Sandbox of frustration: Apple's walled garden closes in on Mac developers


Apple's OS X Mountain Lion launched on Wednesday, and with it came a new set of rules laid out by Apple that restrict what Mac developers can do with their apps. To sum it up, developers must "sandbox" their apps in order to take full advantage of new features like iCloud and Notification Center, limiting access to system data much like iOS apps. Sandboxed apps are much easier for Apple to verify, check, and approve for the Mac App store, since they are inherently self-contained, but this poses a big problem: sandboxing your app sometimes means that features that dig deep into OS X must be removed. Developers lashed out at Apple for its new rules when Mountain Lion was announced back in February, in part because of how much effort might go into re-architecting their apps. Tech pundit Andy Ihnatko wrote, "Time, money, and resources that developers could be investing in making a great product even better must instead be spent just to keep their software working."

Most developers seem to agree that adding support for Mountain Lion seems to be a do or die

However, most developers have taken the past few months to update their apps according to Apple's new standards — which for some developers means checking a few boxes, and for others means sacrificing features users love. Since Mountain Lion was announced, many top apps like Fantastical, Sparrow, and 1Password have prepared for a Mac world that looks more like iOS's perceived "walled garden." For better or for worse, most developers seem to agree that adding support for Mountain Lion seems to be a do or die.

"Any developer who wants to build for Apple's products typically stays as on pace with the curve as possible, because that's what a significant portion of Apple's customers do," says 1Password's David Chartier. Developers now have two choices: sell unrestricted apps independent of the Mac App Store, or abide by Apple's rules to gain access to the App Store, its enormous distribution power, and new features in OS X like iCloud document syncing for apps and iOS-style push notifications from the cloud in Notification Center.

Sandboxing woes

For Day One engineer Ben Dolman, following Apple's rules has been a challenge, and has delayed the upcoming version of his app by a few weeks. "The migration from non-sandboxed to sandboxed was especially difficult for us because we have both a main app and a helper app (the one that runs in the menu bar)," says Dolman. In order to solve the problem, Dolman had to box up all of Day One's journal entry files and put them in one place, which will provide users with fewer options for where to store entries. 1Password's David Chartier concurs. "It's simply a lot of work," he says. "It can require enormous, often difficult changes to architecture for some apps and, in some cases, even ripping out features. The struggle between security and convenience is never easy," he says.

"The struggle between security and convenience is never easy."

DoOneThing developer Adam Mathes drew a more precise distinction: "for some simple apps like mine, it's just checking a box and recompiling, it's not a big deal at all. For things that need broad access to the filesystem or other capabilities impacted by sandboxing, it can be a much larger chunk of work," he says. Tweetbot for Mac developer Paul Haddad agrees. "Honestly for us it seemed to be just clicking a bunch of checkboxes," says Haddad. "I'm sure it's a lot more complicated for different applications but we didn't run into any of those issues. For a large class of apps sandboxing is real simple, for some its either impossible or very difficult. I guess we got lucky," he says.

Unfortunately, due to sandboxing, Day One has lost a feature critical to the productivity of some users. "[A] casualty of sandboxing was our CLI, which allows entries to be created via a command line utility and has been popular with developers that have written custom import scripts," says Dolman. Fortunately, Dolman found another way to implement the feature, but outside the Day One app. "Instead we will offer it as a separate download, signed with our Developer ID to make Gatekeeper happy, on our website," he says. Fixing the issue has cost the company weeks of work.

Outside the castle

Sadly, not all apps can afford to abide by Apple's rules. Popular launcher and macro app Alfred "works deep into the heart of your Mac," and thus can't sandbox without losing several key features that take advantage of scripts in OS X. Alfred's premium version won't go up for sale in the Mac App Store, and thus can't take advantage of iCloud and Notification Center. iCloud syncing for preferences would've been great for Alfred users, who often spend hours customizing shortcuts and custom search fields. Fortunately, Alfred is sticking around, but won't be able to take advantage of iCloud or Notification Center. "Apple’s new Gatekeeper paves the way for us to keep Alfred as productive as possible without having to work within the limitations of a sandbox," Alfred's developers say in a blog post.

Alfred's free app will continue to exist in the Mac App Store, but per Apple's new rules, can only receive critical bug fixes. "Apple will supposedly allow bug fixes for these existing apps, but there aren't many apps that can survive without regularly adding features. Maybe we'll see someone create an alternative app store for system utilities" says Day One's Dolman.

"[There are] no free trials, discounted upgrades, free upgrades, volume discounts or site licensing."

Postbox's Sherman Dickman decided to pull his app from the Mac App Store for reasons that have nothing to do with sandboxing. "[There are] no free trials, discounted upgrades, free upgrades, volume discounts or site licensing. There's also no access to customer information, which prevents us from validating orders, offering discounts, running promotions, newsletter signups." Perhaps most importantly, Dickman notes, "we had to create another version of Postbox for the Mac App Store that removed features such as iCal support, iPhoto integration, and add-ons in order to comply with Apple's Application Guidelines." For most developers, creating two apps is simply not an option, and Dickman admits that there are many benefits to using the Mac App Store for distribution. "In short, the Mac App Store lets developers spend more time on creating awesome apps, and less time on ecommerce infrastructure," he wrote.

Some good news

Tweetbot for Mac developer Paul Haddad admits that there are a few workarounds for developers who choose not to sell product through the Mac App Store. "If you are only doing local notifications, you can do so without being in the Mac App Store," says Haddad. "Fortunately, since Mac apps can run in the background, a lot of them can get away with just doing local notifications, like ourselves," he added. That means notifications work if your app is open, but they won't be routed through iCloud. However, Postbox's Dickman has higher hopes. "Our hope is that Apple will continue to evolve the Mac App Store in ways that meet the unique needs of Postbox and our customers. Until then, we'll keep our fingers crossed and the Postbox Store open for business," he says. Dickman's post almost echoes Sparrow CEO Dom Leca's call to action petitioning Apple for a third-party email push privilege in iOS.

"Our hope is that Apple will continue to evolve the Mac App Store in ways that meet the unique needs of Postbox and our customers."

It's not all bad news, though. Despite the Day One team's frustrations with sandboxing, they applaud other tools Apple has provided to developers in Mountain Lion. "It took me two hours to implement sharing with Email, Messages, Flickr, Twitter and AirDrop," says Dolman, "and it should just work automatically with Facebook when Apple releases that in a ML update later this year. That's a huge win for developers that would normally spend days implementing each SDK, preparing the data for sharing and adding preferences for linking and unlinking in the app's settings, not to mention having to keep each of those SDKs up-to-date with the latest API changes," he says.

Yet, even some of the usual crop of Apple evangelists are bearish on Apple's direction forward, and point out some far-reaching consequences. "This even may reduce the long-term success of iCloud and the platform lock-in it could bring for Apple," Instapaper developer Marco Arment wrote yesterday. "Only App Store apps can use iCloud, but many Mac developers can't or won't use it because of the App Store's political instability."

"I've lost all confidence that the apps I buy in the App Store today will still be there next month or next year," Arment wrote. "The advantages of buying from the App Store are mostly gone now. My confidence in the App Store, as a customer, has evaporated."

Back to top ^
Log In Sign Up

Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.