Mac App Store's Sandbox Loophole

There's a loophole that allows apps sold in the Mac App Store to circumvent Apple's sandboxing restrictions. When developers do this, users may be misled into buying apps they would have otherwise not purchased (as I detail in a trio of comments below). So far, Apple has not done much to prevent any of this. This may change soon.

Data Rescue

To understand what's going on, let's first look at the current status of Prosoft Engineering's Data Rescue. This is a superb data recovery utility that dates all the way back to before the advent of Mac OS X. While the "golden age" of disk utilities on the Mac may be behind us (as I have argued previously), programs such as Data Rescue still have value. Unfortunately, Apple makes it all but impossible for these utilities to be included in the Mac App Store (MAS).

As Prosoft explains on their website, the major obstacle is a restriction in Apple's sandboxing policy. In particular, Apple asserts that a Mac App Store program cannot have "admin access nor ask the user for admin access on their behalf."

In order to recover data from an internal startup drive, Data Rescue requires admin access. However, prior to OS X 10.8 Mountain Lion, admin access was not needed to recover data from external drives. This provided Prosoft with a means to get a limited version of Data Rescue (called Data Rescue 3 External Drive Recovery) into the Mac App Store. The MAS version worked only with external drives. If you needed to recover data from an internal drive, you were directed to get the "full" version from Prosoft's website.

App Store page for Data Rescue

With Mountain Lion, Apple upped the ante. Now, admin privileges are required even for access to external drives. This rendered the Mac App Store version of Data Rescue essentially useless. My understanding is that Apple also requires that Mac App Store apps be compatible with the latest version of OS X, currently Mountain Lion. Data Rescue 3 External Drive Recovery loses on this count as well.

As a result, the Data Rescue 3 External Drive Recovery page in the Mac App Store now states that the "Special App Store version" is not compatible with OS X 10.8 Mountain Lion at all. You are directed to "the full version of Data Rescue 3" on the company's website for a compatible version.

Other data recovery utilities

Other disk utility companies, facing the same obstacles, have taken similar paths.

Softote Studio's Data Recovery Free is still in the Mac App Store despite clearly stating that the app is "not compatible with Mountain Lion." The utility's page in the MAS directs the user to the company's website in order to "download a new version" that supports Mountain Lion.

However, a few paragraphs later, the app's MAS page states: "The free edition only can recover external drive, not system run drive." As this app has not been updated since the release of Mountain Lion, I strongly suspect the statement is false; the unenhanced free edition probably cannot recover data from any drive.

Leawo Software's Data Recovery Pro similarly instructs users to go its website, "if you need to recover data from system hard drive." From there, you'll find that you can download "a free plug-in called Data Recovery Helper."

CleverFiles' Disk Drill Media Recovery is more circumspect (I'm tempted to say "sneaky"). Its MAS page states: "Now compatible with Mac OS X 10.8 (see instructions in the app)! Disk Drill recovers data from internal AND external disks!"

App Store page for Disk Drill

If you purchase and launch the Disk Drill app, a message informs you that "You might not find any of your disks visible in Disk Drill Media Recovery if you are running Mountain Lion." The work-around for this is to click a link that takes you to CleverFile's website. This page walks you through the sandbox-related explanation of how changes to Mountain Lion prevent the utility from working. You are then instructed to download additional software to get the Mac App Store version to work with Mountain Lion.

The Mac App Store loophole

As I see it, there are two problems with what these data recovery companies are doing:

First, Apple prohibits "apps that link to external mechanisms for purchases or subscriptions to be used in the app." This is to prevent developers from circumventing the 30% cut of all sales that developers must pay to Apple. These drive utility companies appear to have side-stepped this "external site" restriction.

The companies do this either by offering an additional download at no charge or by directing users to a website from the app's page in the Mac App Store rather than from within the app itself. Either way, this strikes me as a gray area at best.

Second, as already noted, Apple insists that all software in the Mac App Store be compatible with Mountain Lion. Without the external additions, the data recovery software in the Mac App Store does not meet this criterion. While there may be some room for debate here, I consider these apps to be in direct violation of Apple's policy.

So far, Apple has not taken any action against these programs and they remain for sale in the Mac App Store. Sources tell me that Apple is getting ready to make a move here, but that remains to be seen.

More generally, Apple's lack of enforcement on this matter opens up a loophole that allows any Mac App Store app to completely circumvent all sandboxing restrictions. To see how, imagine this situation:

As a developer, you have an app that performs 20 actions. Nineteen of these actions clearly violate Apple's sandboxing policies. If submitted to the Mac App Store, the app will certainly be rejected. You still would like the advantage of having your app in the Mac App Store. What can you do?

You can create an app that does only one thing, that one thing that is not in violation of sandboxing. After the app is accepted to the Mac App Store, you change the text on the app's MAS page to direct users to your website to download a free addition. This addition adds the other 19 otherwise prohibited actions. Voila! Your MAS app has succeeded in bypassing Apple's sandboxing restrictions.

Based on the current situation with disk utilities, Apple is not actively blocking this loophole. To be consistent with its own policies, I believe that Apple should. For starters, unless Apple wants to change its guidelines, all of these disk utility programs should be removed from the Mac App Store.

The endgame

Let's assume Apple eventually takes action here and closes the loophole. Where does this leave us? What exactly is Apple's endgame regarding disk utilities and similar software that can't make it into the Mac App Store due to sandboxing? I see three main possibilities:

• Apple's policy could be to direct users to external websites for software, such as disk utilities, that is not eligible for the Mac App Store. While Apple may do this in the short run, I doubt it will emerge as a permanent position. Apple wants to promote the Mac App Store as much as possible. I don't see the company regularly suggesting that customers venture outside the Store.

• Apple could create a special section of the Mac App Store where, after careful scrutiny, selected apps that require serious exceptions to sandboxing would be allowed. This could be a win-win compromise. Developers get their previously banned programs in the Mac App Store…customers get MAS access to a wider range of software…and Apple gets to keep its restrictions largely in place. Still, I doubt we will ever see this happen. Apple has never shown the slightest hint that it wants to provide this type of exception. It's about as likely as Apple shifting gears and condoning jailbreak apps on iOS devices. Unless Apple finds itself under intense pressure (legally or via customer protest), it will not budge here.

• Apple could stick to its guns and permanently ban all software from the Mac App Store that cannot be sandboxed. Additionally, it could stop making any outside-of-the-store recommendations. When customers ask about disk utility software, for example, Apple would direct them only to solutions that Apple provides — notably OS X Recovery. Currently, Apple continues to sell software such as Data Rescue 3 in the online Apple Store. I anticipate these third-party programs will be eventually dropped from the online Store.

Less likely but also possible, Apple could modify a future version of OS X so that all software, even software not sold in the Mac App Store, must meet sandboxing requirements before it can run on a Mac. This would effectively put in an end to third-party disk utilities.

To one degree or another, this third option is the direction that I believe Apple is heading.