|Is The Walled Garden About To Close Around MacOS?|
|Written by Mike James|
|Wednesday, 10 April 2019|
Apple's grip on the walled garden that is iOS is complete, but MacOS X comes from a freer time. Are the current moves to notarization a way of building a wall around MacOS apps? It's going to be the default for new devs in 10.14.5 and for all in a future version.
The problem with trusting your future to a big company is it obviously doesn't care about you, only about the many yous that make it successful. In this case the problem is that a lot of programmers use Apple machines to do their development work in MacOS and any reduction in freedom might have some unintended consequences.
MacOS X is based on Unix, BSD to be precise, and back in the late 1980s no one could have imagined that walled gardens for software were even possible, let alone desirable. Today we are much more willing to accept the constraints, in the belief that it delivers a lucrative market for our products. The only truly locked down system is iOS - you can't distribute a program unless it is with Apple's permission and approval. Both Google Android and Microsoft Window's stores are optional and you can run and distribute programs as you like.
Being introduced in the days of free access to hardware and free distribution of software, MacOS X had no walled garden, but you could opt to put your programs into the App Store. Back in 2012 Developer IDs were introduced to allow properly signed apps that could be distributed outside of the App Store to run without GateKeeper, the app security service, putting up a scary warning. Then in September 2018 Mojave was released and it included a new faciltiy - Notarization. You could submit your app to Apple and have it notarized as being authentic:
"A notarized app is a macOS app that was uploaded to Apple for processing before it was distributed. When you export a notarized app from Xcode, it code signs the app with a Developer ID certificate and staples a ticket from Apple to the app. The ticket confirms that you previously uploaded the app to Apple."
Currently you need an Apple ID to develop MacOS software and, as long as your user knows how, they can run the app and defeat Gatekeeper. Programs downloaded are marked as unsafe with a quarantine attribute set. Gatekeeper stops the user running the app unless they right-click and choose Open.
The fear is that notarized apps are a way of making Macs more secure in that notarized programs downloaded from places other than the App Store are trusted.
All seems well but...
Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. In a future version of macOS, notarization will be required by default for all software.
This is being interpreted by some as the removal of the ability to run unsigned software. The problem of interpretation is the use of the term "default". Does it mean that there is an alternative that isn't the default? Could this just be "get it from the App Store"?
Who knows, but more important than what Apple actually intends, as we really have no choice but to wait and see, is that it is thinkable that Apple might lock down macOS X like iOS. We already know that there is an intent to merge the two operating systems in some sense - why not in the sense of a single walled garden?
There was an innocent time for programmers when users owned their computing machinery 100% and did with it what they wanted, even if it involved running malware. Protecting the user is a great idea, but does it have to be by locking up the programmer?
Fear and Loathing In The App Store
or email your comment to: firstname.lastname@example.org
|Last Updated ( Wednesday, 11 September 2019 )|