This was in the OS X 10.4 days, which is why Apple changed how Input Managers worked starting in 10.5. This is not a theoretical risk mind you, there’s already been a bit of malware that took advantage of earlier implementations of OS X’s Input Manager to spread itself about. Sandboxing obviously increases the latter and decreases the former, and one of the specific reasons is to keep applications out of each other’s business. There’s stuff that’s allowed, and stuff that is not. The point is, for any OS to play “good code/bad code” is a fool’s game. But a black hat using those same tools would do very different things with that data.
I use a number of tools for things like security scanners that allow me to see if there are any holes in my setup, so I can patch them. The same technique can be used for good or ill. So what’s the difference, other than intent and use of the data? Well, nothing. Handy, no?īut if you’re an evil dev, then you look for things like phone numbers or numbers separated by a ‘random’ dash or space, or the heck with it, just copy everything typed, and send it out to a server somewhere.
You type, say “mosx” and poof! “Mac OS X” appears on your screen. Now, if you’re an awesomely cool dev like Smile Software, there’s no harm. For example, by reaching into another application’s process, and oh, I don’t know, monitoring everything the human types, and taking predermined action if the “right” thing is typed.
So okay, sandboxing is designed to protect against malicious code exploiting an application. Turns out not everyone is happy with Apple’s sandboxing rules App Sandbox also minimizes the damage from coding errors in your app or in frameworks you link against. But first, let’s see a tl dr explanation of sandboxing:Īpp Sandbox provides a last line of defense against stolen, corrupted, or deleted user data if malicious code exploits your app. I find all this somewhat amusing and depressing because all I can think is “ …and you’re SURPRISED by this?” If you have even a conceptual grasp of sandboxing, the fact that TextExpander’s new version won’t be in the Mac App Store should be about as surprising that one won’t find daisies growing in a tar pit. So, a story tailor-made for the “blogosphere” hit recently, of the new version of TextExpander 4, and how it’s a “victim of sandboxing.” ( If you say that like you’re an 80-year-old southern belle reaching for her hankerchief and fainting couch, you get the general mood of things.)