Presumably this is only true if the application is trying to access your contacts through the contacts API. The files containing your in ~/Library/Application Support/AddressBook hierarchy are set to permission 600 by the user - so any application run by that user could theoretically capture those contacts, unless Mountain Lion has put some additional file permissions on them.
I understand how on it's mobile IOS, where application installations (and the environment) are theoretically vetted for their "safety" and "privacy" these protections make sense.
On the Desktop, where one needs to be very, very cautious before installing an app - it makes somewhat less sense.
Users need to be aware on a desktop that they should rarely, if ever, install an application that hasn't been thoroughly vetted by a well known and respected publisher. And the presence in the Apple Store is _not_ such a vetting (yet).
I wonder if Apple is going to try and go that direction, and lend some veil of "safety" to Apps in the Apple Store. Not sure how they can without some serious code auditing -OS X is not IOS (despite common underpinnings) and enforcing sandboxes is going to be much more difficult in that environment.
"...and enforcing sandboxes is going to be much more difficult in that environment."
This is the approach they're taking. The sandbox for applications sold from the Mac App Store will be required from a certain date (which was pushed forward due to concerns, if I remember correctly) and will be quite strict in what it allows access to.
Mountain Lion will include the Gatekeeper, which defaults to allowing applications from the App Store and applications which have been signed by Apple. While signed applications don't get their code checked, their certificates can quickly be revoked if Apple finds any malicious activity. (See: https://secure.wikimedia.org/wikipedia/en/wiki/Gatekeeper_%2... and it's references)
The good thing is that they still allow anyone to change the Gatekeeper-settings to allow any kind of applications, signed or unsigned. Had that option not existed, I bet we would be seeing a migration from OS X by developers. Most average users will probably keep the default setting, giving them a (in theory) quite risk-free environment.
> and applications which have been signed by Apple
Applications are not signed directly by Apple, but by developers who have received certificates from Apple. Apple signing applications would be a rather broken trust model.
Exactly. s long as Apple isn't heavy-handed with certificate revocations or denying new certs, then it's pretty much business as usual (with added security).
I made the point before, and it parallels the move by Firefox, Chrome and other browsers to heavily warn on non-registered self-signed certs. As an intranet web app maintainer, it was a right pain to deal with the situation. Eventually we setup our CA and it was all good.
It would be nice if we had more than just one signature authority supported by this option.
But isn't it entirely the point to be annoying? If there were only the preference pane showing which apps had accessed the data, it would already be too late. This is just like with location information on iOS — you have to ask the user before the app gets their data.
Sure. But on a first run after the upgrade it is too late too. These are all apps that we're running earlier in the day. It's beta software and probably won't be released like that.
can someone describe how is that implemented? Or rather, what does prevent other applications from reading address book directly (it has to be stored somewhere on the disk after all). On Linux, I can imagine leveraging SELinux to limit access to files, is there something similar available for OS X?
I understand how on it's mobile IOS, where application installations (and the environment) are theoretically vetted for their "safety" and "privacy" these protections make sense.
On the Desktop, where one needs to be very, very cautious before installing an app - it makes somewhat less sense.
Users need to be aware on a desktop that they should rarely, if ever, install an application that hasn't been thoroughly vetted by a well known and respected publisher. And the presence in the Apple Store is _not_ such a vetting (yet).
I wonder if Apple is going to try and go that direction, and lend some veil of "safety" to Apps in the Apple Store. Not sure how they can without some serious code auditing -OS X is not IOS (despite common underpinnings) and enforcing sandboxes is going to be much more difficult in that environment.