back to article Don't get the pitchforks yet, Apple devs: macOS third-party application clampdown probably not as bad as rumored

Imagine for a moment the possibility that macOS 10.15, due to arrive later this year, will run only apps signed with a valid Apple developer certificate, with no option to white-list unsigned apps via the company's Gatekeeper security mechanism. That would mean the only application code you could run on macOS 10.15 would be …

  1. Maelstorm Bronze badge
    Boffin

    I have always considered Apple Computer Inc. to be the Nazi's of the technology sector. It will be a boon to system security if only signed apps can be run since malware is not signed. However, I do not like the $99 entry fee for the pay to play model. This is why I stay clear of Apple. Microsoft does not have such restrictions, and Linux/Unix you can do whatever you want. Android recently introduced a new version of their development kit which is also $99, but is not as restrictive as Apple is as to what APIs you can use and such.

    With that said, one must consider the target audience. Most people who buy Macs are not computer savvy. So changes like these will actually protect these users. However, it puts additional burdens on the developers because now more hoops have to be jumped through to install applications onto the system now.

    Just my 2 cents.

    1. Olivier2553 Silver badge

      It will be a boon to system security if only signed apps can be run since malware is not signed.

      Security provided by signed applications is about as good as security provided by an anti-virus. It must be safe because it is signed/accepted by the anti-virus. That is, until a flaw is discovered.

      Companies that plan to renew their Mac pool should be very careful, because if the news happens to be true, things they use their Mac for may become impossible: time to change platform unless Apple clarifes the issue.

    2. Anonymous Coward
      Anonymous Coward

      "but is not as restrictive as Apple is as to what APIs you can use and such."

      With freedom comes anarchy, with control comes order.

      Look at the sh1tshow that is the android app ecosystem.

      1. Jamie Jones Silver badge

        ... then improve the sandbox. Forcing all apps to be signed is band-aid security theatre.

        1. Lee D Silver badge

          Yeah, because Windows code-signing solved ALL the malware problems on that platform, didn't it?

      2. JohnFen Silver badge

        I'll take that shitshow any day of the week if the alternative is to only be able to run programs that Apple says I can run.

    3. Anonymous Coward
      Anonymous Coward

      Leave it up to the end user

      You should have three system states:

      1) totally wide open (i.e. like today)

      2) one time pop up requiring admin approval (i.e. Windows 7 type UAC) to sign unsigned code with a system signature

      3) signed code only (i.e. enterprise IT lockdown model, $99 pay to play)

      The default should #2, so if you compile code yourself it attaches a user signature ("signed by DougS") so you can run it yourself without doing anything extra. If someone else on your Mac or who downloads it to another Mac wants to run it, they need admin permissions to attach a system signature ("signed by MyMac") which lets anyone on that Mac run it.

    4. Ian Joyner Bronze badge

      Apple are Nazis thinking - REJECTED

      "I have always considered Apple Computer Inc. to be the Nazi's of the technology sector."

      Completely willy and wrong view. Apple have done more to put technology into the hands of people for people power than any other company. The whole paradigm was developed in Silicon Valley with people like Ted Nelson who sought to liberate from linear thinking of regular text with hypertext (and invented the hypertext link), Douglas Englebart, who invented the mouse, that Apple brought to you, Alan Kay who invented the Window, Larry Tesler, many people who have worked at Apple, all who liberated computing from any "computer controls people" thinking.

      In contrast, when I look at Windows, I see the IBM influence of it being an office computer, controlled not by the user, but by support staff. Windows does not understand windows and fills the screen with a single task by default. Remember IBM actually helped the Nazis with census machines to implement the holocaust.

      Apple have championed the people in control of machines, not machines in control of people.

      With security problems, the power is again being taken out of control of the user and put in the hands of malicious hackers. Apple is not about restricting the user, but restricting these hackers.

      "Linux/Unix you can do whatever you want'

      MacOS is Unix. It is a more secure version of Unix than Linux.

      "Most people who buy Macs are not computer savvy."

      Most people who buy a computer are not computer savvy. However, some people who buy Macs are the most computer savvy people I know.

      "However, it puts additional burdens on the developers"

      Exactly the way it should be. The onus is on developers to be both correct and secure. Following on from that comes performance.

      "Just my 2 cents."

      Not really worth the 2c was it?

      1. JohnFen Silver badge

        Re: Apple are Nazis thinking - REJECTED

        "Apple have done more to put technology into the hands of people for people power than any other company."

        I disagree. Apple was doing good on this score until the release of the Mac, when Apple decided that computers should be "appliances" that users shouldn't be allowed to mess with.

        Ever since then, Apple has not been good for "the people". It intentionally locks the people into its ecosystem, it engages in rampant anticonsumer behavior, and it does its best to deprive people of the ability to use their machines in any way that Apple does not approve of. Worse, it makes people-hostile decisions that end up affecting even those of us who avoid using Apple products.

        Apple is not as terrible as the likes of Microsoft, Google, Facebook, etc., but they are nowhere near as saintly as you describe.

        1. Anonymous Coward
          Anonymous Coward

          Re: Apple are Nazis thinking - REJECTED

          Your mistake is assuming that most people are like you. To the average person a computer and a smartphone ARE "appliances", and they have no desire to fiddle with them in the way you do. They'd prefer to have what they can do limited if it means having less chance to cause problems for themselves through clicking on the wrong link etc.

          You probably also want a car with a manual transmission instead of an automatic, a carburetor instead of fuel injection so you can work on it yourself, you think a heated steering wheel is for sissies and warning bells for not buckling up or taking the key out without turning the headlights off are dumb. Most people like those things, because most people see their car as an appliance too.

          1. JohnFen Silver badge

            Re: Apple are Nazis thinking - REJECTED

            "Your mistake is assuming that most people are like you."

            That's not possible, as I assume no such thing.

            This isn't directed at you, specifically, but I continue to be amazed at how often people try to counter my opinion by saying "most people feel otherwise". I find that to be a very weird argument, since it doesn't actually address what my opinion is, and "what most people think" is rarely relevant to what I said.

        2. Ian Joyner Bronze badge

          Re: Apple are Nazis thinking - REJECTED

          I did not make any claim for Apple being saintly – they just mostly get things right, where most others fail.

          Would you prefer we just had some latter-day Apple II? No things moved on from that kind of computing. Instead of making computers for computer people, Apple made them for the rest. Thinking of computers as appliances is the right way to think. Most of the options and configurations that need to be done on other systems are mostly rubbish, and appeal to technocrats who like to keep computers mysterious to others.

          Vendor lock in is not a consequent of what Apple does – it is just the nature of computers. Once people start using a system, they get locked into it – no matter how bad or poorly designed it is. Luckily Apple mostly do good design.

          As for "people-hostile" decisions, I completely disagree with that. Most of the others are people hostile, but Apple protects its users. What do you have in mind when you say "people hostile" anyway?

          Your third paragraph is just plain wrong, but as you admit you have something against Apple anyway.

          1. JohnFen Silver badge

            Re: Apple are Nazis thinking - REJECTED

            "they just mostly get things right, where most others fail."

            I understand, I just don't agree.

            "Would you prefer we just had some latter-day Apple II?"

            Of course not, but that's not the alternative, isn't desirable, and was never in the realm of possibility.

            By the way, I have nothing against Apple in particular. I am just against abuse, and I believe that Apple behaves in an abusive way. Not as abusive as many of its competitors, but still...

            1. Ian Joyner Bronze badge

              Re: Apple are Nazis thinking - REJECTED

              >"they just mostly get things right, where most others fail."

              I understand, I just don't agree.>

              This is not a matter of opinion. It is a matter of fact. You fail to put up any facts or reasons for what you state.

              "I am just against abuse, and I believe that Apple behaves in an abusive way. Not as abusive as many of its competitors, but still..."

              Again a bald statement, no facts, reasons, or examples – just some vague feeling you have. You need to understand what Apple is doing and why. The computing industry has a very serious security problem. Apple locking down the systems for end users is protecting them in the right way against the abuse of others. Apple builds its knowledge of security into their systems. End users have little knowledge of security, but even for us professionals we are glad to have that security in our systems.

              A fundamental of security is convenience and usability against security. We want systems that are easy to use for legitimate users, but impossible or almost impossible for malicious intent. We know that it is easy to download malicious programs, so Apple tries to prevent that happening saying applications can only come from a checked and trusted source. Your spin is making that out to be abuse by Apple, but it is exactly the opposite.

  2. tempemeaty
    Facepalm

    ¯\_(。◁゚)_/¯

    It feels like Apple poured gasoline/petrol over their head and is about to flick a lighter.

    (°_°;) *: ・゚

  3. Anonymous Coward
    Anonymous Coward

    Does anyone know if this would cause problems when trying to install Objective See's programs?

    (Or are his apps already signed?)

  4. W.S.Gosset Silver badge

    and the re$t...

    > who right now have to pay $99 a year for said status

    More importantly : PLUS 30% of all purchase/subscription fees

    .

    For any _professional_ developer/company, rather more significant than $100/yr...

    1. hellwig

      Re: and the re$t...

      Yep. I caught this statement in the article: [Apple] clearly wants to discourage reliance on unsigned apps due to the potential security and privacy risks. AND the fact that they can force people to use their distribution and payment methods, as on iOS.

      Problem for Apple is that MacOS is no where near as popular as iOS. Apple lost it's "advantage" when it switched to x86 processors. If they switch to ARM, they won't be gaining any performance back. Apple computers will be isolated boxes used only for dedicated purposes, not the general purpose PCs they were founded to be.

    2. anothercynic Silver badge

      Re: and the re$t...

      Actually no. $99 doesn't mean you *have to* use the Mac App Store or the iOS Store to deploy apps. With an Apple Developer ID, you can create your own DMGs and distribute things outside the Mac App Store. It's just that when you install the app, you install an app that is *signed* and guarantee that it's ok (because it's been checked).

      We deploy scientific software that requires some components that are unsigned because signing will not allow the actual app to communicate with some non-macOS components. But we were aware of this problem already and are looking at implementing XPC 'stuff' to replace Dbus-based inter-process comms.

      It just becomes more painful and annoying, and possibly us going 'this is not worth it'...

      1. ThomH

        Re: and the re$t...

        To expand on this:

        Join the developer programme and you get a certificate. With a certificate you can sign your software. If you like, you can also submit it to the Mac App Store, where it'll undergo further review as per Apple's fancy.

        If you locally sign your software and give it to somebody else, they can install it and launch it. With the default security settings there'll be a single confirmatory dialogue before the first run telling you who signed it and asking whether you want to proceed. From then on it'll launch like any other app.

        If you do not sign your software then under the default settings, for a first launch other users will have to right click on it and select 'Open', then confirm that they want to launch an unsigned application. It'll work like any other after that. If they just try to double click without having done the right click + open dance first, they'll be told they can't run the software as it is unsigned.

        Apps that are being put in the Mac App Store must opt in to the sandbox. Self-signed and unsigned apps have the option but needn't necessarily do so.

        So, supposing Apple were to keep everything else the same but remove the unsigned option, the main difference would be requiring that $99 payment to allow distribution by any means. On imagines they might also mandate the sandbox.

        I don't know that I would remain a Mac user in either case.

        1. doublelayer Silver badge

          Re: and the re$t...

          And one important point, MacOS does a bad job explaining this to the user*. The error message that you get if you try to open an unsigned application in the normal way states that it cannot be run in a way that makes it sound as if it is a corrupted file or cannot run on the system for some technical reason. Since 10.12, the message does not tell you why it was blocked or how to fix it. I know this as I'm the person everyone comes to when their applications don't run anymore. It's a minor thing, but it's already a wrong move on Apple's part. I don't think this is coming right now, but if it does come, I'll be moving things off the Apple machines.

          *It does a bad job explaining this if it wants the user to know what is happening, but a better job if it wants them to become confused and just not use the thing.

  5. trevorde

    May as well get a ChromeBook

  6. Dan 55 Silver badge

    Gatekeeper's a handwave anyway

    If you copy an app from physical media (DVD/USB) it won't check it. If you delete the quarantine flags from the downloaded app bundle it won't check it. It won't check shared libraries used by the app. It won't check binaries downloaded and run by the app. And you can still run UNIX binaries from the command line (I don't think they're going to change the ELF format anytime soon). And any checks it does do happen only once when you run an app the first time. It's not OS-wide protection, but just a bunch of things Finder does when you double-click an app.

    But, if they make Gatekeeper any more annoying in their next release then I will not be upgrading, because obviously this won't be the final step, but one more step in appliancing the Mac and there will be more of the same in the release that comes after that.

    1. Charlie Clark Silver badge

      Re: Gatekeeper's a handwave anyway

      And, as long as MacOS comes with a terminal you can always install binaries via the shell. As the article says, this sounds a lot like people overinterpreting rumours. Best waiting until they start releasing betas.

      On a different note: anyone know how to disable the quick action symbols in Finder? Just switched to 10.14 and now I can't see at a glance how big files are.

  7. Lost In Clouds of Data
    Go

    Doubt it is coming in 10.15

    Simply given that Apple's track record is to give folk fair amount notice on such things. iOS kicked 32 bit apps to the kerb a full 2.5 years after Apple started to enforce the '64 bit only' policy for new submissions (and only a couple of months difference for updates) to the App Store. And this was after they told the world in October 2014 that such a cull was actually happening. So, 3 years from announcement to enforcement.

    And they gave notice of the same bit-purge for OSX (or is it now MacOS?) In their June 2017 WDC address, thus giving folks around 2.5 years warning (given that they subsequently informed the world that 10.14 would be the last version to support 32 bit applications).

    I really can't see them changing tune and issuing another edict that'll severely curtail the apps folk run on their Macs barely 3 months before 10.15 could be announced.

    10.16 - sure that's a lot more conceivable, but again possibly too soon.

  8. Anonymous Coward
    Anonymous Coward

    This.....

    "As a developer I don’t trust developers with the right to run arbitrary code on their users’ devices without restriction," he said. "The number of developers that will throw in an analytics framework without thinking or asking the user to opt-in is disgusting. And developers very rarely respect user privacy."

    I work in an enterprise, and you'd be stunned at just how lazy developers are. "Oh, there's a library that does X, let's use that!" They suggest, blindly.

    And our own governments can't even get this right: https://www.ft.com/content/6dbacf74-471b-11e9-b168-96a37d002cd3

    So, I, for one, applaud this: It's not the reasonable man that changes the world, but the unreasonable.

    1. Dan 55 Silver badge

      Re: This.....

      The fact that some dev makes ten different wrappers for ffmpeg with analytics packages included then spams the internet for those paid-for apps using SEO, does not mean that I should miss out on open source software out there that probably doesn't get enough donations to pay for a yearly Apple dev certificate (that's if they even accept donations).

      Apple can add granular permissions similar to iOS (in fact, things like opening the contacts file already pops up a permission request on the Mac) but if non-mainstream users are pushed off the platform they will go elsewhere and take the software they develop with them.

      The most Apple can expect of the Mac ecosystem if they do this is that it is pared it down to the minimum - hipsters with too much money to burn and Mac Minis for developers to develop iDevice apps. I get the feeling Tim wouldn't be too bothered if this happened anyway.

      1. doublelayer Silver badge

        Re: This.....

        Because developers can be terrible means users' choices should be limited? This isn't a warning, and plenty of the terrible things that devs do would pass through a verification process. What this would do (and I doubt Apple is doing it now or in the near future), is to kill independent software, which people, including nontechnical users, use a lot more than companies think.

        Let's consider what would really happen with such a policy:

        Things that would be blocked

        1. Obvious malware

        2. Things the verifiers don't like

        What wouldn't be blocked:

        1. Applications that collect a bunch of users' data and send it off to the developer

        2. Applications that show a ton of advertising and do a terrible job

        3. Applications that pretend to do something but whose main purpose is to collect data or show advertising before it becomes obvious that they don't do what is desired

        4. Applications that the developers can break

        You can solve the malware problem by doing this. You can also solve the malware problem by confiscating the machines or turning off the internet. None of these options is the right way to deal with the malware problem.

  9. Anonymous Coward
    Anonymous Coward

    Could just be a trial balloon

    This could simply be the same thing politicians (especially in Washington) do all the time: "leak" a rumour and see how the market reacts (and you're right in that it does not have to come from Apple, seeking to provoke a reaction there).

    From our perspective, we would not mind the permissions for loading unsigned apps buried a bit deeper but barring it altogether would stop us from upgrading until Apple saw sense. There's also a lot of experimentation taking place on the platform, and blocking it would stop that - I don't think Apple can afford taking that risk.

  10. Nick Kew
    Holmes

    At the appropriate level?

    It seems to me that such a restriction could make some kind of sense if implemented at the level of the installer.

    An application you build for yourself - and even a whole ecosystem like homebrew or fink - would then fall outside the scope of Apple's restrictions. But users would have the option of Apple security guarantees.

  11. simonhh

    Windows

    When I installed Mojave and it stopped some of my macros working, and my main CAD CAM program from working, I bought a Windows 10 all-in-1 the next day. 6 core I7, UK £ 1100. I love it. A friend uses the imac as an extra monitor now.

  12. John Savard Silver badge

    Does This Change Things?

    The "foretold notarization requirement" makes sense: if a program identifies itself as signed with the authorization of Apple, then confirmation that the signature is valid, and the developer has not abused its certification to sneak in malicious code is entirely appropriate.

    Requiring all code to be signed is obviously inappropriate for a computer system - it couldn't be used as a development platform if you did that. However, making installing unsigned code something that requires clicking on a confirmation box, or enabling a developer option, is also a legitimate security measure. Android did this, Windows did this since Vista.

    Does this mean that it's not time to panic? Unfortunately, Apple is Apple - the makers of iOS, which indeed has no way of installing unsigned apps. Although there has now been a recent iMac refresh, even without this particular worry, there are indications Apple has lost interest in the Macintosh platform. Why Apple has chosen to put itself in a situation where their computers can't really be recommended to anyone, I can't explain.

  13. JohnFen Silver badge

    But users don't have the same right?

    "Your right as a developer to run arbitrary code ends outside of your machine."

    This implies that Apple doesn't think that non-dev users of Apple computers have the right to run any code they wish. If that's actually their stance, that makes their computers not fit for purpose outright.

    1. ThomH

      Re: But users don't have the same right?

      It doesn't imply anything about Apple's thinking whatsoever, being a quote from Simeon Saëns, co-founder of development biz Two Lives Left.

      1. JohnFen Silver badge

        Re: But users don't have the same right?

        You are correct. I should not have attributed that to Apple.

  14. amanfromMars 1 Silver badge

    Drawing in New Blue Bloods ...... with Fiat Honey Awards an Invigorating Reward Methodology

    Apple need only Disburse Grants to Troublesome Applications to both Practical and Virtually Own Them with Future Programs being Logged and Red Tagged for Following .... Virtually AIdVenturing Unquestionably in Promised Lands Territory...

    With AIMetaDataBase Heavy Heavenly Protection Squadrons Handling Command and Control.

    You know ...... Fleets of Angels.

    Should that be a UN AIMission Deserving of Immediate Engagement with Source re Future Supply Chain Linking for Mutually Beneficial Solution and Resolution to No Outstanding Issues.? ........ which as you may now be aware can easily be done entirely via Virtual Remote Reality Controllers turning Imagination into Information for Intelligence to Present as Facts for the Greatest of All Fictions.

    Are Apple Owners on that Field of Future Play? Waiting on Play to Pay?

    If Apple HQ are really switched, they'll have a very sophisticated direct anonymous grant program for Worthy Aspirants.

    Congratulations

    Secret Grant as Prize Lottery Win

    And then a Prime Premium Chat about the True Virtual Nature of Everything Imagined for Realisation.

    Or you could just prat about and do virtually bugger all and miss all of coming good stuff.

    You surely wouldn't want to miss the wild rides on that Particular and Peculiar Journey

    1. amanfromMars 1 Silver badge

      Re: Drawing in New Blue Bloods ...... with Fiat Honey Awards an Invigorating Reward Methodology

      If Apple HQ are really switched, they'll have a very sophisticated direct anonymous grant program for Worthy Aspirants.

      That's also where and when the Limitless Credit/Debit Card Account allows Apple to Work Magic with Proven Worthy Souls wherever they may be, but Suddenly, Perfectly Fully Armed and Almed with Almighty Plastic's Powers.

      One cannot even say what's a million or two to Apple because of the irony that there are Trillion$ to play with.

      And with there being so much, it surely means a dearth of invention and imagination to interest and energise them.

      New Blue Bloods Needed .... Almighty Plastic's Powers Application to Credit and Debit Cards via Head Quarters in 1 Apple Park Way Pay Ways this way please.

      1. Cliff Thorburn

        Re: Drawing in New Blue Bloods ...... with Fiat Honey Awards an Invigorating Reward Methodology

        If only amFM *rolls eyes*

    2. Anonymous Coward
      Anonymous Coward

      Re: Drawing... ...Methodology

      Zeroes and ones will take us there -

      https://youtu.be/hKZBdlbzTi8

      IT's good and positively met with One or Two or whatever Nr. was/is/will be in the beginning of the Sequence of 0s.... but the True XPerience "earned", which earned the quotes ESPecially for the Matter-bound and bounced Servers and Services mentioned before, is this chatter, amanfromMars.

  15. Sebastian.Q.Ostragoth

    signing fixes nothing... we already know this

    So what prevents a bad actor from getting a $99 signing cert and signing their shiny new malware? Didn't M$ go through a long period of "signed drivers mean no bad code can get into your kernel" until a researcher, tired of the BS, built a proof of concept piece of code that powered down your PC (from hazy memory) to show that signing doesn't fix the malware problem. M$ had to quickly add cert revocation lists to their codebase to 'fix' the problem... which of course still doesn't fix anything, just stops "that last exploit we noticed".

    The testing/notarisation suffers all the same issues of course. All I need to do is write malware that doesn't use recognised bad libraries and where the payload doesn't activate until after the testing is long complete. I get notarised, and it's game on.

    I'm all for security. But these aren't the answers you're looking for. (Waves hand at Apple stormtrooper.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020