Apple urges developers to get Developer IDs ahead of Gatekeeper launch

Posted:
in macOS edited January 2014
With the expected summer release of OS X Mountain Lion just a few months away, Apple on Monday sent out a mass email to Mac developers urging them to apply for a Developer ID in preparation for the new operating system's Gatekeeper security system.

The email says that while the Mac App Store is the safest place for users to download software for their computers, the company is concerned about protection from possibly malicious applications obtained through unmonitored channels. To block these unwanted programs from making their way onto users' Macs, Apple has created the Gatekeeper security system which will be running behind the scenes in the next-generation OS X Mountain Lion.

With Gatekeeper, software can only be installed if it is digitally signed by a vetted developer who has been assigned a Developer ID. The system allows for verified applications, plug-ins and installer packages to be installed while blocking those that are unsigned, thus lowering the possibility of running malware.

Gatekeeper will allow users to select from three security levels. At its highest setting, the system will only allow the installation of applications from the Mac App Store, much like the current settings for iOS apps. The default setting will loosen restrictions and let users install software that has been digitally signed with a Developer ID regardless of its origin, while the lowest setting basically allows for the installation of any application.

Developer ID


While not a full-fledged anti-virus program, it is hoped that Gatekeeper will help thwart future malicious software like the recent Flashback trojan which harvested user IDs, passwords and other sensitive information from over 600,000 Macs worldwide.

Apple is pushing Mac Developer Program members to apply for their free-of-charge Developer IDs so that their respective software offerings will be ready when Gatekeeper launches with Mountain Lion this summer. Monday's email is the second such invitation to developers, the first being issued in February.
«1

Comments

  • Reply 1 of 29


    Boycott Gatekeeper!!


     


     

  • Reply 2 of 29
    mstonemstone Posts: 11,510member


     


    Quote:

    Originally Posted by AppleInsider View Post



    Gatekeeper will allow users to select from three security levels. At its highest setting, the system will only allow the installation of applications from the Mac App Store, much like the current settings for iOS apps. The default setting will loosen restrictions and let users install software that has been digitally signed with a Developer ID regardless of its origin, while the lowest setting basically allows for the installation of any application.


    I wonder how this affects legacy software already running on the machine. Assuming you might want to reinstall something older, I hope you can allow it on a case by case basis. Also how do you suppose it works when installing things like PHP, Python, Ruby, MySql, Apache or other open source Unix applications that are not created with Xcode or by Apple developers?

  • Reply 3 of 29
    myapplelovemyapplelove Posts: 1,515member


    Apple's in their heyday of ui design inspiration...


     


    bf8c511a_MSE.x-ms-bmp

  • Reply 4 of 29


    Gatekeeper is an extension of the quarantine process Apple already uses on downloaded apps.  All apps that have already passed the quarantine prior to installing ML will pass Gatekeeper.  Also, as a manual way around Gatekeeper you can just remove the com.apple.quarantine extended attribute and the app will launch.


     

  • Reply 5 of 29
    ch2coch2co Posts: 41member


    "Apple's in their heyday of ui design inspiration..."


     


    What? Microsoft is clearly protecting their windows, and Apple is protecting its gates. Its VERY different, thus the difference in the castle towers. lol


     

  • Reply 6 of 29
    ljocampoljocampo Posts: 657member


     


    Quote:

    Originally Posted by bottleworks View Post


    Boycott Gatekeeper!!


     


     



     


    Why in the world would I want to boycott Gatekeeper! Sounds like something we should have had years ago. But maybe you are just trolling. If so, I fed you now go away.

  • Reply 7 of 29
    tallest skiltallest skil Posts: 43,388member

    Quote:

    Originally Posted by bottleworks View Post

    Boycott Gatekeeper!!


     


    Enjoy going bankrupt.

  • Reply 8 of 29
    ljocampoljocampo Posts: 657member


     


    Quote:

    Originally Posted by mstone View Post


     


    I wonder how this affects legacy software already running on the machine. Assuming you might want to reinstall something older, I hope you can allow it on a case by case basis. Also how do you suppose it works when installing things like PHP, Python, Ruby, MySql, Apache or other open source Unix applications that are not created with Xcode or by Apple developers?



     


    Didn't you bother to read the article or did you miss where it said that Gatekeeper will have 3 levels of security. Level 3 or the lowest security level allows you to put anything on your Mac.

  • Reply 9 of 29
    diddydiddy Posts: 282member


     


    Quote:

    Originally Posted by ljocampo View Post


     


     


    Didn't you bother to read the article or did you miss where it said that Gatekeeper will have 3 levels of security. Level 3 or the lowest security level allows you to put anything on your Mac.



     


     




    He was most likely referring to users running non signed apps under gatekeeper after an upgrade (pre-gatekeeper).  My understanding is that everything you have before gets grandfathered in.

  • Reply 10 of 29
    bikertwinbikertwin Posts: 566member


    So Adobe & Microsoft software, not being sold through the Mac App Store, won't qualify for Level 1? Hmmmm.

  • Reply 11 of 29
    technotechno Posts: 737member


    I foresee a lot of billable hours installing apps for people who are too afraid to.

  • Reply 12 of 29
    newbeenewbee Posts: 2,055member


     


    Quote:

    Originally Posted by mstone View Post


     


    I wonder how this affects legacy software already running on the machine. Assuming you might want to reinstall something older, I hope you can allow it on a case by case basis. Also how do you suppose it works when installing things like PHP, Python, Ruby, MySql, Apache or other open source Unix applications that are not created with Xcode or by Apple developers?



     


    As I read the article, it says ...."Gatekeeper will allow users to select from three security levels. At its highest setting, the system will only allow the installation of applications from the Mac App Store, much like the current settings for iOS apps. The default setting will loosen restrictions and let users install software that has been digitally signed with a Developer ID regardless of its origin, while the lowest setting basically allows for the installation of any application."

  • Reply 13 of 29
    macbook promacbook pro Posts: 1,605member


     


    Quote:

    Originally Posted by mstone View Post


     


    I wonder how this affects legacy software already running on the machine. Assuming you might want to reinstall something older, I hope you can allow it on a case by case basis. Also how do you suppose it works when installing things like PHP, Python, Ruby, MySql, Apache or other open source Unix applications that are not created with Xcode or by Apple developers?



     


    There is no impact whatsoever.


     


    If you want to install something that isn't available in the Mac App Store or hasn't been updated to include the Developer ID you can simply go to System Preferences>Security>General and set the system to "Allow applications downloaded from: Anywhere."  Once an application is installed there are no issues.  Additionally, there are no issues with "installing things like PHP, Python, Ruby, MySql, Apache or other open source Unix applications that are not created with Xcode or by Apple developers" if the security setting is set to "Allow applications downloaded from: Anywhere."  This isn't an issue initially when downloading such applications nor when updating such applications.  In fact, there isn't an issue if you download an application from a developer who doesn't use a Developer ID then change the setting to "Allow applications downloaded from: Mac App Store" then attempt to update the application.


     


    Gatekeeper truly is an outstanding solution to a serious issue.  As we have seen from the iOS App Store, the reduction in malware is incredible.  In fact, I hope that Apple implements Gatekeeper on iOS as well.  Gatekeeper for iOS would solve an entirely different problem, the perceived problem with the "walled garden."  Imagine, the control and customization of jailbreaking without the associated effort or (minimal) risk!  If Apple does this we would truly find out who the trolls are because Google Android-based smartphones would have absolutely no advantage whatsoever.  Of course, we already know who the trolls are though.


     


    The "great advantage" of Google Android-based smartphones is their control and customization yet all Android proponents talk about the difficulty of jailbreaking.  The difficulty with customizing whether jailbreaking or otherwise is knowing what you want to do and determining how to do what you want but jailbreaking is too difficult?

  • Reply 14 of 29
    mstonemstone Posts: 11,510member


    Apparently I did not state my questions clearly enough since I got basically the same response several times none of which answered my question and yes I read the article. Basically what I would like to know is do I have to go to the settings panel and disable the gatekeeper app then go back and install a non signed app and then go back to the settings and turn it back on? What happens to the app when I try to run it if gatekeeper is turned on again? I was thinking it would be a lot better if it just did what it already does and reminds me that an app was downloaded from the Internet and not from a signed source or the Mac App Store then asks if I want to run it anyway and then put it into the known applications list so it doesn't complain about it again.


     


    And just taking someone's word about 'make' ./configure rpm srcs and the like, are not going to be affected is just pure speculation unless there is some trusted definitive documentation. 

  • Reply 15 of 29


     


    Quote:

    Originally Posted by mstone View Post


    Apparently I did not state my questions clearly enough since I got basically the same response several times none of which answered my question and yes I read the article. Basically what I would like to know is do I have to go to the settings panel and disable the gatekeeper app then go back and install a non signed app and then go back to the settings and turn it back on? What happens to the app when I try to run it if gatekeeper is turned on again? I was thinking it would be a lot better if it just did what it already does and reminds me that an app was downloaded from the Internet and not from a signed source or the Mac App Store then asks if I want to run it anyway and then put it into the known applications list so it doesn't complain about it again.


     


    And just taking someone's word about 'make' ./configure rpm srcs and the like, are not going to be affected is just pure speculation unless there is some trusted definitive documentation. 



     


    Perhaps you missed my post.  Gatekeeper uses the current quarantine mechanic where downloaded apps are marked with an extended attribute of com.apple.quarantine.  You can see this by using the -@ switch with the ls command. All you need to do to get around this is run sudo xattr -d com.apple.quarantine AppName.  No need to change the gatekeeper level.  

  • Reply 16 of 29
    mstonemstone Posts: 11,510member


     


    Quote:

    Originally Posted by Mr Beardsley View Post


     


     


    Perhaps you missed my post.  Gatekeeper uses the current quarantine mechanic where downloaded apps are marked with an extended attribute of com.apple.quarantine.  You can see this by using the -@ switch with the ls command. All you need to do to get around this is run sudo xattr -d com.apple.quarantine AppName.  No need to change the gatekeeper level.  



     


    Got it thanks,


     


    I saw your post but I did not know the bash command. Thanks for the update.

  • Reply 17 of 29


     


    Quote:

    Originally Posted by techno View Post


    I foresee a lot of billable hours installing apps for people who are too afraid to.



     


    Probably less billable hours than people currently spend fixing windows machines that have been riddled with viruses, keystroke trackers, trojans and everything else in the world.

  • Reply 18 of 29
    doh123doh123 Posts: 323member


     


    Quote:

    Originally Posted by ljocampo View Post


     


     


    Didn't you bother to read the article or did you miss where it said that Gatekeeper will have 3 levels of security. Level 3 or the lowest security level allows you to put anything on your Mac.



    level 3 = disabled :-P


     


    Quote:

    Originally Posted by MacBook Pro View Post


    Gatekeeper truly is an outstanding solution to a serious issue.  As we have seen from the iOS App Store, the reduction in malware is incredible.  In fact, I hope that Apple implements Gatekeeper on iOS as well.  Gatekeeper for iOS would solve an entirely different problem, the perceived problem with the "walled garden."  Imagine, the control and customization of jailbreaking without the associated effort or (minimal) risk!  If Apple does this we would truly find out who the trolls are because Google Android-based smartphones would have absolutely no advantage whatsoever.  Of course, we already know who the trolls are though.


     


    The "great advantage" of Google Android-based smartphones is their control and customization yet all Android proponents talk about the difficulty of jailbreaking.  The difficulty with customizing whether jailbreaking or otherwise is knowing what you want to do and determining how to do what you want but jailbreaking is too difficult?



     


    While its.. ok... I still think its the first step... in a few more versions some of the "levels" might vanish.  They really want to set it to let App Store apps only, but they know they would end up losing a lot of users.


     


    Quote:

    Originally Posted by mstone View Post


    Apparently I did not state my questions clearly enough since I got basically the same response several times none of which answered my question and yes I read the article. Basically what I would like to know is do I have to go to the settings panel and disable the gatekeeper app then go back and install a non signed app and then go back to the settings and turn it back on? What happens to the app when I try to run it if gatekeeper is turned on again? I was thinking it would be a lot better if it just did what it already does and reminds me that an app was downloaded from the Internet and not from a signed source or the Mac App Store then asks if I want to run it anyway and then put it into the known applications list so it doesn't complain about it again.



     


    you do not have to do anything that complicated.  If you right-click the app and select to open it, it will give you a warning but you can click to allow the app.  You do not need to change your global setting.  I think it should pop up on the main warning and let you by pass it with a big warning... but its not that hard to tell people about right clicking and selecting Open.

  • Reply 19 of 29
    ktappektappe Posts: 823member


    What about AppleScripts? If I save an AppleScript as an uneditable executable, isn't that effectively an app? Sure I know about com.apple.quarantine xattr, but how does it work in this case? I don't know of a way (short of using AppleScript Objective C) to sign an AppleScript, so doesn't any script I create & try to distribute fail the Gatekeeper test when the com.apple.quarantine bit gets set upon the recipient downloading it? So Gatekeeper is the effective end of AppleScript distribution unless one either packages it in ASOC or distributes it in editable text form, right?

     

  • Reply 20 of 29
    slurpyslurpy Posts: 5,382member


     


    Quote:

    Originally Posted by bottleworks View Post


    Boycott Gatekeeper!!


     


     



     


    Good luck with that. I'm sure Apple will feel the financial pain you and maybe 6 others in the world will inflict upon it. 

Sign In or Register to comment.