Mac App Store Failure

One of our goals for version 3, was to address a user-request to get Espionage into the Mac App Store (MAS). We thought we succeeded in this, but it looks like this was only a momentary success. Apple’s June 1st sandboxing deadline hit, and we thought we were safe because we were already in the store, but this turns out to be not true. Apple didn’t make this very clear, but they’re preventing non-sandboxed applications from receiving feature updates in the MAS. So all non-sandboxed apps in the MAS are essentially “dead in the store”.

We’re unable to sandbox Espionage because of a bug in Apple’s operating system (rdar://10419391), and we have a feeling they won’t fix this bug anytime soon. Since we’re not able to update Espionage in the MAS anymore, we’re going to have it removed from the store.

We’re asking users who purchased Espionage in the store to switch to the non-MAS version of Espionage, and to contact us using the following instructions so that we can send you a license to it. If you purchased Espionage in the MAS, please read these instructions before switching to the non-MAS version of Espionage.

How To: Switch to non-App Store version of Espionage 3

Step 1: Locate your copy of Espionage in the Applications folder and then right-click (control-click) on it, and choose Show Package Contents:

Step 2: Locate the receipt file in Contents > _MASReceipt > receipt. Copy this file to your Desktop (drag it while holding the Option key):

Step 3: Visit this link and enter your information. Click ‘Choose File’ (Safari) or ‘Browse’ (Firefox) and select the receipt file on your Desktop. Then click Submit. Your Espionage 3 license will be emailed to the address you provided, so make sure there are no typos.

Step 4: After you receive an email with your license, download Espionage 3 from its website, and replace your copy of Espionage with it. Then register it with the license you received. Don’t replace your copy of Espionage until you receive your license.

That’s it!

We apologize for the inconvenience that has been caused by this situation. On the bright side, we no longer have to wait for Apple’s approval to release updates to Espionage, and 3.0.1 will be released shortly.

34 thoughts on “Mac App Store Failure

  1. Reply

    Gaurav Jain

    Does this mean that you will be bringing back some of the features you had dropped from Espionage 2?

  2. Reply

    Joe

    And on the bright side, you’ll be able to re-implement application associations… maybe?!
    Since you are no longer under the freaky control of apple, that would be a good way to regain your customer base and make everyone happy 🙂

  3. Reply

    Steve Noble

    Does this mean we will get application associations back in v3 and I can upgrade? 😀

  4. Reply

    George Regan

    Thanks for being on top of this, and for responding so quickly. Sandboxing can have its advantages, but sometimes Apple takes it too far. Well done.

  5. Reply

    Greg Slepak Post author

    We’re still on the fence about application associations. It’s possible to bring them back now, but remember that we had multiple reasons for removing them. Some of the changes that Apple made in Lion make it difficult for us to support application associations, especially their sandboxing of data.

    For example, an application can have its data in one location, but then the developer chooses to sandbox their app and suddenly OS X will move the app’s data to another location. This type of situation makes application associations a risky and difficult feature to support. We’re still mulling over whether to do it or not.

  6. Reply

    Alex

    I bought Espionage, but I don’t have it installed. What am I suppose to do now? I don’t have the Receipt file. Thanks.

  7. Reply

    Greg Slepak Post author

    @Alex: Please don’t use these comments for support-related questions. For those feel free to reply to the email that was sent to you (which is our support email, support at taoeffect dot com).

    If you don’t have a receipt file it means either you’re not looking in the right place, or you did not get it through the Mac App Store and this blog post doesn’t apply to you.

  8. Reply

    Franklin Potenz

    Do I need to delete the MAS version before installing this version? Do I need a new password?

  9. Reply

    CJ

    Does the fact that espionage 3 is not sandboxed mean that there are security vulnerabilities in this program that could be exploited?

  10. Reply

    Greg Slepak Post author

    @Franklin: if you follow the instructions you’ll see that you first use the script to get a new license, then you replace your copy of Espionage with the one from our website. Replace it automatically “gets rid” of the MAS version, so you don’t need to delete anything. I’m not sure what you mean by a new password, if you mean the password to unlock Espionage, no, you don’t need to do anything with that, it will be the same.

  11. Reply

    Franklin Potenz

    Fabulous. Thanks so much for the quick reply. Yes, I did mean the password to unlock Espionage.

  12. Reply

    Ross Martinek

    More important from my point of view than application associations is automatic backups. Any chance that feature will be restored?

    So far, I’ve been pretty underwhelmed with the Mac App Store, anyway. Vive la liberation! (And pardon my undoubtedly execrable French.) ;^}

  13. Reply

    Greg Slepak Post author

    @CJ: Sandboxing shouldn’t make a difference to the security Espionage provides your data.

  14. Reply

    Greg Slepak Post author

    @Ross: backups were necessary for Espionage 2 because of the way it moved the disk image that contained the encrypted data around, but since Espionage 3 no longer does that, built-in backups are no longer necessary. Time Machine and any other backup system you use is best to backup Espionage’s data now. See Espionage’s help on backups:

    http://www.espionageapp.com/EspionageHelp/pages/usg-backup.html

  15. Reply

    CJ

    Greg – Im not worried about the data – Im sure thats safe. I understand why Apple is requiring sandboxing – much as it is a pain to developers – Im asking if because the application is not sandboxed and thus has access to all (or many) system functions, is the software vulnerable to malware that could latch on and thereby infect my system.

    I think the encryption espionage placed on the sparse bundles is bomber. Just curious if apple is paranoid or if there is legitimate risk.

    Thanks

  16. Reply

    Brett

    To me at least, application associations are important, and was one of the reasons I purchased Espionage. I want Mail, and OmniFocus, and Skype data encrypted and managed automatically, and when I quit the app, I want the disk auto-locked.

    So now, I hope those can come back. Add some warnings if you need to, or only if you check the “Advanced” box or something, but it was/is an important functionality for me.

  17. Reply

    Hank Ort

    I’m deeply disappointed. I for one was pleased with Espionage 3 being available through the MAS, partly because I assumed that it was sandboxed. I’ve been a satisfied customer of Espionage 2 and I was excited by the improvements in 3, but I now do not relish having to tinker with the set up again & losing the MAS support. I can’t help but feel that there’d been one or two things that you might have explained a little bit more explicitly when you suggested users to upgrade to Espionage 3.

  18. Reply

    Greg Slepak Post author

    @CJ: the fact that Apple has a sandbox for some apps, and not for others, means, in my opinion, that very little has changed in terms of the fundamental security of the system. A piece of malware doesn’t necessarily need any other application to “latch onto” to do its dirty work, it can simply do it itself. I can send you a program that deletes your whole Home directory if you run it. Apple’s sandboxing doesn’t have anything to do with that. If Apple forced all apps to be sandboxed that would be different, but without a huge change to their OS they can’t do that without creating a lame operating system that can’t run useful software. Sandboxing protects against a certain class of attacks, like opening malformed documents sent over the internet that have found an exploit in some document format (like a malformed PDF file, or a bug in Flash via a sandboxed Safari).

    For apps that don’t have much to do with the opening of documents possibly retrieved from the internet, sandboxing doesn’t mean much. At that point it’s more of a safety for Apple to prevent malware from entering its store due to one of their app reviewers missing some clever piece of code. Before, a bad app on the store, could, theoretically have deleted your home directory after say a month of inactivity, or searched your mac for some piece of data to send back to its mothership. Now they can’t do that. Yippee. For established developers with software that can’t get into the store, it simply doesn’t mean much. They wouldn’t do that (as it’s against their business interest and reputation) and customers know that and have been fine with it since computers have been around.

  19. Reply

    CJ

    Greg. That makes a lot of sense. Thanks for clearing that up for me. I obviously wouldn’t expect YOU as a developer to include malicious code – I just wasn’t sure if somehow an update could be hacked and have malicious code attached to the email – or someone could fictitiously distribute an espionage 3 update that could then infect the application. But theoretically that “could” happen with any application, and as you said, most applications are not sandboxed anyway. I guess thats even more reason to only download straight from the taoeffect website.

    Either way, you’ve thoroughly answered my question. Thank you.

    PS – What is that little anchor symbol on the bottom left of the ‘inspector’ box? Is it intended to have any useful purpose? Just curious.

  20. Reply

    Greg Slepak Post author

    @CJ: It keeps the window “anchored”, in the sense of preventing it from fading away, when you switch to another app like the Finder.

  21. Reply

    Ryan

    What is rdar://10419391 ? Apple’s bug tracker is private so I can’t look that up myself.

  22. Reply

    Greg Slepak Post author

    @Ryan: that’s allowing the command ‘hdiutil’ to run in the sandbox. Espionage needs that command to manipulate the disk images. We were kinda shocked when we discovered that of all the command line tools on OS X in /usr/bin, *that* was the one that didn’t work in the sandbox.

  23. Reply

    Michael

    Im sure I can look this up but since your guys started this post, can someone explain to me what exactly sand boxing is?

    I read the previous post on some of its benefits and so im thinking its basically just a way to make sure apps are contained within a package are not spread all over the operating system – is that right?

    Sorry for being a computer newb lol

  24. Reply

    ADK

    PLEASE bring back some of the features from the last Espionage 2 app now that you are not strangled by MAC’s limitations.

    I am patiently standing by!

  25. Reply

    Greg Slepak Post author

    “its basically just a way to make sure apps are contained within a package are not spread all over the operating system – is that right?”

    @Michael: no, it’s the act of running an application in “its own environment”. It separates the application more from other apps and the system as a whole. It limits what the application can do, like what files it can open, what functionality it can access. You can Google it for more info.

  26. Reply

    Peter Harnetty

    Though I have faithfully followed the instructions, when I select my receipt and click submit I get a message: “not a receipt”

  27. Reply

    Greg Slepak Post author

    @Peter, contact our support (support at taoeffect dot com) and send your receipt file along with your full name and email.

  28. Reply

    Peter Harnetty

    I have now been able tog submit my receipt. When you open the receipt folder, leave it open after dragging copy to desktop.

  29. Reply

    Espionage User

    Just wanted to add a belated vote of support for finding ways of restoring application association, to whatever extent’s technically feasible, now that you’re no longer constrained by the app store. I get that this is a technical challenge, but it’s a key reason that I originally chose Espionage, and I’m sure the feature would make a huge difference for many considering their options.

  30. Reply

    Lee J.

    Just one simple question: will any version of 2.x run on Mountain Lion?

  31. Reply

    Greg Slepak Post author

    @Lee: We’ve tested 2.8.13 and it runs on Mountain Lion.

  32. Reply

    Per Inge Oestmoen

    I do not understand why independent developers accept to have their software distributed through App Store.

    As a customer, I avoid App Store. Apple is the provider of Apple computers and the operating system. They are good at this.

    But I see no logical reason why I should let Apple decide for me what kind of applications I can install.

    Lastly, I do not want automatic installation. I want copyable files which can be backed up. This is very important, and the main reason why I neither use nor recommend App Store.

    I want to avoid App Store – I want to make my own choices.

    Please discuss this – there is no sense in letting Apple have a monopoly over the distribution of software for the Mac.

    Per Inge Oestmoen, Norway

  33. Reply

    Ram

    How would I know if my software was indeed purchased through Mac store. Apologies if I may come across as being tardy and not keeping track of all my purchases. Thanks

  34. Reply

    Greg Slepak Post author

    @Ram: click the wheel icon in the bottom right of the window and see if there’s a menu item that says “Enter License…” if there is, then you don’t need to do anything, if there isn’t, then you purchased it through the mac app store and need to follow the instructions in the post.

Leave a Reply

Your email address will not be published. Required fields are marked *