One problem with sandboxing is that it stifles innovation.
Many of the innovations in computers (dynamic libraries, drivers, plugins, screen grabbing, password managers, etc) came from being able to do anything on your computer. Once the sandbox lockdown is complete, you won't be able to invent new techniques that require entitlements the gatekeeper hasn't thought of already.
The sandbox marks the end of the open system. Protecting users from malware is a noble goal, but I don't see sandboxing as an effective enough tool to justify the loss of freedom. iOS is still to this day being compromised with ease despite its massively locked-down design, and I don't see the cat-and-mouse game ending any time soon. In fact, the malware danger from email and web pages is FAR higher than that from shady apps.
The motivation for the app store is purely financial, of course, which means that over the coming years it's in their interests to command as much control as possible, even to the point of eliminating unsigned apps altogether once the app store ecosystem is mature enough (plus it will allow them to finally kill Flash off all Apple platforms for good, as well as hobble all competing browsers, and, well, pretty much any software they decide to compete with). I don't see this scenario playing out well.
> plus it will allow them to finally kill Flash off all Apple platforms for good...
You can't declare that sandboxing will destroy innovation, but also actively persist that killing Flash is a good idea. Not saying you are, but you know others will.
Flash is often used as a petri dish - a way to create new experiences and test them with a real audience. YouTube, Blog.tv, many experimental video / social integration and many other innovative (today or yesterday) ideas have lived and died because of Flash. If you've never coded a Flash experience (outside of restaurant websites) and did it well (ie, bother to code it properly), you might find it hard to see this point - again, I point you to the many examples available.
When we talk about the "open web" without Flash, you're really talking about a more closed web, because the average designer / programmer can no longer contribute to the core functionality of the browser - unless, of course, you work alongside W3C.
Unless Adobe begins releasing in longer cycles, by that I mean slower than W3C's snail crawl, the idea that HTML/JS will eventually catch up to Flash is a logical fallacy given history of technology.
Sorry, my point was supposed to be that killing flash is one of the things that Apple wants desperately to do. I'm saying it in the sense that it's a BAD thing, not a good thing.
Same goes for hobbling or eliminating competing software by banning it from the app store or playing by different internal rules (entitlements not available to outside developers, for example), or strategically refusing to grant entitlements from on high.
Basically, Apple is doing successfully what Microsoft failed to do. The difference is that Apple is being celebrated for doing what Microsoft was reviled for attempting. You certainly don't hear mention of the Sherman act when Apple locks a competing app out of the iOS ecosystem, and I doubt things will be different in the locked down Mac ecosystem.
This isn't so much a problem if there's a way to break out of the sandbox. If you can give permission to just mess with anything, you can still do all these things.
Of course, in Apple-world, you can't do this. I can definitely imagine a fully-sandboxed OS that lets you allow a particular app to inject code into other apps.
Many of the innovations in computers (dynamic libraries, drivers, plugins, screen grabbing, password managers, etc) came from being able to do anything on your computer. Once the sandbox lockdown is complete, you won't be able to invent new techniques that require entitlements the gatekeeper hasn't thought of already.
The sandbox marks the end of the open system. Protecting users from malware is a noble goal, but I don't see sandboxing as an effective enough tool to justify the loss of freedom. iOS is still to this day being compromised with ease despite its massively locked-down design, and I don't see the cat-and-mouse game ending any time soon. In fact, the malware danger from email and web pages is FAR higher than that from shady apps.
The motivation for the app store is purely financial, of course, which means that over the coming years it's in their interests to command as much control as possible, even to the point of eliminating unsigned apps altogether once the app store ecosystem is mature enough (plus it will allow them to finally kill Flash off all Apple platforms for good, as well as hobble all competing browsers, and, well, pretty much any software they decide to compete with). I don't see this scenario playing out well.