Is The Walled Garden About To Close Around MacOS?
Written by Mike James   
Wednesday, 10 April 2019

Apple's grip on the walled garden that is iOS is complete, but MacOS X comes from a freer time. Are the current moves to notarization a way of building a wall around MacOS apps? It's going to be the default for new devs in 10.14.5 and for all in a future version.

appledev

The problem with trusting your future to a big company is it obviously doesn't care about you, only about the many yous that make it successful.  In this case the problem is that a lot of programmers use Apple machines to do their development work in MacOS and any reduction in freedom might have some unintended consequences.

MacOS X is based on Unix, BSD to be precise, and back in the late 1980s no one could have imagined that walled gardens for software were even possible, let alone desirable. Today we are much more willing to accept the constraints, in the belief that it delivers a lucrative market for our products. The only truly locked down system is iOS - you can't distribute a program unless it is with Apple's permission and approval. Both Google Android and Microsoft Window's stores are optional and you can run and distribute programs as you like.

Being introduced in the days of free access to hardware and free distribution of software, MacOS X had no walled garden, but you could opt to put your programs into the App Store. Back in 2012 Developer IDs were introduced to allow properly signed apps that could be distributed outside of the App Store to run without GateKeeper, the app security service, putting up a scary warning. Then in September 2018 Mojave was released and it included a new faciltiy - Notarization. You could submit your app to Apple and have it notarized as being authentic:

"A notarized app is a macOS app that was uploaded to Apple for processing before it was distributed. When you export a notarized app from Xcode, it code signs the app with a Developer ID certificate and staples a ticket from Apple to the app. The ticket confirms that you previously uploaded the app to Apple."

Currently you need an Apple ID to develop MacOS software and, as long as your user knows how, they can run the app and defeat Gatekeeper. Programs downloaded are marked as unsafe with a quarantine attribute set. Gatekeeper stops the user running the app unless they right-click and choose  Open.

The fear is that notarized apps are a way of making Macs more secure in that notarized programs downloaded from places other than the App Store are trusted.

applewarn

All seems well but...

Important

Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. In a future version of macOS, notarization will be required by default for all software.

This is being interpreted by some as the removal of the ability to run unsigned software. The problem of interpretation is the use of the term "default". Does it mean that there is an alternative that isn't the default? Could this just be "get it from the App Store"?

Who knows, but more important than what Apple actually intends, as we really have no choice but to wait and see, is that it is thinkable that Apple might lock down macOS X like iOS. We already know that there is an intent to merge the two operating systems in some sense - why not in the sense of a single walled garden?

There was an innocent time for programmers when users owned their computing machinery 100% and did with it what they wanted, even if it involved running malware. Protecting the user is a great idea, but does it have to be by locking up the programmer?

 appstoreicon

More Information

Notarizing Your App Before Distribution

Banner


iOS 17.4 Released With Support For App Stores In The EU
06/03/2024

I have written about Apple's approach to complying with regulation, characterizing it as malicious compliance. It also seems that Apple is a master of creating the unintended consequence and letting i [ ... ]



100 Episodes of 5mins of Postgres
08/03/2024

The popular PostgreSQL explainer series is celebrating its 100th release and beyond. Let's take a look at what it makes it so special.


More News

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

 

Last Updated ( Wednesday, 11 September 2019 )