Our Decision to Abandon the Mac App Store ⇥

Steve Streeting, for the Atlassian blog:

Fundamentally, sandboxing is a good idea. Asking applications to be specific about what they need to do, and exposing that to the system and users for validation is a good idea for security.

The trouble is, the sandboxing implementation currently in place on Mac OS X Lion doesn’t allow for all the behaviours that real Mac applications do right now, behaviours which are not at all contentious, are approved in the Mac App Store already, and indeed are very much appreciated by users.

There are, unfortunately, trade-offs in any decision. So far, the consequences with mandatory sandboxing for Mac App Store apps are not worth the benefits for many developers. Hacker News user “tzs” notes that refinements in 10.7.3 might help, quoting the Apple Developer sandboxing requirements:

Starting in Mac OS X v10.6, the NSURL class and the CFURLRef opaque type each provide a facility for creating and using bookmark objects. A bookmark provides a persistent reference to a file-system resource. When you resolve a bookmark, you obtain a URL to the resource’s current location. A bookmark’s association with a file-system resource (typically a file or folder) usually continues to work if the user moves or renames the resource, or if the user relaunches your app or restarts the system.

In an app that adopts App Sandbox, you must use a security-scoped bookmark to gain persistent access to a file-system resource.

Simple enough, right? The problem is that this is more of a workaround than a solution, according to developers. It requires some major rewriting for some apps, and for others, it’s simply not complete or thorough enough.