a folder. Many applications will never be able to be sold on the Mac App Store due to close integration with the kernel of the OS violating the sandboxing requirement, such as most of the Rogue Amoeba line of audio enhancements, with the exception of audio-capture tool Piezo. The MplayerX developer isn't alone in abandoning the Mac App Store. Codebase version control app SourceTree's developers announced that after March 1 that they would not be updating the application because of Apple's addition of the sandboxing requirement. Listing seven major functionalities that would have to be removed with a restricted version of the application, the developer stated that "tools which perform more complex behaviour, particularly when that involves integrating with other apps and tools, do many things that simply aren't catalogued in the sandbox." For now, applications can be purchased and installed outside of the Mac App Store. External distribution, the way it was done before the Mac App Store came on line, is the only way some of the kernel-altering applications can be distributed. Apple has implemented a more extensive system-wide security feature in conjunction with sandboxing, called Gatekeeper in OS X 10.8 Mountain Lion. By default, Gatekeeper only allows applications downloaded from the Mac App Store, and apps that are digitally signed with an Apple Developer ID. Developers, in discussing their concerns with sandboxing and Gatekeeper, see a potential future where the Mac App Store becomes the only venue for OSX application distribution, in much the same way that the App Store is the only place to purchase applications for the iOS unless the device is hacked, which Apple attempts to prevent with every hardware and OS iteration. Dave Howell from Avatron discussing his AirDisplay software and its inability to ever be sandboxed, possibly fearing this outcome said "The host software [for AirDisplay], with its kernel extensions and other low-level components, would never qualify for app store distribution anyway, so no sandbox issue there (at least unless Apple finally shuts down support for third party drivers completely, heaven forfend!)" Overall, the sandboxing effort is intended to increase security in OS X by limiting the operations a program can execute to program-essential functions, thus hindering malware. OS security is a game of one-upmanship where the OS manufacturer increases security as a result of a threat, and the malware "community" increases efforts to break the OS or changes the vector of attack. This then forces the OS developer to increase security, and the cycle continues. Security measures are often a balance between user accessibility, openness, and convenience versus saving the user from themselves and preventing an action that the user unwisely initiated from taking place, such as opening a malware-laden app. At this time, and for the foreseeable future, despite no credible, persistent malware threat to OS X, all new applications and updates on the Mac App Store are expected to comply with the sandboxing requirement.
     
Zanziboy
Forum Regular
Join Date: Aug 2008
Status: Offline
Reply With Quote
Aug 20, 2012, 11:13 PM
 
At this time, and for the foreseeable future, despite no credible, persistent malware threat to OS X, all new applications and updates on the Mac App Store are expected to comply with the sandboxing requirement.

Read more: http://www.electronista.com/articles/12/08/21/latest.of.many.mac.developers.to.abandon.apple.app .distribution/#ixzz24A74AnSs
I disagree. There have been a number of credible threats to the platform recently, which has prompted Apple to take an extreme stance on security to ensure the safety of the platform for novice users. Expert users will no doubt continue to download programs from external sites in addition the the Apple App Store.
     
mr100percent
Forum Regular
Join Date: Dec 1999
Location: Brightwaters, NY
Status: Offline
Reply With Quote
Aug 21, 2012, 12:04 AM
 
So? Maybe the Mac App Store isn't meant to sell every single kind of software. You can't put Kexts (kernel extensions) in the Mac app store either, despite the amazing low-level OS stuff it can tweak. Nor can you put OS skins or software drivers in the store either. MplayerX, as much as I like it, kinda crosses Apple's security boundaries, and I don't fault Apple for it. Lousy situation I guess.
     
hayesk
Guest
Status:
Reply With Quote
Aug 21, 2012, 07:14 AM
 
Originally Posted by mr100percent View Post
I don't fault Apple for it. Lousy situation I guess.
I agree with you in that the Mac App Store isn't meant to sell everything. However, I think a number of developers will agree that sandboxing is a bit too limiting. There are certainly more entitlements that Apple could address.

I don't think Apple will attempt to make the MacOS only able to use Mac App store apps because of these limitations though. A large portion of their users depend on interoperability and low level access that a desktop OS allows.

Apple gets away with it on iOS not only because they want to ensure that it remains secure, but to also ensure that developers don't try to cram desktop software onto it without designing it for the device properly. Allowing such poorly designed software detracts from the user experience from the device.
     
chefpastry
Mac Enthusiast
Join Date: Nov 2005
Location: New York City
Status: Offline
Reply With Quote
Aug 21, 2012, 07:27 AM
 
There's a reason why it's called "sandboxing".
Mac Pro 3.2x8 - 48GB - EVGA GTX 680 - Apple Remote - Dell 3007WFP-HC
MacBook 2GHz - C2D - 8GB - GF 9400M
Mac mini 2.33GHz C2D - 4GB - GMA950 - 2 Drobos - SS4200 (unRAID)
iPhone 5 + iPhone 4 S⃣
     
elroth
Forum Regular
Join Date: Jul 2006
Status: Offline
Reply With Quote
Aug 21, 2012, 11:14 PM
 
It's more like sandbagging developers. A system that doesn't allow AudioHijack Pro or Fission or MPlayer is just not a good system, whatever the intentions are.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Aug 22, 2012, 01:23 AM
 
Originally Posted by elroth View Post
It's more like sandbagging developers. A system that doesn't allow AudioHijack Pro or Fission or MPlayer is just not a good system, whatever the intentions are.
It does, though. By default, even!

It just won't sell them to you directly.

Snark aside: The point of the App Store is to have a resource for users to download stuff from that can in no way damage, slow down, or even just *affect* their system, nor can it delete any of the user's data.

It's the Disney Channel of software distribution. It won't show "9½ Weeks", and it won't show "Blade". That's not necessarily unfair to production companies, and it doesn't mean it's a bad system. It's just limited to very specific things.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Aug 22, 2012, 01:27 AM
 
The developers of Postbox had to yank it from the store too.

Why doesn't Apple just put up a warning about apps that don't support sandboxing or something? Users that want the app are going to get the app, and then the possible malware, all this system does is provide a bit of a deterrent at the expense of making life potentially difficult for developers.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Aug 22, 2012, 01:57 AM
 
Originally Posted by besson3c View Post
Users that want the app are going to get the app, and then the possible malware, all this system does is provide a bit of a deterrent at the expense of making life potentially difficult for developers.
I don't understand the "users […] are going to get […] the possible malware" bit.

The Mountain Lion default Gatekeeper setting allows for running App Store installations and code-signed external downloads.
It does not permit unsigned code and throws up a warning if you try to run it. Why does getting the app elsewhere necessarily open up the user to malware risks, given that code-signing is mandatory by default?

Also, as I wrote, this is not just about malware. This is also about inadvertently deleting or overwriting user data, about affecting system performance, about transparency to the user, and about being able to just test and delete something easily.
It seems completely logical that anything that would require a kernel extension, for example, would not be allowed.
     
graxspoo
Fresh-Faced Recruit
Join Date: Nov 2008
Status: Offline
Reply With Quote
Aug 28, 2012, 04:19 PM
 
I agree with Spheric Harlot. Sandboxing seems like an enormous overreach on Apple's part. As a Mac developer I'll point out that my company has been chasing after Apple's shifting platform for over a decade. First it was Carbon, then Mach-O, then Xcode, then Intel, then the EOL of Quicktime, and now Cocoa and 64-bit. Sandboxing is a bridge too far. If Apple wants to cripple their platform and sell only 'baby' versions of software, good luck to them, but we're seeking greener pastures.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 09:26 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,