I'm not convinced the Mac sandbox adds much security at all yet, for one big reason: do you know what entitlements a sandboxed app has?
There is a command-line tool to list an app's entitlements, but it's not at all easy to use, or even find. I haven't found a way to determine the entitlements of an App Store app without installing it (and hence, paying for it, if it's not free). I expect that basically no users will ever look at this. It's a bit like the device in Dr. Strangelove: the whole point is that you're supposed to tell people!
In a perfect world, Apple wouldn't approve an app for the App Store which did something nasty (like upload the user's address book to a spammer), but it's impossible for them to catch everything even if they never made a mistake. Besides, every entitlement has legitimate uses.
Security is helped by transparency. It would be great if users could see what sandboxed apps are allowed to do. They can't, and at worst this makes users feel safer without actually being safer.
There is a command-line tool to list an app's entitlements, but it's not at all easy to use, or even find. I haven't found a way to determine the entitlements of an App Store app without installing it (and hence, paying for it, if it's not free). I expect that basically no users will ever look at this. It's a bit like the device in Dr. Strangelove: the whole point is that you're supposed to tell people!
In a perfect world, Apple wouldn't approve an app for the App Store which did something nasty (like upload the user's address book to a spammer), but it's impossible for them to catch everything even if they never made a mistake. Besides, every entitlement has legitimate uses.
Security is helped by transparency. It would be great if users could see what sandboxed apps are allowed to do. They can't, and at worst this makes users feel safer without actually being safer.