> On the other hand if the app pulls an Adobe and leaves tons of relatively heavy crap strewn about, yeah it should probably come with an uninstaller.
Google is guilty of this sort of things as well. Well, it was anyway at some point. I somehow managed to get rid of everything, including their updater that re-installs itself regardless of what you do to remove it.
I wish we had more control over sandboxes so we could put some software in solitary confinement with no possibility to write anything anywhere without asking.
The new notifications when some software installs a background service is a step in the right direction.
> I wish we had more control over sandboxes so we could put some software in solitary confinement with no possibility to write anything anywhere without asking.
I’d like this a lot as well, but expect it to come with the usual griping from devs about desktop OSes improving their security models and/or giving the user more control over what third party software can do. Anything short of full access to everything seems to be seen as tyranny.
There’s one legitimate dev gripe that Apple has yet to solve properly:
Storage of (paid) license data.
Apple deals with it for first party apps by tying licenses to the App Store, but for any company who chooses to distribute themselves a true sandbox means they cannot store license data or even worse: they have to store it “out in the open” (which is to say: in a location that’s obvious and where piraters can start to reverse-engineer it).
Now, to be clear: I’m very much on the camp of “security through obscurity is not security at all”, but what I am saying is that there’s a significant and legitimate unsolved problem for devs to gripe about when it comes to sandboxes and restrictions.
While I kind of agree I’m increasingly of the opinion that piracy isn’t a battle worth fighting, with pirates mostly consisting of those who wouldn’t have been customers anyway.
I have yet to publish any commercial software, but if I were I think I’d go the route of Sublime Text and the git client Fork which as far as I know stop at simple local license verification. If my business were so sensitive to piracy that its existence were threatened by it I’d probably make my main product an online-only subscription instead.
I’m increasingly of the same opinion as well, but that choice is up to the companies and developers who make the software and if they decide to implement license verification there’s no way to do that reliably within a sandbox (unless of course it’s online-only, but then you get a whole different issue affecting offline users)
Definitely agree. Getting all the licenses in order is a huge pain when setting up a machine. I use notes in the iCloud Keychain but that’s a bit of a kludge. Some first party support would be great. The infrastructure is already there for this stuff to be encrypted and protected properly.
macOS already has a sandbox. In practice many sandboxed apps can't actually write to /Library or ~/Library. They write to a sandboxed directory that pretends to be ~/Library further containing directories like ~/Library/Application Support. The real path of that directory is generally under ~/Library/Containers.
Now for obvious reasons Apple cannot force all macOS apps to be sandboxed. It was already a PR hit when they required Mac App Store apps to be sandboxed.
> macOS already has a sandbox. In practice many sandboxed apps can't actually write to /Library or ~/Library. They write to a sandboxed directory that pretends to be ~/Library further containing directories like ~/Library/Application Support. The real path of that directory is generally under ~/Library/Containers.
I know that: what I would like is more ways for the users to control this. I expect these companies to do everything they can to evade restrictions, and I’d like some ways to tighten the rules more than the defaults for some applications. I think from the OS perspective everything is there already, just not accessible through any UI.
> Now for obvious reasons Apple cannot force all macOS apps to be sandboxed. It was already a PR hit when they required Mac App Store apps to be sandboxed.
Indeed. But overall it’s an improvement for user security, just like SIP and the read-only system image.
> The new notifications when some software installs a background service is a step in the right direction.
I like that, too! Except that, at least for me, the bug is still present that I get notified of a background service that was added days, weeks, or years ago … over and over and over and over and over, even if I have turned it off.
Google is guilty of this sort of things as well. Well, it was anyway at some point. I somehow managed to get rid of everything, including their updater that re-installs itself regardless of what you do to remove it.
I wish we had more control over sandboxes so we could put some software in solitary confinement with no possibility to write anything anywhere without asking.
The new notifications when some software installs a background service is a step in the right direction.