Skip to main content
  1. Posts/

My Sandbox! (aka: Liability Fiasco)

·414 words·2 mins
Apple Consumerism Mac InfoSec

Mac App Store IconIt is that time again – time to decide how much credit we should allot to our users, versus how much we should “protect the user from him/her self”. Ah, the eternal dilemma – but wait, Apple to the rescue? Didn’t they pioneer the “we know what you want better than you do” model?

Actually, today’s post is a bit more technical than that simple discussion, but stick around and join the discussion, you’re sure to learn something (and contribute!)

The latest news from our (recently) beloved Apple is that (amazing) Sandbox technology is on the horizon, which will run App Store apps inside their own Sandboxes. Here are few words about sandboxing – it is basically a mechanism for computer to protect itself (and the user) from (potentially) malicious or misbehaving application that user wants to use. As security experts will tell you, there are plenty of supposedly useful applications which are just a (shameless) wrapper around virus delivery mechanism or an even simpler system that quietly looks at what you browsing to and captures user/pass you put into your (financial) website and silently sends it via the Internet to the perpetrator. After reading some interesting discussion on the subject, I decided to weigh in here.

Granted – I am as paranoid as the next guy, and you should ALWAYS know the source of Any Application you download and (even try to) run. And the issue is complex, as so far all I have seen is that users become mostly victims of increased security – how often did you call your bank because you forgot your password?! In fact, I once left a financial institution because their login procedure became 5 screens long, with pictures, symbols, pins, sentences, etc…

The punch line: if Apple Approves an App and grants it Sandbox Permissions, but later we discover that App still had Malicious Password stealer hidden deep inside? I say – We Sue Them! They performed a Paid service — developers Pay to get into App store and share cut of profit. Given that the aforementioned paid service had Primary purpose of Vetting an app for our (naive) users’ consumption, I see door wide open for Class Action. Seriously, given the size of Fiasco (millions of accounts stolen?), no 100 page License agreements we all carelessly click through will protect them.

So, Apple – for your own good – let the users free! Or better yet – Respect that they (sometimes) know what they’re doing!