[eladx]

I'm not familiar with Apple's guidelines for publishing apps to the Mac App Store, but this post highlights an interesting point--

Traditionally, the burden of security was on consumers: which emails or files to open, programs to run/install, actions to approve, etc. Efforts to enhance the security of third-party software have been sporadic and limited, e.g. SELinux policies, changes to ports to use OpenBSD's pledge (systrace before) and FreeBSD's capsicum.

This is the first time I see a mainstream OS vendor forcing third-party software authors to use advanced security mechanisms (like sandboxing) as a prerequisite for software distribution through official channels.

I think it's great. I hope similar policies make it to Android and Windows.

[johncolanduoni]

Android always required sandboxing, and Windows's Store/UWP (and the older Windows 8 variant) also require sandboxing. Unfortunately Windows "desktop apps" don't have the option of using the same sandbox, but with some effort you can sandbox your program (Chrome does this to its renderer subprocesses, for example).

[contextfree]

To clarify, the same AppContainer mechanism that UWP apps run in is available for use by Win32 apps (e.g., desktop IE11 used it for "Enhanced Protected Mode"). It's not suitable as a way for users to force existing apps designed for medium trust to run under AppContainer, which I'm guessing is what you meant?

[johncolanduoni]

No actually I wasn't aware AppContainer was available to Win32 apps, I thought the only thing they could use is integrity and the pre-Vista permission model.

[ThomPete]

It's not great because it basically hinders any real development and innovation on the platform.

It's not felt as much on iOS because so much effort goes into building new features, tools and improve hardware that it feels like you are innovating even though you are sandboxed.

The OS X haven't had any real love for a long time so Sandboxing it is slowly suffocating the entire ecosystem.

[kartickv]

As implemented, yes, sandbox is a hindrance. But it could be implemented better: https://news.ycombinator.com/item?id=13844014

[ThomPete]

I completely agree have also been my suggestions.

[emodendroket]

I feel like 80% of apps are probably fine either way though.

[ThomPete]

Probably more of them, but thats not the point.

Most mac buyers never install an app after they buy their machine which means all they use the app store for is updating. You don't need an entire app store to do that.

No one uses the mac app store to find apps. There is no "browsing around installing different things to try them out" like there is on ios it's simply not how people use the computer.

Apple would be much better of with simply featuring apps they vouch for and then stay out of the rest. There are plenty of ways to deal with security that doesn't hinder development of the platform.