Mojave Sandbox changes

https://sixcolors.com/post/2018/06/with-mojave-apple-makes-changes-inside-and-outside-mac-app-store/

tl:dr;

  1. Apps outside of the App Store will have to be ‘checked’ by Apple before distribution.
  2. Apps are able to ask for permission to creep out of the restrictive “sandbox” and access files more broadly across your Mac’s hard drive.

Not to mention that next year, us macOS developers will have to contend with iPad apps that are roughly translated to the Mac.

Point #1 isn’t exactly correct. Notarized apps are not required. You do not need to have your app notarized. However, just like signing, it’s probably a good idea that you do it.

Regarding the iPad apps, I really don’t expect developers will just be able to bring their apps to macOS simply. I expect the changes will make it easier to, but I bet the apps will still need Mac-specific views. A well-designed MVC app would have little trouble introducing a new set of views, but it’s still work that needs to be done.

@Thom McGrath : you can bet your behind that this is going to be mandatory in a couple of mac os versions.

Maybe. That’s tough for Apple to pull the trigger on because of legacy apps.

However, all Mac developers should make this step part of their build process. It’s a great thing with no significant downside.

I smell the Apple Developer fee creeping towards $499 a year as well

Nah they’ll just take 30% of your app price. This is just the beginning of moving macos apps to the same model as iOS in a couple of years you’ll only be able to sell through the appstore.

They take THAT now… but if you have to start passing everything thru one their servers, that means all app will be required to be signed (not required now)… and as such you will need a Developer certtificate, do you think they won’t attempt to cash in on that?

Personally, I think Apple has gone a bit too far… and it shouldn’t be long before some one files a lawsuit against them for creating a monopoly… Since you won’t be able to sell or give away software without “their permission”.

To quote a recently retired local consumer advocate… “It Ain’t Right!”

“I fear” this, “I fear” that, “I smell” whatever, they “will do” that …

Guys, you are just trolling.

They did it for code signing and again for DMG signing (albeit that was translocation, which is different, but still caused issues for app developers). Eventually code signing and signed DMGs became the norm, even though it’s not required.

Agreed.[quote=391232:@Thom McGrath]Regarding the iPad apps, I really don’t expect developers will just be able to bring their apps to macOS simply. I expect the changes will make it easier to, but I bet the apps will still need Mac-specific views. A well-designed MVC app would have little trouble introducing a new set of views, but it’s still work that needs to be done.[/quote]
As far as I understand what documentation I’ve read, this is the exact principle behind Marzipan. Basically, the way I interpret the documentation is that UIKit is now part of the MacOS, along side AppKit (I can already see in a few years AppKit going bye bye) and with minimal changes an iPad application should just run. The macOS version of UIKit will auto convert mouse events into touch events. The only thing that will need to be changed is that iOS has no menubar, so iOS developers will need to build a menubar, the default will be like the default in AppKit right now, which a lot of developers already do not tailor to their App Store apps.

I disagree, and to be honest I wouldn’t mind if it did. It used to be $499 and for that you got an incredible discount on Apple’s hardware (we’d make sure that when we purchased hardware got more of a discount than $499).

That could be a possibility, with them opening up the Sandbox restrictions that have kept heavy weight apps out of the store, and finally allowing free trails, they’re reducing the reasons as to why developers don’t ship in the App Store. If you have a subscription app, the 30% fee drops over time.

They only take 30% when your application is sold via the Mac App Store, if you wish to ship outside of the Mac App Store, you are advised to pay $99 a year for a digital signing certificate so that your application has some authenticity to it. While signing is not enforced, it is handled in such a way that not signed applications are generally avoided by the masses, and therefore if you intend to make money from the application, you really should sign your application.

Digital signing has actually helped developers, it’s reduced the amount of cracked copies of my applications on the internet, most of the supposed cracked copies I can find are now simply MacKeeper renamed.

I personally feel that this is an over exaggeration, MS got done for having a monopoly by using their powers to make it harder for competing products to be sold or used on their platform. These new rules make it easier for you to sell your software in the Mac App Store, and meanwhile make it easier for customers to trust your products (from outside the store) as they’ve had Apple validation.

You’ll most likely continue to be able to distribute software without paying Apple a dime, however it will be shunned by the masses because it won’t have any approval from Apple.

Good for the user, certainly.
I don’t agree about the downside bit.

Currently I take pride in a rapid bug fix cycle.
No reported bug is allowed to live more than a week in the wild, and I have been known to do monthly updates.
Having to ‘ask my parents permission’ every time will seriously hamper my ability and willingness to do that by adding a week or more delay to each release.

[quote=391247:@Jeff Tullin]Good for the user, certainly.
I don’t agree about the downside bit.

Currently I take pride in a rapid bug fix cycle.
No reported bug is allowed to live more than a week in the wild, and I have been known to do monthly updates.
Having to ‘ask my parents permission’ every time will seriously hamper my ability and willingness to do that by adding a week or more delay to each release.[/quote]

From what I understand, you just have to upload your app and an automatic scan is immediately done. If approved, you are sent a ‘approval’ file.
The scan only involves ‘malware’ detection, whatever that may be.

Don’t think this will delay your release more than ‘minutes’.

If it is as basic as that, surely they would be better just adding this to the OS and performing the check when a new file appears on the machine.
Its just virus checking by another name, isnt it?

Sounds like you get your app back as ‘code signed Plus’

For fun, I tried to notarize one of my Xojo compiled app.
This needs to be done via Xcode 10 and running macOS10.14 beta
I immediatly stumbled on the first hurdle: how to get your .app seen in the Archives. Copying it into the xcode archieve folder doesn’t work. I looked for other ways but helas, no luck.
I then tried one of my Xcode projects, and it is automatically shown in the Archives.
Also, your app needs to be compiled with ‘Hardened Runtime’ enabled in Xcode. Not sure how to do this with a Xojo compiled app.

Bassically this means I have no clue how to correctly compile and upload (for notarizing) a non-Xcode app.

Anyone else tried this?

On further tests with an Xcode project it seems you also need to set entitlements like you would when submitting to the Appstore. Including the same restrictions !
The only difference may be that no human reviewer is involved.
So if you could not get your app on the Appstore due to sandbox restrictions, you cannot get it notarised either (from what I understand).

@Christoph De Vocht : can you explain in a bit more detail what you did with XCode? What is an XCode archive folder? If the notarized app needs entitlements then this is quite suboptimal.

Famous last words, as Apple run into technical difficulties or get overloaded :slight_smile:

For general release, I think this is fine, I suspect that for issuing a customer a emergency bug fix release, you’ll be able to simply send them an un-validated version and they’ll skip the warnings.[quote=391264:@Christoph De Vocht]For fun, I tried to notarize one of my Xojo compiled app.[/quote]
Man, you have one warped sense of fun :wink:

I don’t intend to even try until we (as developers) get some actionable documentation, plus we still have, you know about 4 months until GM release and I suspect that after the shitstorm that was High Sierra, probably a bit longer before the masses even try Mojav.

Yesterday I did a video conference with a Chicago Mac User Group, and I was surprised at how many of the users there haven’t upgraded past Yosemite. They simply saw no reason to meddle with what was working for them. I was impressed.

Open Xcode and go to the archive organizer. To upload your app (to notarize), you need to select your .app - but Xojo compiled apps aren’t listed so basically you cannot select it either. :slight_smile:

I tried both .app and .pkg (created with Appwrapper) and copied them to the Xcode archieve folder were my Xcode projects are.

If you can select something, you then need to enable hardened runtime and all the entitlements you use in your app. Otherwise the Distribute App button keeps disabled. Those entitlements will be very probably checked so are obligated to be added.

Maybe there is away to fool Xcode the .app or .pkg is made with Xcode so it gets listed after all. Or maybe there is a way outside Xcode (like codesigning). Maybe Sam can chime in here?

This is ridiculous. Historically, Apple has been bringing the price down. Originally with a few tiers down to $99, then from 3 programs into 1 for the same $99. If you believe the fee is to pad their bottom line, then you really don’t understand the scale of business Apple does. The fee is merely to filter out developers who aren’t serious.

If it were free, malware authors would sign up, get their certificate, release their software, get revoked, rinse and repeat. By putting an annual fee on, this plan becomes much more costly. And developers are incentivized to stop paying if they “give up” so these certificates aren’t floating around for ages, potentially allowing bad actors to steal and use a legit developer’s certificate.

The fact is, anybody selling on the Mac can afford $99 per year. It’s a small fee to weed out jokesters. It does sting open source devs a bit, but nothing is perfect.

Ok, I now read alot about this. To ‘Notarize’ your app it needs to be sandboxed for sure.
Basically this will force devs to make it sandboxed or it will not run without a warning.

Hmmm… that’s definitely not good.

But you can get into the Dev.Programm for free since a few weeks! With such an Account you can only offer free applications, but… :slight_smile: