Apple introduces Developer ID ahead of Mountain Lion's Gatekeeper
In an email sent out on Monday, Apple invited developers to prepare their software for OS X Mountain Lion by joining the Developer ID program, which will allow for apps to run on a Mac or iOS device that is protected by the upcoming Gatekeeper anti-malware system.
When Apple's OS X 10.8 Mountain Lion launches this summer, it will feature the new Gatekeeper security system which requires that apps be certified through the Developer ID program to ensure seamless installation.
Gatekeeper is a new anti-malware feature that, according to Apple, will filter out malicious third-party applications and prevent OS X users from "unknowingly downloading and installing malicious software." To that end, the system implements a hierarchy of security that is based on digital certificates embedded in a software's code.
At its highest securty setting, Gatekeeper will only allow the installation of content from the Mac App Store, however the default setting also allows for third-party downloads from "identified developers" or those code writers who have signed up with the Digital ID program.
Gatekeeper works by verifying digital signatures that are generated by the Developer ID program after Apple checks the validity of an app and can be inserted into a program's code with Xcode 4.3.
By using the free Digital ID system, Mac developers can distribute their wares outside of the Mac App Store, and subsequently pass through Gatekeeper's security protocols.
Quote:
Mac OS X users will soon have the option of turning on Gatekeeper, a new Mac OS X security feature. When a user does this, the system provides an additional measure of safety: it blocks that user from opening newly-downloaded applications that are not Developer ID–signed. In this scenario, the same user is easily able to launch downloaded applications that are Developer ID–signed.
Mac OS X users will soon have the option of turning on Gatekeeper, a new Mac OS X security feature. When a user does this, the system provides an additional measure of safety: it blocks that user from opening newly-downloaded applications that are not Developer ID–signed. In this scenario, the same user is easily able to launch downloaded applications that are Developer ID–signed.
With Gatekeeper and Developer ID, Apple is looking to stop the growing number of Mac-targeted malware.
For users, the system is nearly invisible as warning messages only appear when an unsigned app attempts installation.
[ View article on AppleInsider ]
Comments
A fully curated environment on the desktop?
Seems like a bit of a solution in search of a problem, to me. I've not encountered malware or a virus on any of my Macs in at least 15 years.
I don't even care for the $99 a year fee for developers. Seems to discourage development of freeware and OSSW, if you ask me. What good are computers if we can't even tinker with them if we want?
It will be interesting to see how this evolves.
Hmm . . .
A fully curated environment on the desktop?
Seems like a bit of a solution in search of a problem, to me. I've not encountered malware or a virus on any of my Macs in at least 15 years.
It?s called nipping the problem in the bud
I don't even care for the $99 a year fee for developers. Seems to discourage development of freeware and OSSW, if you ask me. What good are computers if we can't even tinker with them if we want?
Most serious developers pay for the support. There is still a free membership and Xcode is still free
Don't get me wrong. I have no problem with transparency and accountability. I just don't care for a totally locked down environment. A fully curated environment seems more sensible with the iPhone, and possibly with non-phone iOS devices. But for the Mac? Sorry I need more flexibility.
It will be interesting to see how this evolves.
This is not a mandatory system. Nobody is locking down the OS - you can still install whatever you want and that is not going to change. Apple has said as much.
I don't even care for the $99 a year fee for developers. Seems to discourage development of freeware and OSSW, if you ask me. What good are computers if we can't even tinker with them if we want?
From the article… "by using the free Digital ID system"…
And in the (undoubtedly vain) hope that people will stop talking about a "fully curated" Mac OSX environment, I'm going to put this here: http://en.wikipedia.org/wiki/Slippery_slope
Hmm . . .
A fully curated environment on the desktop?
Seems like a bit of a solution in search of a problem, to me. I've not encountered malware or a virus on any of my Macs in at least 15 years.
I don't follow how it's searching for a problem? Sounds to me like they are being proactive instead of reactive and meeting devs halfway by allowing signed apps that aren't controlled by the App Store.
You have to consider most 'PC' users aren't very computer literate so having some sort of barrier to protect them will make them more comfortable. This may even drive more sales if users feel more secure with installing 3rd-party apps.
I don't even care for the $99 a year fee for developers. Seems to discourage development of freeware and OSSW, if you ask me. What good are computers if we can't even tinker with them if we want?
Is the $99 only for using Apple's App Stores and for getting access to Betas, not for signing up for a free account and getting the latest stable builds of Xcode?
It’s called nipping the problem in the bud
Most serious developers pay for the support. There is still a free membership and Xcode is still free
This is not a mandatory system. Nobody is locking down the OS - you can still install whatever you want and that is not going to change. Apple has said as much.
Nipping in the bud is good.
Correct me if I'm wrong, but the "free" membership is simply pro forma. There is no benefit to it. Having a free membership does not allow you to distribute even very valuable and useful software via the Mac Store.
Not mandatory, that's good. But with the default set to "signed software only" I doubt the average Joe will be downloading unsigned software. This is fine, but what incentive will developers who have made quality software available free to all have to continue their generous practice when they have to pay $100 every year? Especially when most people will be afraid to download it?
I also very much appreciate that people with the knowledge or desire have the option of disabling Gatekeeper and toying with whatever they please. -- Everyone's happy!
From the article… "by using the free Digital ID system"…
And in the (undoubtedly vain) hope that people will stop talking about a "fully curated" Mac OSX environment, I'm going to put this here: http://en.wikipedia.org/wiki/Slippery_slope
Free with your $100/year membership, no?
As I have said, it's fine for people who develop commercial software. But it seems like a bit of a thumb in the eye for freeware developers to have to pay $100/year (if that's the case, as it seems to me.)
[As an example, I for many years enjoyed a little freeware application called Tea Time, which was a simple timer done tastefully, with restraint, and made freely available by the author. Unfortunately with the advent of the developer program, he could only make it available for $1. I hope he's made some money off it, but I also think it's a shame he can no longer justify offering it for free.]
Correct me if I'm wrong, but the "free" membership is simply pro forma. There is no benefit to it. Having a free membership does not allow you to distribute even very valuable and useful software via the Mac Store.
The whole point is "the average Joe" doesn't know if they're downloading signed or unsigned software. This will prevent unsigned software from running. Did you even read the article?
The single, solitary benefit of the FREE ID is that people know your software is safe. No Mac App Store. Nothing else. It's FREE. Why should Apple also give you payment processing and hosting? That's what their 30% cut (plus the $100/year) is for.
That's why any developer who ISN'T distributing malware will just get a free ID.
EDIT: Hm. This seems different than how it was described previously. I am wrong. I guess it is for Mac Developer Program members only, after all.
Hmm . . .
A fully curated environment on the desktop?
Seems like a bit of a solution in search of a problem, to me. I've not encountered malware or a virus on any of my Macs in at least 15 years.
I don't even care for the $99 a year fee for developers. Seems to discourage development of freeware and OSSW, if you ask me. What good are computers if we can't even tinker with them if we want?
Every single statement in your post is incorrect. But hey, I guess that's the definition of concern-trolling.
[As an example, I for many years enjoyed a little freeware application called Tea Time, which was a simple timer done tastefully, with restraint, and made freely available by the author. Unfortunately with the advent of the developer program, he could only make it available for $1. I hope he's made some money off it, but I also think it's a shame he can no longer justify offering it for free.]
He chose to make it available for 99¢. There was nothing preventing him from distributing his app as he had done before.
As you should be well aware you can sign up for FREE and then distribute your Mac apps through the entire world without Apple taking a cent.
The whole point is "the average Joe" doesn't know if they're downloading signed or unsigned software. This will prevent unsigned software from running. Did you even read the article?
The single, solitary benefit of the FREE ID is that people know your software is safe. No Mac App Store. Nothing else. It's FREE. Why should Apple also give you payment processing and hosting? That's what their 30% cut (plus the $100/year) is for.
That's why any developer who ISN'T distributing malware will just get a free ID.
The key is *I have read the article* and *I have read the developer program agreements.*
But *I don't think you have.*
Show me a link that indicates there is a free developer membership that includes software certification and I'll stop saying otherwise. Freeware developers get 30% of nothing but still have to pay $99/year. Perhaps many of them are very altruistic and are happy to pay the $99 every year (more power to them!) but I think it's an unfortunate disincentive.
BTW, if you have a "free" Mac Developer ID and Password, you can verify what I am saying here:
https://developer.apple.com/programs...tribution.html
He chose to make it available for 99¢. There was nothing preventing him from distributing his app as he had done before.
As you should be well aware you can sign up for FREE and then distribute your Mac apps through the entire world without Apple taking a cent.
Of course he can. But as you are well aware, he can't offer it for free in the Mac App Store unless he pays $99 every year.
https://developer.apple.com/programs...tribution.html
There are no successful real-world Mac Internet viruses (although in the labs and on LAN there have been some ineffective concepts that, in some strict technical sense, were viruses—for past versions of OS X, nothing current that I’m aware of).
There ARE Trojans for every platform—a Trojan is simply a lie and no platform can be completely safe, although Apple has gone impressively far in the direction of 100% safety! Already we have FAR fewer Trojans than Windows or Android, and for that we may be very happy. We can be further happy that things are about to get even better!
And we can have our cake and eat it too! No past method of writing/distributing software has been removed. No doors have closed. If you quake in terror that now it will be EASIER by default to install safe software than unsafe software, rest easy: checking the box to allow unsafe software is far easier than opening the disk image and installing the software. Anyone who can’t figure out how to do the former (which the developer can explain in one sentence before the download) will not make it through the latter anyway. And those folks need all the protection they can get!
Best of all, by default, Mountain Lion does allow non-App-Store apps—apps that nobody has ever had to review. That’s maximum freedom with minimum penalty: no cost to developers, no limits for users. Yet when a Trojan pops up, if signed as Mountain Lion expects (by default) Apple can kill it remotely. The ultimate compromise—and those who don’t like it are one click away from the Wild West they’re used to!
The key is *I have read the article* and *I have read the developer program agreements.*
But *I don't think you have.*
Show me a link that indicates there is a free developer membership that includes software certification and I'll stop saying otherwise. Freeware developers get 30% of nothing but still have to pay $99/year. Perhaps many of them are very altruistic and are happy to pay the $99 every year (more power to them!) but I think it's an unfortunate disincentive.
BTW, if you have a "free" Mac Developer ID and Password, you can verify what I am saying here:
https://developer.apple.com/programs...tribution.html
Dont move the goal posts. You stated:
Hmm . . .
A fully curated environment on the desktop?
Seems like a bit of a solution in search of a problem, to me. I've not encountered malware or a virus on any of my Macs in at least 15 years."
Yet there is an open any Mac owner can choose so all apps are installable. Even if they pick on of the other two options a simple keyboard command will bypass it when installig.
You also stated:
I don't even care for the $99 a year fee for developers. Seems to discourage development of freeware and OSSW, if you ask me. What good are computers if we can't even tinker with them if we want?
Yet it's been proven to you that you do not need to pay anything in order to create your app in Xcode and then distribute via the web.
You also made an irrational jump to say that a developer who is now in the Mac App Store (assuming you meant Tea Timer) was forced to go there and charge for the app because Apple forced "curation" on him. That also isn't true. It sounds like you are the only looking for a problem in Apple's solution.
Of course he can. But as you are well aware, he can't offer it for free in the Mac App Store unless he pays $99 every year.
https://developer.apple.com/programs...tribution.html
And you're ignoring that he doesn't have to use the Mac App Store, because....?
Every single statement in your post is incorrect. But hey, I guess that's the definition of concern-trolling.
Actually, No.
Only one of my statements is incorrect.
"A fully curated environment on the desktop?"
It's not a fully curated environment. (At least not yet, but it seems as though it could effectively lead to one.)
Everything else is correct.
The article mentions the "growing number of Mac-targeted viruses,? but then links to an article which correctly doesn?t mention viruses at all!
There are no successful real-world Mac Internet viruses (although in the labs and on LAN there have been some ineffective concepts that, in some strict technical sense, were viruses?for past versions of OS X, nothing current that I?m aware of).
There ARE Trojans for every platform?a Trojan is simply a lie and no platform can be completely safe, although Apple has gone impressively far in the direction of 100% safety! Already we have FAR fewer Trojans than Windows or Android, and for that we may be very happy. We can be further happy that things are about to get even better!
And we can have our cake and eat it too! No past method of writing/distributing software has been removed. No doors have closed. If you quake in terror that now it will be EASIER by default to install safe software than unsafe software, rest easy: checking the box to allow unsafe software is far easier than opening the disk image and installing the software. Anyone who can?t figure out how to do the former (which the developer can explain in one sentence before the download) will not make it through the latter anyway. And those folks need all the protection they can get!
Best of all, by default, Mountain Lion does allow non-App-Store apps?apps that nobody has ever had to review. That?s maximum freedom with minimum penalty: no cost to developers, no limits for users. Yet when a Trojan pops up, if signed as Mountain Lion expects (by default) Apple can kill it remotely. The ultimate compromise?and those who don?t like it are one click away from the Wild West they?re used to!
I didn't even get to that (too many uninformed wackos splashing fecal material on me from low places) but yes. As I said, I've not encountered a Mac virus in at least 15 years.