Mountain Lion's Gatekeeper to bring optional app restrictions to OS X

2

Comments

  • pendergastpendergast Posts: 1,358member
    Quote:
    Originally Posted by MacDevil View Post


    Agreed. I also think that if Apple were to implement this feature in iOS, it would pretty much kill jailbreaking for good. At that point, the only reason to jailbreak would be to pirate apps, and I doubt any of the current dev team would be interested in making jailbreaks solely for that purpose. Maybe this will come to the iPhone in iOS 6?



    What would be Apple's motivation? Their current iOS model is working fine, better than fine.



    I'm sure they'd rather take the same approach to OS X, but because it isn't built from the ground up like iOS and has legacy users, they can't be that dramatic. This is the next best thing.
  • pendergastpendergast Posts: 1,358member
    Quote:
    Originally Posted by lkrupp View Post


    Mark mine and other's words. This panic over security and privacy will give way to whining and complaints about usability and functionality after panicked users say no to every data request



    "This app would like to use your current location. WARNING! Saying yes may compromise your privacy."



    User: Well NO then.



    Call to Apple tech support: "This P.O.S. device of yours can't find any restaurants around me. WTF, I paid good money for this junk and it doesn't work. I'm calling my lawyer and I'm gonna sue your asses off. I want my money back or ELSE."



    Support tech: "sigh........"



    I don't understand the hubbub regarding location data. Who cares if someone knows where I was? I'm probably not still there, unless it's my home (and that's listed in the phone book).



    Much more concerning is contact info (since sensitive info is often stored there, because people were under the illusion it was private), and provides much less benefit in exchange for a lack of privacy (location at least makes searching a lot easier, contact info is basically good for playing "...with friends".
  • techguy911techguy911 Posts: 262member
    Quote:
    Originally Posted by MacDevil View Post


    Agreed. I also think that if Apple were to implement this feature in iOS, it would pretty much kill jailbreaking for good. At that point, the only reason to jailbreak would be to pirate apps, and I doubt any of the current dev team would be interested in making jailbreaks solely for that purpose. Maybe this will come to the iPhone in iOS 6?



    Lol, you're moving in the wrong direction. I'll eat my shoe if they enable non App Store apps in iOS 6. Though I think they should do that, there are downsides. If everyone starts turning off the protection and downloads apps from wherever, there could be a big trojan/infection issue on the devices. And of course Apple will get the blame and claims that their platform is insecure and virus prone, it's already happening on OSX.
  • nasseraenasserae Posts: 3,145member
    Quote:
    Originally Posted by I am a Zither Zather Zuzz View Post


    IOW, it continues to tank.



    Unfortunately for you it is not.
  • mrstepmrstep Posts: 446member
    Quote:
    Originally Posted by maciekskontakt View Post


    It does not sound like a major feature requiring new OS build. Why can't this be add-on to Lion or even to Snow Leopard?



    Oh I got it... beacuse I need to buy new computer from Apple to make sure revenue is okay.





    I was hoping that foolish installer check on hardware codes could be skipped to allow to upgrade OS (some managed this with tricks and it works fine). Some of us upgraded Core Duo to Core 2 Duo and 64-bit apps work fine (not kernel as it is in 32-bit mode).



    I think I will be forced to upgrade those few computers when this new cat comes, but I hope it will not be the quality of Lion/Windows Vista.



    It's probably because they're not actively adding new features to Snow Leopard, and moving from Lion to Mountain Lion will (assuming the trend continues) run $29 and give you better integration of a slew of other features with your iOS phone/pad.



    It sounds like a great middle ground - signed, but not walled. The walled part is very restrictive in terms of sandboxing, so this should be the pretty-well-trusted but full-featured alternative that covers the other 99% of legit apps. (Wonder if Apple will be able to revoke the certs in cases where someone turns out to ship malware?)



    Anyway, this feels more like what Lion should have been - maybe that's why it's Mountain Lion (as Snow Leopard was mostly optimizations to Leopard). Looks promising at first glance.
  • tallest skiltallest skil Posts: 40,861member
    Apple won't ever do this with iOS. What they WILL do is continue to add APIs until you can SAFELY do with apps in the App Store everything safe that you can do with apps via jailbreaking.



    And THAT is how they'll make it pointless. Eventually there will truly not be any reason to jailbreak other than to pirate.
  • hmurchisonhmurchison Posts: 11,890member, moderator
    GK = best solution to the problem of Trojans and other Malware.



    Maximum security = Mac App Store



    Good security - Signed apps



    Less security - Unsigned apps.





    We all are computer enthusiasts so we're more versed in what and where to go than rank and file consumers or the children of said consumers. GK allows them to choose multiple sources for their apps yet still feel secure in knowing that no malware riders are coming along. Winning
  • nagrommenagromme Posts: 2,834member
    Oh no! Apple has added options, while taking nothing away! Those big meanies!
  • techguy911techguy911 Posts: 262member
    Quote:
    Originally Posted by Tallest Skil View Post


    Apple won't ever do this with iOS. What they WILL do is continue to add APIs until you can SAFELY do with apps in the App Store everything safe that you can do with apps via jailbreaking.



    And THAT is how they'll make it pointless. Eventually there will truly not be any reason to jailbreak other than to pirate.



    They're already most of the way there. The Android folks like to describe using Apple devices like being in a locked down jail, you're suffering a horrible existence not able to do anything. Maybe someone can post some things we're missing out on that non-rooted Android devices can do. I have 2 Android phones and a Xoom tablet I use for development and I haven't been blown away by any amazing new things I can do with them to make me realize I was suffering all these years.
  • jonyojonyo Posts: 106member
    It's not this new option to disallow signed apps/ID'd devs that worries me, it's the possibility of a future OS X version that removes the option and simply disallows unsigned apps. I want choice, and I'd be naive if I believed that Apple would never deny approving a dev for something other than malware reasons.



    We've seen it with iOS already, an app that doesn't do anything malicious, but does something that goes against apple's agreements with others (ie- tethering apps not allowed because of deals with carriers), and suddenly *I* can't do something with MY computer that isn't anyone else's business and shouldn't be subject to whatever agreement between apple and whoever that I certainly never agreed to.



    Anyhow, I'm not trying to be all "the sky is falling", I'm just trying to take a look at past and present trends to extrpolate where the OS might be going.
  • hmurchisonhmurchison Posts: 11,890member, moderator
    Quote:
    Originally Posted by jonyo View Post


    It's not this new option to disallow signed apps/ID'd devs that worries me, it's the possibility of a future OS X version that removes the option and simply disallows unsigned apps. I want choice, and I'd be naive if I believed that Apple would never deny approving a dev for something other than malware reasons.



    We've seen it with iOS already, an app that doesn't do anything malicious, but does something that goes against apple's agreements with others (ie- tethering apps not allowed because of deals with carriers), and suddenly *I* can't do something with MY computer that isn't anyone else's business and shouldn't be subject to whatever agreement between apple and whoever that I certainly never agreed to.



    Anyhow, I'm not trying to be all "the sky is falling", I'm just trying to take a look at past and present trends to extrpolate where the OS might be going.



    You cannot extrapolate much here. Apple curates their Mac App Store but they don't curate app outside of the store. All they ask is that you sign your apps with a developer ID. They're not allowing nor preventing any features other than you proving that your app



    A. Comes from you

    B. Does not have any malware injected



    Everything else is just a slippery slope logical fallacy.



    There's absolutely no way to explain GateKeeper to a sane and logical human and not have them understand the benefits.
  • techguy911techguy911 Posts: 262member
    Quote:
    Originally Posted by backtomac View Post


    I guess I'm going to be in the minority but I think Apple's approach on this is perfect.



    If you want to download anything then click that box. But defaulting to MAS and trusted developers will enhance security and that just makes for a better end user experience.



    Aha, but not everything is black and white. White is today, no restrictions. Black is a complete unbreakable ban on non app store non signed apps, which I think Apple won't do. But, where does one draw the line?



    Going into settings as administrator and enabling? Mountain Lion



    Opening terminal and entering some obscure command line entries? Mountain Lion +1 or +2?



    Opening some system level files in a text editor and changing some lines?



    Downloading some new system files from a website and replacing them in the root level file system?



    Booting with a specially made bootable CD to make changes to the system to allow it?



    Sure us technical people will still have control over our systems, but once you go past an easy switch or informative popup helping you turn off the option, it effectively ends for most users. Probably ending the non-app store market.
  • wigginwiggin Posts: 2,196member
    Quote:
    Originally Posted by NasserAE View Post


    Based on Apple website, the Developer ID is only used to verify that the app is not malware and the app hasn't been tampered with. Apple will not be checking apps to make sure they meet specific standards. There is no "submit" and no approval process for any app.



    But if you use unpublished APIs or do something else down the road Apple doesn't like can they revoke your developer ID? Do you have to have an internet connection the first time you launch an application to get it validated (the description sounds like no)? Apple has a history of tinkering with the developer agreement for iOS, and not always in good ways.



    Quote:
    Originally Posted by jonyo View Post


    It's not this new option to disallow signed apps/ID'd devs that worries me, it's the possibility of a future OS X version that removes the option and simply disallows unsigned apps. I want choice, and I'd be naive if I believed that Apple would never deny approving a dev for something other than malware reasons.



    We've seen it with iOS already, an app that doesn't do anything malicious, but does something that goes against apple's agreements with others (ie- tethering apps not allowed because of deals with carriers), and suddenly *I* can't do something with MY computer that isn't anyone else's business and shouldn't be subject to whatever agreement between apple and whoever that I certainly never agreed to.



    Anyhow, I'm not trying to be all "the sky is falling", I'm just trying to take a look at past and present trends to extrpolate where the OS might be going.



    Overall I think it's a good thing; but at the same time, like you, I'm wary about how much further Apple will take it in future versions of the OS.
  • nasseraenasserae Posts: 3,145member
    Quote:
    Originally Posted by Wiggin View Post


    But if you use unpublished APIs or do something else down the road Apple doesn't like can they revoke your developer ID? Do you have to have an internet connection the first time you launch an application to get it validated (the description sounds like no)? Apple has a history of tinkering with the developer agreement for iOS, and not always in good ways.



    If Apple wanted to do that then why even offer it?! You guys are not making any sense. They could have put two options (Mac App Store or Everywhere). But they didn't. They offer a middle grounds that is Developer IDs. No app store limitation. No API limitations. No revenue sharing. The only disadvantage is that developers don't have access to iCloud and PN services.
  • charlitunacharlituna Posts: 7,083member
    Quote:
    Originally Posted by NasserAE View Post


    You will have to get used to pay $29 a year



    THey have't mentioned a price. It could actually be less.
  • solipsismxsolipsismx Posts: 19,566member
    Quote:
    Originally Posted by charlituna View Post


    THey have't mentioned a price. It could actually be less.



    I suppose it could be a different price but it never occurred to me that it wouldn't be $29 per household.



    With the rate of Mac growth and the ease of purchase afforded by the Mac App Store I bet they really could make this $9.99 and still make more money than with Lion.
  • asciiascii Posts: 5,363member
    It's not too much to ask people to sign their work. Of course, that doesn't guarantee it's safe, it just gives you someone to blame. But not even that, because an originally clean app could later be compromised by malware. If I was a dev, I would implement sandbox at the same time as I sign my app.
  • backtomacbacktomac Posts: 4,579member
    Quote:
    Originally Posted by techguy911 View Post


    Aha, but not everything is black and white. White is today, no restrictions. Black is a complete unbreakable ban on non app store non signed apps, which I think Apple won't do. But, where does one draw the line?

    .



    But I think it is black and white and I think Apple will and should break non signed apps if a user chooses to only have MAS store and signed apps on their computer.



    But this is a good compromise for users like me who have apps, MacPractice and SpringCharts EHR, that are not and likely will not ever show up in the MAS. But these developers will almost assuredly apply for the digital ID and have signed apps. Their business model does not work for MAS store distribution.



    I see this as great sign as it gives some flexibility to developers who have niche applications, usually enterprise in nature, that aren't amenable to MAS store distribution. How do you sell client/server applications by the number of users via the MAS? Its heartening to me to see that these developers aren't going to be pushed off the Mac platform.
  • backtomacbacktomac Posts: 4,579member
    Quote:
    Originally Posted by ascii View Post


    It's not too much to ask people to sign their work. Of course, that doesn't guarantee it's safe, it just gives you someone to blame. But not even that, because an originally clean app could later be compromised by malware. If I was a dev, I would implement sandbox at the same time as I sign my app.



    Yeah I'm disappointed that GK isn't more capable of nuking malware. I wish that GK was capable of disabling an application that initially has a signature stamp but was later found to be malware.
  • johnmcbostonjohnmcboston Posts: 188member
    I'm wondering if this feature is going to be like Windows - it warns you so often you just get use dto hitting OK all the time, never bothering to read the dialog any more; and eventually saying 'OK' to something bad.
Sign In or Register to comment.