The coming Apple lock-out

Apple are getting ready to tighten the screws on the Mac App store;  that’s the main route through which Mac owners browse, pay for and install software, just like on mobile phones. Apple run the store, make sure it’s front-centre for all Mac owners, and take 30% of the sale price from developers who sell through it.

The news is that from March 2012, Apple will only be accepting applications which use a  “sandbox” mode of OS X. Again, much like mobile phone applications, a Mac application will need to declare before installation what files and system resources they need, and the OS will enforce this access.

I’ve not got a horse in this race (I don’t use OS X or sell software), but I was interested to read the opinion from Paul Olavi Ojala who pointed out that under this policy, third party applications have no way to take a screenshot, access Bluetooth, interact with 3rd-party applications or even access arbitrary files (at least not without popping up a standard system dialogue for every one). So if you want to do those things in your software, from March, you’ll have to do without the revenue and exposure from the Mac App Store, and do your own downloads.

As Macs get more popular, Apple want to stop malware from becoming a problem for their customers. I can see that OS X would be a more tempting target for virus writers: I’d bet Mac owners are both wealthier and more trusting of their computers than the larger demographic who run Windows. But Apple had to release an OS security update just to get rid of the first widely-distributed Mac malware earlier this year, and they probably don’t want to make a habit of it. Sandboxing might stem the damage from a compromised application, which is one attack route for malware but it wouldn’t have stopped Mac Defender which just tricked users into installing it. Users who got “infected” merrily waved it through with their administrator password.

And Wil Shipley made a very good case that the App Store screening process simply can’t stop “evil” Mac software from getting certified, and installed onto user’s machines with Apple’s blessing. Sandboxing isn’t a good enough mechanism to add much to OS X’s security at this stage. [as I was writing this some wag demonstrated this fact, and got some malicious software onto the iPhone app store].

But extrapolating from Apple’s behaviour, my off-hand extrapolation on Twitter was:

next stop: no installations on your own computer from outside the walled garden. A free desktop is much more important.

That is to say, I am certain that Apple will choose to remove “root” access from Mac owners after maybe one or two more OS updates. After that point users will have to install software only through Apple’s approved channel, and developers will pay their 30%.

Rob Hague responded with the “Apple would never dare…” defence:

developers, designers, and those who see themselves as power users …  must still be a significant source of profit for Apple, and so they’d need a good reason to abandon them.

A locked-down OS X would not be an abandonment of those users, but Apple already ask $99 a year for the privilege of being a developer. That didn’t put them off. So after a lock-down, why would that developer fee not restore the unlocked OS to those that wanted to pay for it? They know the developers will still have to pay, but the developer could never ask the end-user to pay that $99 just to make their app work.

Apple have, several times dared to screw developers in the name of user experience or profit – the ban on Flash, or the ban on selling eBooks or music through your app except via Apple. The existence of the Steam gaming store must pain them; the clunky but popular video game store has its tanks parked on Apple’s lawn.

I thought Apple would head towards a locked-down Mac when I first saw the iPhone, and I don’t think any differently now. Their computers have always been the easiest to use, but never had such enthusiastic software support. In 2011, OS X has a decent set of applications, games, utilities and easy access to the online services so many people rely on. It has a growing market share, and Microsoft has been unable to improve their own user experience in 10 years. Meanwhile, Apple’s computers march closer to matching Windows machines on price.

By locking users out of their own computers, Apple will improve their computer security a little. But the main benefit for them will be to offer their rivals (mostly Microsoft and Adobe) the choice of handing them 30% of their Mac revenue, or pulling out of the Mac market altogether. As OS X grows in popularity, I’m certain the question on Apple’s mind is not ‘if’ but ‘when’.

Corrections: I know Apple charge $99 to publish software, XCode is free or $5 or something. All they need to do is put a price tag on “root access” such that only nerds will buy it, and app developers must go through the App Store, and pay their 30% tithe. A bit like the restriction that you can only upload in-development apps to your iPhone over a cable, not over the air. Jobs gave a ludicrous justification for it last year.  It’s about income and platform security for the iPhone, and it’ll be the same for the Mac when the time is right.

5 thoughts on “The coming Apple lock-out

  1. >Apple already ask $99 a year for the privilege of being a developer.

    That is the biggest pile of FUD I have seen in a long while. Apple charge $99 a year for publishing on the Mac App Store which includes hosting and advertising costs. You can download the developer tools and publish applications yourself for FREE if you use your own hosting and advertise yourself (which most likely will cost more than $99 for a few months).

    You may also be interested to know that according to Gabe Newell, the owner of Valve, they had first party help from Apple to port Steam to the Mac. I’m sure they must be very angry about those tanks being parked in the place they made available for them.

    Get the facts right before making a fool of yourself please.

    • Hey Anon, sure I appreciate the difference between paying to develop and paying to publish (even if I muddled the two in my article). Apple wouldn’t have to make root access a $99 privilege, maybe just a $5 privilege, just something to ensure only the “power users” and devs would pay. There are no facts to get wrong here, just speculation :) Not surprising to hear Apple helping out a big developer but I don’t think it’s incompatible with a strategy trying to undercut Steam at a later date, or make their own improved games store. Even on the Mac, Steam is slow, locks up and looks out of place. Like Flash or Java, Steam is just the kind of foreign “platform” they’ve shown the cold shoulder to the last few years.

      • I’m pretty sure Apple would care more about the revenue from gamers than Steam being yet another way to install software on a Mac. It hardly feels like a concession on their part.

        It’s also worth pointing out that Steam has its own checks and standards to maintain its platform, unlike Java or Flash, so it should be more or less compatible with the walled-garden model.

  2. What is failed to be mentioned with all this lock down and walled gardens is the unparallelled amount of unrestricted spying that’s going on behind the scenes with these devices. Everything from iPhones recording location data, secretly transferring back to the computer it’s assigned too, to CarrierIQ, Evercookies, Flash cookies, HTLM cookies, web bugs, recorded searches etc., etc. At least on a computer one can enable options to reduce the spying down to just the ISP or the carrier. But on a closed device there are no options, everyone knows your business, your hidden illness, your tastes in adult content. After 20 something years of using and promoting Apple’s computers, I no longer do so, and I tell everyone to “Not Apple” because they released OS X Lion and the MacAppStore and clearly demonstrated where they are headed. OS X 10.6 on a rather new machine, it will be my last Apple product. Screw em.