Apple are getting ready to tighten the screws on the Mac App store; that’s the main route through which Mac owners browse, pay for and install software, just like on mobile phones. Apple run the store, make sure it’s front-centre for all Mac owners, and take 30% of the sale price from developers who sell through it.
The news is that from March 2012, Apple will only be accepting applications which use a “sandbox” mode of OS X. Again, much like mobile phone applications, a Mac application will need to declare before installation what files and system resources they need, and the OS will enforce this access.
I’ve not got a horse in this race (I don’t use OS X or sell software), but I was interested to read the opinion from Paul Olavi Ojala who pointed out that under this policy, third party applications have no way to take a screenshot, access Bluetooth, interact with 3rd-party applications or even access arbitrary files (at least not without popping up a standard system dialogue for every one). So if you want to do those things in your software, from March, you’ll have to do without the revenue and exposure from the Mac App Store, and do your own downloads.
As Macs get more popular, Apple want to stop malware from becoming a problem for their customers. I can see that OS X would be a more tempting target for virus writers: I’d bet Mac owners are both wealthier and more trusting of their computers than the larger demographic who run Windows. But Apple had to release an OS security update just to get rid of the first widely-distributed Mac malware earlier this year, and they probably don’t want to make a habit of it. Sandboxing might stem the damage from a compromised application, which is one attack route for malware but it wouldn’t have stopped Mac Defender which just tricked users into installing it. Users who got “infected” merrily waved it through with their administrator password.
And Wil Shipley made a very good case that the App Store screening process simply can’t stop “evil” Mac software from getting certified, and installed onto user’s machines with Apple’s blessing. Sandboxing isn’t a good enough mechanism to add much to OS X’s security at this stage. [as I was writing this some wag demonstrated this fact, and got some malicious software onto the iPhone app store].
But extrapolating from Apple’s behaviour, my off-hand extrapolation on Twitter was:
next stop: no installations on your own computer from outside the walled garden. A free desktop is much more important.
That is to say, I am certain that Apple will choose to remove “root” access from Mac owners after maybe one or two more OS updates. After that point users will have to install software only through Apple’s approved channel, and developers will pay their 30%.
Rob Hague responded with the “Apple would never dare…” defence:
developers, designers, and those who see themselves as power users … must still be a significant source of profit for Apple, and so they’d need a good reason to abandon them.
A locked-down OS X would not be an abandonment of those users, but Apple already ask $99 a year for the privilege of being a developer. That didn’t put them off. So after a lock-down, why would that developer fee not restore the unlocked OS to those that wanted to pay for it? They know the developers will still have to pay, but the developer could never ask the end-user to pay that $99 just to make their app work.
Apple have, several times dared to screw developers in the name of user experience or profit – the ban on Flash, or the ban on selling eBooks or music through your app except via Apple. The existence of the Steam gaming store must pain them; the clunky but popular video game store has its tanks parked on Apple’s lawn.
I thought Apple would head towards a locked-down Mac when I first saw the iPhone, and I don’t think any differently now. Their computers have always been the easiest to use, but never had such enthusiastic software support. In 2011, OS X has a decent set of applications, games, utilities and easy access to the online services so many people rely on. It has a growing market share, and Microsoft has been unable to improve their own user experience in 10 years. Meanwhile, Apple’s computers march closer to matching Windows machines on price.
By locking users out of their own computers, Apple will improve their computer security a little. But the main benefit for them will be to offer their rivals (mostly Microsoft and Adobe) the choice of handing them 30% of their Mac revenue, or pulling out of the Mac market altogether. As OS X grows in popularity, I’m certain the question on Apple’s mind is not ‘if’ but ‘when’.
Corrections: I know Apple charge $99 to publish software, XCode is free or $5 or something. All they need to do is put a price tag on “root access” such that only nerds will buy it, and app developers must go through the App Store, and pay their 30% tithe. A bit like the restriction that you can only upload in-development apps to your iPhone over a cable, not over the air. Jobs gave a ludicrous justification for it last year. It’s about income and platform security for the iPhone, and it’ll be the same for the Mac when the time is right.