Windows 8 will contain an app sandbox and multiple privilege levels

4

ht_BuildaSandbox_hero_image

One of the joys of running a Windows Phone 7 handset is not having to worry about applications messing up your device.  Due to all 3rd party applications being heavily sandboxed the worse an app can do is run your battery down, and then only while it is actually running, and all problems are solved by a simple uninstall.

Now it seems the same level of carefree-ness will be coming to Windows 8. Mary Jo Foley reports on some insider information which suggests Windows 8 Marketplace apps will not just have to go through certification, but will also be very boxed in, preventing them from harming your computer.

She reports that apps designed for the finger-friendly “immersive” environment will run in the “lowbox”, new Windows 8 security sandbox.  Developers will have to declare the permissions APPX apps need explicitly, and they will only be provided with the access they declare ahead of time. Long Zheng had a look at the so called “AppXManifest.xml” for Appx and notes that it is even more extensive than Windows Phone 7.

In the manifest the developer will need to declare:

  • Application identity – name, publisher, version
  • Application architecture – processor architecture, type of application, framework required, operating system version
  • Dependencies – name, publisher and minimum version of other required applications
  • Capabilities – networking, file system and profile capabilities requested by the application
  • OS extensions – associated filetypes and protocols, AutoPlay, “Charms”, notifications, splash screen
  • Tile customization – logo, name, description and colors for the tile-based user interface

Long notes the AppX format is universal enough to work for everything from native Win32 applications to framework-based applications and even web applications.

According to Mary Jo there will be 5 “buckets” of apps, with Web apps considered “Bucket 3″ apps, Immersive apps “Bucket 4” and Legacy or “classic” managed and native apps are considered “Bucket 5. Bucket 1 and 2 are unknown at present.

Having a high level of security and a tightly managed experience will allow Windows to move from an operating system that needs a level of care and attention to an appliance just like your toaster, fridge or television, which is what is necessary to be competitive with iOS devices and which may be the undoing of Android based devices which encourage deep customization (until now at least).

Read more at ZDNet here.

About Author

  • GP007

    I’m gonna take a shot in the dark and say bucket 2 is user level services and bucket 1 are OS/kernel level services. Unless this is JUST apps and nothing low level.

    • http://twitter.com/Saad073 Saad Hashmi

      Yeah that’s what I was thinking too.

  • Anonymous

    Wow – when Balmer said this would be the riskiest yet he wasn’t exaggerating.

    Good on you MS for looking forward – tighter control on Windows is what is required if it will make the successful jump to mobile devices and the arm architecture.

  • Hoss

    soooooo where’s this sandbox capability at?