I pulled my app from the mac app store after 5-6 months and haven't looked back since.

My sales were quite good but the sandboxing made it impossible to do any real innovation on the OS X platform which my app is trying to do. Getting any help from support was impossible and so I decided to sell from my own website instead.

Whether pulling it was the reason why my sales have gone up I don't think there is a way to validate but it had no negative effect on my sales quite the contrary.

I was in the top 10 on the app store for a while and it had no effect on my sale. Only getting featured means anything for your sales which makes me conclude that the mac app store add no value what so ever to either user nor developer.

Apple should shut it down and simply focus on featuring apps they think are worth featuring instead of creating an app store which create a million apps with no value to anyone not even the developers yet they still create a lot of noise.

If not that they they should at least allow the user to decide whether they want to give access for the specific app to things outside the sandbox.

I've been a Mac user since almost forever and an iOS user since also almost forever. I never use either store for discovery, largely because I can't imagine any way to do that and get good results. If I open the App Store on iOS and see something neat, I'll check it out. If I open the App Store on macOS, then either I'm going to my 'purchased apps' or 'updates', or I'm following a link from someone's website.

Both stores are terrible places to find apps; I think it was John Gruber who said that the Mac App Store is a warehouse, not a storefront, and I think that's only become more true on macOS. People find good apps on the webs via Google and then click through to the app store.

Getting featured is neat, but beyond that you have to do all the hustle yourself, and if you're doing all the hustle I don't see the point in paying Apple a 30% cut if you can avoid it.

But contrary anecdata -- if I have a choice between a great app not in App Store and a just ok app in store, I buy from the Mac app store.

The experience across multiple Macs and new Macs is too convenient to give up.

I'd imagine this is even more true with a multi-Mac family with family purchasing enabled.

I will happily pay 2x for "don't make me think" features like one stop updates, purchase history and new machine restores, etc. Time is money, in the long run this convenience is cheaper.

OTOH, I buy a ludicrous number of apps so maybe my problems aren't typical.

1) I moved countries, now half my apps are on a separate account I have to log into separately randomly (sometimes updates need it, sometimes not...) and logging in and out of Apple IDs always confuses their system mightily.

2) Several of the apps left the app store...

So now if I see an app in the app store I'll look for it on the web to buy from the dev directly.

Even after re-purchasing an app that you already bought, it does not always show up in your purchases list. E.g., I bought Pixelmator before I moved. It won't show up in my purchases list. I have to purchase it again (for free) every time I install a Mac.

The next time, I will just try to keep a local bank account and will not migrate the account.

I did feel a little guilty that the dev was losing 30% but I did it anyway.

Now. With many apps I use shifting out of the App Store, it's a liability and I think twice before buying on the AppStore if I think I may be stuck on an older version after the developers shift to direct purchase.

The experience across multiple Macs and new Macs is too convenient to give up.

This and sandboxing. You can do sandboxing outside the App Store, but almost no developer does. I don't want most apps to have access to my complete filesystem.

If I am setting up a new computer, I have a shell script that installs all of the programs i commonly use, both CLI tools and GUI apps. The only caveat is that this won't work for Mac App Store apps. For that reason, I always get the non-mac app store app. I guess App Store is somewhat convenient, but IMO not as convenient as:

$ brew cask install 1password

or

$ ./install-all-my-stuff.sh

You can add a 3rd party repository in most Linux distributions.

I really wish mobile/ARM devices were more of a universal platform like PCs. That way we might have seen more fully OSS linux distributions come to mobile and give us a real viable alternative to Google and Apple.

In contrary on my Linux with i3 WM, and minimal set of updates - sometimes I do JIT install an app, use and uninstall, because it's kind of small and fast.

Here's an anecdotal counterpoint that occurred to me just yesterday. The Witness is a very highly-rated game that's been available for PC for over a year. It just got released for mac the other day, much to my delight. Thing is, I only discovered that because of its featured spot on the Mac App Store.

Try googling for 'the witness mac'. You'll see links to the App Store, articles about when it might be released, rants about it not being released, etc. It's very strange - even the developer's site doesn't announce the release!

I'm not sure this proves anything, it just seemed very relevant :-)

The AppStore adds value to the user: convenience when downloading and updating, sharing between computers and some level of guarantee that the app won't harm your computer or spy on you.

Of course, app developers being how they are, they still managed to screw this up by implementing analytics, or unpublishing v1 and publishing v2 as a separate app so that one loses access to the old purchased versions.

Additionally, most non-AppStore developers go through the trouble of signing their apps in order not to scare away users, but then serve the download over a CDN and don't publish the signature info over a secure channel that they control.

As long as people have an officially supported option to download and install software by themselves, the AppStore's convenience and security outbalance its drawbacks. It should be improved, not shut down like you want.

In general, Apple seem strike a good balance between security (gatekeeper, sip, AppStore) and freedom (one can turn the above off and install whatever they want).

Somehow I suspect if Apple had not implemented it, there would be just as many blog posts ranting about how insecure iOS app are and how Apple is not serious about security.

The mac app store caters to the kind of people who dont use apps. Most mac users never install new apps on their mac than those already there.

The reason why being top 10 have no effect on sales in the mac store and have huge effect in the ios store is because people dont browse around installing new apps all the time.

So its really just a menace to everyone including the users who actually use their mac professionally.

Almost no developer uses sandboxing outside the Mac App store. Most apps outside the App store can see your whole filesystem and modify random files in your home directory. That is gross.

The App Store on iOS is mostly a success - users are happy, and the only complaints are from developers trying to get visibility for their shit app that nobody is interested in. The Mac App Store for OS X, on the other hand, is a complete failure. You are locked into a single sandbox mode, with no way to ask for extended permissions from the user. The Mac App Store could die tomorrow, and nobody would care. You're a single Google search away from downloading the software - and hey, the company doesn't lose 30% for absolutely no reason.

If anything hurts their brand its the utter lack of carring for the osx platform.

This is short sided. $AAPL cash cow is obviously mobile, however I don't agree that they don't care about desktop. I assume your referring to the blog outrage about the new MacBook Pros? News flash, the bloggers who were complaining the loudest and making the biggest noise on HN and in the news are a small minority. Notice how you don't see daily stories bashing Apple as much now.

See $AAPL chart: https://www.google.com/finance?chdnp=0&chdd=1&chds=1&chdv=0&...

Today's OS X development is pretty lame by those standards.

- Introduction of an OS-level hypervisor (Hypervisor.framework).

- Much better security and resistance against rootkits (SIP).

- A new filesystem (APFS).

- The introduction of a far more modern programming language for development (Swift).

- A new graphics API (Metal).

Sure, some coincide with features added to iOS, but I see that as a strength. There are also user-visible changes, but I care less about them. To me, the WIMP paradigm seems to have reached a local optimum and I don't think anyone is helped by Windows 8 or GNOME 3.0-like experiments.

The stuff you list is nice if you're developing software for the Mac, I suppose. I can't get too excited about the prospect of better software when the underlying OS is getting steadily worse.

OSX releases before Lion had much more innovative stuff, e.g.

* 10.4: spotlight, dashboard, automator, CoreImage, CoreAudio

* 10.5: time machine, spaces, cover flow, quick look, boot camp

Those are user-level improvements.

- Dashboard: never used it. Fiddled for 10 minutes and decided it's not useful.

- Automator: maybe some Alfred workflows that I use, use automator, but I never used it directly. I also don't think anyone outside power users write automator scripts. And these are the same people that can benefit from APFS or Hypervisor.framework.

- Spaces: gone. I am still sour about this though ;).

- Time machine: not that great in practice. Especially with a Time Capsule/Airport often results in backup sets that are broken.

- Cover flow: never used it, not saw the point.

- Boot camp. Never used it.

So, I and most Mac users that I know don't use half of these features. I also know quite many non-techie users that don't even know that Spotlight exists (they launch applications via the Dock and use Finder).

Also many people who use the mac are people who use it to develop other things like web services and ios apps. They use it as an actual actual productivity platform and create much of the value of the iPhone ecosystem.

Apple is basically lining up for it's own demise in the long run, the more they tighten the rope around the developers and kill much any of the thinking which should be helping them build the fundation of the future.

But perhaps the mac have just become a nuisance which needs to die. In that case they are doing a great job.

The app store has nothing to do with that as most normal users dont download anything.

The mac was considered secure long before the app store.

Not true. I buy a new machine and I have all of my existing apps from the App Store downloaded and safely installed without much effort. I have two computers so it also helps that I have access to any of my purchased applications without having to download again fro. The dev website and search through emails to find some license key.

There's also security. I don't know you -- why would I trust you? With the Mac App Store, there's a reasonable expectation that I'm not downloading malware. If one of my family members who aren't tech experts want to buy app -- what assurances does anyone have that they aren't downloading crapware? I am not saying that off-store products are bad -- I use plenty; however for the great majority of users, the App Store provides security, convinience and ease of updates that just don't compare to dealing direct with some unknown developer.

As far as developer convenience it really depends on marketing and infrastructure -- the App Store provides a very easy place to sell without needing to deal with infrastructure relating to billing or refunds. It also simplifies tax compliance, foreign currency and reporting.

Saying there is "no value" seems to misunderstand what "value" means.

We all get that the App Store is worse in some ways for you as the developer, although I disagree there as well.

But you seem to be trying to make the jump that it's bad for users as well. Even when multiple users tell you that they prefer it.

Here's another account you can handwave away: I strongly prefer to install from the App Store vs another channel. It provides lots of value to me.

Here's the real question for me: What percentage of users who regularly install 3rd party apps would prefer to install them via the App Store?

I bet it's a large majority.

And no it's not the real question. If anything, the real question is how many actually even install 3rd party apps via that App Store which according to a couple of reports I have read is surprisingly few. Most mac users don't install any new software after they purchase their mac. But even that is besides the point of this discussion.

My own experience being a top 10 paid app for a while in the app store was sobering as it have been to so many others. There was literally no boost to sales compared to before which basically means that all traffic was traffic I generated myself not something apple provided. If the majority of people only use the app store for updating apps then it is perfectly reasonable to question whether the value that it provides a few who do use it regularly outweighs the many who do all the hard work to actually get people to buy their app and apple still be taking 30%.

It reminds me of the New York real estate market where you find your own apartment do all the hard work yet still pay 15 of a years rent to a real estate agent.

Furthermore if you actually read what I have been writing instead of just cherry picking you would also know that I have nothing against the app store as a concept it makes perfect sense for ex iOS because Apple keeps improving that platform.

What I have something against is Apples handling of the macs' and neglect which is the only reason we are in the situation that we are in where I had to move out of the app store. And it's the current state of the app store I am talking about not some ideological tirade against it.

It's a much bigger discussion than "asking the users about the value" which in this context isn't important. Of course some people get value out of it but not as many as you seem to believe and the real question is whether the negative consequences of the sandbox is really serving the macs future which in my opinion it's not and which is actually what this debate is all about.

Do you have any examples of things you needed to do but the sandbox prevented you from doing?

http://www.ghostnoteapp.com/

If you check out the video you can see what I am using it for.

When I started developing it there was no problems, then around when I pushed it to the app store Sandbox rules got more strict (Around Maverick) in Yosemite they made it impossible to have things run in the background instead it made a spinning gear up in the menu bar because we were using applescript which was so annoying and gave us so many complaints. We were not the only ones as you can see here https://discussions.agilebits.com/discussion/33333/spinning-...

I tried to talk with support about finding ways around that but they basically told me that was I was trying to do was not really allowed anymore and I would most likely not be approved next time.

The only way to get rid of the spinning gear was to use a different kind of library which wasn't allowed in the Mac App store so I pulled it.

There are exceptions, like your app. But this is actually something that I don't want any app to do. It's a huge privacy violation.

How hard is it to pop a modal operating system dialog saying "Application X wants to be able to monitor running processes?" It's not. Apple has simply failed to find the middle ground.

My app extracts translations from surrounding source code if so configured. Requires extra permission prompt from the user too. That's just two non-exceptional examples.

- Some app developers are collecting data and sending it to Google Analytics already (Little Snitch tells me). Why wouldn't they also peek at what competitor's apps are installed? Or what other things I am interested in? This is not paranoia, a lot of Android apps they already do this (the flashlight app that wants access to your SMSes is an extreme example).

- Vulnerabilities are a matter of life. If some application is compromised, I don't want the attacker to have unfettered access to all my data. Again, this is scenario not far-fetched, from regular vulnerabilities in applications to hacked download sites where applications are infected with malware [1] [2].

[1] https://www.macrumors.com/2016/03/06/mac-ransomware-transmis... [2] https://transmissionbt.com/keydnap_qa/

You can have permission models for these things. I am not asking for untethered access to the entire machine without any permission.

I would even be fine with both having to ask Apple for specific permission via the app submission process and then ask the user if it was ok to give access to specific things.

There are so many ways this could be solved both gracefully and effectively but because apple have decided not to use any real resources on the osx it doesn't happen.

I fully agree with this. The ideal model if Apple cared more, would be: fully sandboxed by default, the application can ask extra permissions.

But given that Apple does not do this, for me as a user 'sandboxed' is a better default for me than 'not sandboxed'. I can install/purchase the few applications that are absolutely impossible without sandboxing (e.g. VMWare) outside the App Store.

My point is simply that the mac app store adds almost no value as most people don't use it for installing apps.

They use it for updates.

But we are making it optional.

The store gives the users a relatively safe place to get apps and be rather confident it's not going to screw up the entire system.

This is similar to jailbroken iPhones. Sure you can do it, but the risk is much greater for the average user.

Sandboxing is just a side-effect of Apple not wanting to deal with any support issues stemming from selling apps that brick users machines.

The mac was probably even more reliable before the Mac App Store existed. As for safety I've been using macOS since Panther and I've never had a security problem.

Not allowing apps outside of your store is like not allowing your kids outside. It works on the short term, but it's a terrible strategy in the long term. Users, like kids, need to learn common sense.

Malware is deceptive, ever evolving, and constantly violates user expectations in a way that you really can't stay on top of unless you devote a fair amount of attention to understanding how these things work. Mac users aren't necessarily more or less gullible than their Windows or even Linux counterparts[1], but they are used to a more relaxed experience online. When Mac malware and adware really started to hit more than it had in the past (Safari toolbars, MacKeeper, and search hijackers, etc), a lot of the users I supported just kept getting re-infected because what was once safe for them to do suddenly was riddled with malware sites that just read the UserAgent of the browser and deliver the proper payload; people who were used to searching simple stuff like "[textbook].pdf" or "game of thrones.torrent" and would just hit back when a .exe would download now had to actually watch out because they were getting .pkgs and .dmgs to install.

I think Apple's goal with the Mac App store is sound - they saw the changing environment and it was just going to be a matter of time before their users started wondering why the Mac system wasn't as protected as iOS. It's tough to sell people on the security of one of your products when the other one is riddled with adware.

Developers and power users I think all exist in the know enough to be dangerous zone, and they should rightfully know how to get applications that are deemed unsafe for the Mac App store. They certainly have to know how to turn off Gatekeeper or make exceptions to install other apps, they have to in order to get some of the common terminal tools they want, so I'm not sure how the Mac App store is the great impediment to such users.

I understand the complaints of the devs that are in the distributing in the Mac App store - 30% off the top is harsh (though the trade off I guess is that now you get access to the pool of Mac Appstore gift cards that Apple throws out every year), and you get, more or less, the Apple seal of approval. For some, like for commenter ThomPete elsewhere in this thread, the app just didn't mesh with the Appstore because of how it functioned. But for a lot of apps it's just fine - everything they need to do works well within the confines of the store, or the Devs work to create parity between the versions. Daisy Disk, one of my favorite apps I've found from the App Store, does this - there are some limitations in the App Store version, but they adjusted their license to allow parity between the two releases and ensure that regardless of where you bought it, you got the app as it was intended. I really don't think this is much of an issue at all for users who are seeking extended functionality on OS X - if you want to leave the sandbox, it's very easy to do so; just pick a direction and go. But usually the reason for leaving the sandbox is pretty intentional; a lot of the kids are pretty happy just playing in the sand with everyone else, and that's to Apple's credit, not to their shame.

The App Store more or less does what it should and does it well. Pricing needs to be adjusted, as I'd rather devs not have to sacrifice 30% off of already meager prices to the Apple beast. But it's a nice system, and I wish they'd extend it to have a proper package management system baked in, a la apt-get or pacman or yum.

[1] If you think a linux user is automatically more savvy, try sending one just about any semi-malicious bash command and tell them to try it, and watch how many will happily punch it in, even if it requires sudo, or how many will happily copy and paste any command from online without checking it first.

They even tried with a whole campaign around it called Back to the Mac which was all about making the two feel more alike (which means more like ios).

They didn't make it because of security, they made it because of ease of use and because the ios app store was a huge success.

It is easy to use, but it's slowly killing the future of the ecosystem which might be intentional it sure feels like that.

There is no reason for why my app couldn't work on the app store. Apple just haven't put in the work to solve for permission properly which is one of the biggest issues developers have with the Sandbox.

Most users don't install new apps after they purchase their machine so it's not for them.

Almost no one uses the mac app store to look for apps and those few who do are met with a horrible experience and without any way of knowing if what they are getting is quality app.

Advanced users can't get the apps they need on the app store.

All the app store is really doing is sucking the life out of the apple ecosystem.

Indeed. Good luck getting a refund.

Apple should move to automatic refunds for the Mac and iOS app stores just like the Google Play store does.

Same thing on iOS... I rarely search for an app through the store. Usually the first thing I do is google for discussion threads on sites like Reddit.

That is speaking from a User Experience Prospective.

As a user, this makes me want to get apps from the app store rather than downloading directly. It bothers me that apps can write arbitrary files. I'd much rather they be sandboxed so that when I tell the OS to delete the app, everything goes with it.

-download from App Store; app runs normally

-function in app hits boundary

- OS: "app Example has request access to <files: all/this directory/this folder> this time/always/not now/never"

Would solve this problem pretty quick right?

I don't want handbrake to have access to my photos, I'd love Native fine-tuned permissions like this.

If you put an exit door on a sandbox and give the user the key, it isn't a sandbox anymore.

But this sort of thing is universally considered a bad idea: https://i.imgur.com/H0uVqFe.jpg

http://nshipster.s3.amazonaws.com/core-location-always-autho...

Anecdotally, my tech-adverse friends choose Don't Allow when in doubt.

Unfortunately, with the state of the macOS dev team at Apple (merged into iOS?) chances for a feature like this are kinda slim.

Access /foo?

Access /bar?

Access /baz?

But you have the seed of a great idea, which is that the app developer should explicitly request permission, so that they can request it once in a way that covers all the folders they need, rather than one by one. Like:

if requestAccess("~/Documents") == ALLOWED {

// Do the work.

} else {

print "Sorry, the app needs access to your documents"

}

The key thing is that all apps start with zero permissions, and escalate their access only when needed, rather than starting with full permissions, as happens today, which is insecure.

[1]: https://www.littleflocker.com/

I mean, yes, that's what it's doing. But a permission system that allowed it to say "Rewrite URL references for a, img, style, video, etc. tags, modifying the protocol, except where you also need to modify other things like s|^http://(\w{2})\.wikipedia\.org/wiki|https://secure.wikimedia... would essentially be presenting me with the source code for HTTPS Everywhere to approve.

And I certainly don't want it prompting on each website, which would be the natural way to implement a permission dialog system. Remember in the late '90s when web browsers would ask you for every cookie, or prompt you when going from HTTP to HTTPS?

Meanwhile, if a remote-code-execution bug is ever found in HTTPS Everywhere, it will have access to literally everything I do on the web. So it's not clear the permission system is really helping anything.

Another browser extension might want to automatically save images I come across to a directory. That one would prompt for access to my Documents folder. It wouldn’t request URL rewrite privileges, or camera, etc.

EDIT: So to answer your question, what is “something”? In this case, that would be: “HTTPS Everywhere wants to be able to edit the web addresses you visit”. Or something like that.

It can't just be the web addresses you visit, since it needs to change embedded tags inside the page to request https urls.

For example, the first time I use Chrome to visit a website, it would trigger a dialog requesting permission to “Connect to websites” (i.e. initiate outbound TCP connections toward ports 80 and 443).

The first time I tried to use WebRTC, the dialog would appear for that.

It is ridiculous we are having this conversation about strictness of a sandbox requirements in the App Store and in another thread people bitch about Dropbox acting like an out of control virus.

As a user: I want it all sandboxed.

That doesn't work for all of your use cases, but it solves some of them (the backup app and file compressor, if you're only backing up your own stuff and not the whole laptop).

I think there are two forces at work here. One is the increasing lack of trust in any piece of software downloaded on phones and computers. This because advertising, spyware, spies, etc. The other one is the habit of renting vs owning. People is used not to really own music, books, apps, etc and even files to some extent. They are in the cloud and we can lose access to them if the owner of the cloud terminates our account. So we're growing accustomed with the idea that less and less of what we use and produce is really ours. Pieces of the hw, sw and data we paid for are somebody's else property. That's bad IMHO.

I'm not on a Mac and I'm backing up all my laptop, included configuration files owned by root and other system users. I understand that non technical users are fine with appliance like laptops that can be returned to the manufacturer and replaced with a new one as I do with a refrigerator. As a developer I prefer to keep control over my stuff. If I were in the refrigerator industry I would probably like to service my fridge myself.

In general though, the idea is not to grant extra permissions to one process but to run other programs that DO have the required permission. This can all "appear" to be happening in one application on macOS even though multiple subprocesses are involved.

• On every new computer/device, I don't want to visit multiple sites and separately download every app that I use/prefer to keep available.

• Likewise for updates.

• I don't like obnoxious developers being "too smart"; There are things that I do not want apps to be able to do by default, on any of my devices, and I don't want you to attempt them unless I unambiguously allow each specific action.

• I prefer to look in one place for new apps and games.

• I prefer to link my payment and personal info to as few places as possibles.

However, I definitely agree that both the Mac and iOS App Stores suck at discoverability, the MAS especially so. It's baffling that such high profile storefronts are missing many basic filters in 2017.

http://fortune.com/2015/10/13/apple-merge-ios-os-x/

(They also said they would not launch a small tablet and so on...)

https://www.wired.com/2015/09/steve-jobs-stylus/

We know it's not happening because Tim Cook has explicitly said so. Additionally, it doesn't make financial or engineering or UX sense.

Mac OS X and laptop and desktop hardware will become more and more of a distraction. We've seen them stagnating already. As a unix, Mac OS X is a rather elderly BSD.

They may keep a laptop device in the mix, but it will be more like a chromebook and run iOS.

Again, I'm speculating.

[Citation needed]

Otherwise you have to do the hack he was talking about where you download and install the helper from the internet and the controller is installed from the Mac App Store.

Wouldn't this work?

-download from App Store; app runs normally -function in app hits boundary - OS: "app Example has request access to <files: all/this directory/this folder> this time/always/not now/never" Would solve this problem pretty quick right?

I don't want handbrake to have access to my photos, I'd love Native fine-tuned permissions like this. Seems like you could adapt this to any functionality be it location/file access/ability to do certain things etc etc. you know... just like iOS does

There are exceptions, of course, and that's where things get nasty, but there's surely an optimum compromise encompassing some level of sand boxing and some level of permission management, rather than the extreme of 'everything goes' or the opposite extreme of 'no functionality'.

- There is no way to provide automatic software updates for sandboxed apps. For Mac App Store apps, that doesn't matter (MAS takes car of updates), but for apps distributed outside the MAS, this is pretty much a deal breaker.

- Many technologies are not available for sandboxed apps, eg. shared memory. This makes it hard hard to distribute some popular software on the Mac App Store (eg. PostgreSQL)

- Unix Socket Connections outside the sandbox are not possible. This makes connecting with a lot of services (eg. SSH Agent) impossible.

- the whole sandbox mechanism is buggy, poorly documented, poorly supported, and error logging in insufficient.

I currently distribute a sandboxed app outside the Mac App Store, and I'm considering to remove the sandbox for the above reasons.

Allowing automatic software updates requires leaving a big fat hole in your Sandbox...

(And what's the point of restricting your app to a sandbox, when it can replace itself with a non-sandboxed app?)

You raise an interesting point about security. It's about what you trust. Do you trust the app, or do you trust the developer of the app and their update infrastructure too. To have auto updates you need to do the latter.

Although strictly true, Unix DAC is a security model that stems from the 60/70ies. When a malicious actor gets read (or write) access to your home directory, it is pretty much game over (think cryptolocker, identity theft, loss of sensitive files, etc.). With vulnerabilities in internet-facing software being a fact of life, you want compromises to be restricted to their own little sandbox, not all the files in your home directory.

Hence, I have decided to always purchase the App Store version of an application when available and to think twice if there is no App Store version. I do not want to give a random developer full access to my filesystem.

Surely an app can only do that if it requests escalated privileges. By default, I would expect it to have the same filesystem permissions as the user that launches it.

There's the scale issue. Apple served perhaps low single-digit percentages of the PC market, which ranged from the tens to hundreds of millions overall, so millions to tens of millions of users, most affluent and educated. Computer usage is highly democratised now.

Which gets to the third point: mobile OSes are targeting user populations in the billions, across the globe, and at all manner of educational and literacy levels. If you think there's any possible way that's not going to target the lowest possible skill level, or that that skill level isn't tremendously low (see a recent OECD computer skills survey across the G-20: about half of all users have either no or the very most basic computer skills), well, I'm sorry.

There's a reason wide adoption leads to generally de-skilled products.

Instead, permissions should be implemented at the OS layer, not just for Mac app store apps. Here's how it would work:

- An app could specify a list of permissions, like on Android.

- One of the permissions would be "unrestricted", which is equivalent to today's unsandboxed apps.

- The first time you try to run an app that requires unrestricted permission, macOS will tell you the app could be dangerous and ask for confirmation. This is similar to how Gatekeeper warns about unsigned apps, but here the focus is on what the app can do, not who made it.

- If a legacy app didn't specify a list of permissions, it would be treated as "unrestricted".

That way, there's no incentive for developers to leave the Mac app store. Security is increased for all users, no matter where they download the apps from. This mechanism doesn't restrict the power of the platform, what developers can do.

I don't see how your idea would lead to anything else when it asks in even more cases that UAC does. Most developers will just not specify a list or just specify restricted, like they did on Windows when UAC came out.

You're right that the permission prompts need to be expressed in an understandable way. For example, don't ask "Do you want to allow Skype to open TCP port 800?", which sounds like gobbledygook to non-technical users. Instead ask, "Do you want to allow Skype to expose your device on the Internet?" or something along those lines. Or maybe skip this prompt, since if Skype is sandboxed, the danger of opening a port is reduced. Basically, make an intelligent tradeoff between security and usability.

You're right that it will be harder for users to understand than iOS, but it's still better than the "anything can happen?" status quo.

Traditionally, the burden of security was on consumers: which emails or files to open, programs to run/install, actions to approve, etc. Efforts to enhance the security of third-party software have been sporadic and limited, e.g. SELinux policies, changes to ports to use OpenBSD's pledge (systrace before) and FreeBSD's capsicum.

This is the first time I see a mainstream OS vendor forcing third-party software authors to use advanced security mechanisms (like sandboxing) as a prerequisite for software distribution through official channels.

I think it's great. I hope similar policies make it to Android and Windows.

It's not felt as much on iOS because so much effort goes into building new features, tools and improve hardware that it feels like you are innovating even though you are sandboxed.

The OS X haven't had any real love for a long time so Sandboxing it is slowly suffocating the entire ecosystem.

Most mac buyers never install an app after they buy their machine which means all they use the app store for is updating. You don't need an entire app store to do that.

No one uses the mac app store to find apps. There is no "browsing around installing different things to try them out" like there is on ios it's simply not how people use the computer.

Apple would be much better of with simply featuring apps they vouch for and then stay out of the rest. There are plenty of ways to deal with security that doesn't hinder development of the platform.

I want my apps to be sandboxed to protect my computer. I want my apps to all be in a central repository that automates a bunch of painful processes (buying, updating, etc).

But the Mac App Store is a dumpster fire at the moment. Its impossible to find the thing you want, its hard for developers to comply. Its the worst possible outcome of the store concept.

Apple really needs to lift its game.

I do see that it's incompatible with many OS augmentation programs, but for the App Store to reduce security would be pyrrhic. What we need is a user-granted sandbox opt-out, so that I can unencumber only programs I believe need it and won't abuse it, without taking the App Store's benefits from those programs.

I'd add a third one: buying is 1-click and shares no info with the seller. As opposed to the usual "navigate this crappy checkout process and get spammed forever" one.

What our OS overlords need to do is create great App Stores which are intended to promote the apps that explicitly cannnot do things within a sandbox, etc., and for the rest, increase hooks that are provided to web apps so they can act as first class citizens as well.

I am a big , not huge, but big fan of Apple but in this case of me surrendering control.

Μολων λαβέ

[1]: https://caskroom.github.io/

Most of the apps I make use the sandbox with no problem.

Guy I know paid thousands of dollars for commodity "libraries" like XML parsers, ZIP utilities, FTP/SFTP, all because there wasn't anything out-of-the-box for his VB6 product.

Maybe for every complaint about article titles, I should respond with a demand to simplify them even further with "Up-Goer-Five" talk[1]. After all, if we're protecting people from having to think, we may as well lower the vocabulary requirements as well.

[1]https://xkcd.com/1133/

Boo fking hoo. If you didn't want to sell to consumers then the choice of selling your app in a less consumer convenient way would make sense. If you just don't want to do a little extra work or are put off by Apple's consumer focused restrictions, you can just go away if you ask me.