What's changed in runtime protection for macOS Sequoia

Posted:
in macOS

In previous versions of macOS Gatekeeper, Control-click could be used as a launch override for running downloaded apps. Apple has now changed that.

In macOS, Gatekeeper is used to verify apps.
macOS Gatekeeper is used to validate macOS apps.



Under earlier versions of macOS, users could override Apple's Gatekeeper security to launch apps in the Finder by Control-clicking on them to launch them.

The override was only needed on an app's first run, but it's still annoying nonetheless to some users.

In macOS Sequoia, Apple has now removed this bypass. Apple quietly announced this change on its Developer News page in a brief two-paragraph statement.

What is Gatekeeper?



Apple added Gatekeeper and the Mac App Sandbox to macOS years back as a way to try to thwart malware. It ensures any app you download from the Mac App Store is authentic and has also been verified by Apple.

Around the same time, Apple also added Developer ID to certify non-App Store apps from registered Apple developers. It also brought in Notarization, in which developers can submit their apps to Apple for approval.

These four parts, along with System Integrity Protection (SIP), help keep Mac apps and files more secure at runtime.

You can set Gatekeeper and Developer ID settings in System Settings->Privacy & Security->Security by choosing whether to allow only App Store apps (Gatekeeper), or both Gatekeeper and Developer ID apps.

The Finder will respond differently to each app launch based on these settings.

It's also possible to bypass some of these security features by turning off SIP in the Terminal - but Apple doesn't recommend it.

Control-click override



Before macOS Sequoia, users could override the Gatekeeper warning in Finder by Control-clicking on an app when launching it. In Sequoia, Apple has now removed this bypass in another effort to secure or lockdown the Mac.

If you get a warning that an app is from an unknown developer, or that it needs to be moved to the Trash, first go to System Settings->Privacy & Security->Security and check for the Open Anyway button. You'll be prompted for an admin password to run the app.

Unverified macOS installer app.
A downloaded installer app which is outside of Gatekeeper verification.



As Michael Tsai noted on his blog, there's also still an annoying bug in Gatekeeper in Sequoia which may erroneously report an app as damaged, even when it's not, if the app has been notarized by Apple.

Apple removing the bypass may cause more annoyance for some Mac users, since doing so now requires a trip to System Settings on every app first run for non-Mac App Store apps. There's not much users can do about this other than disabling SIP, which again, Apple doesn't recommend.

Also, note that as this article mentions, third-party Mac developers have to add an extended attribute to their app download distributions (com.apple.quarantine) if the apps are distributed outside the Mac App Store. Although most developers will honor this requirement, it's still possible that some won't - leaving some downloads as a security risk which can bypass some of Apple's app security in some cases.

For a few other Sequoia Gatekeeper/SIP issues, see our previous article on how to run apps outside system security policies in macOS Sequoia.



Read on AppleInsider

Comments

  • Reply 1 of 6
    I am now getting warnings about STL files (for 3D printing).
    I used to preview files with finder easily now it's a PIA. 
    I have to go through the security settings just to view them.
    FaragokillroywilliamlondonNotSoMuch
  • Reply 2 of 6
    @iloveapplegear years ago on Bruce Scheier's blog a commenter wrote:

    "The TSA will not be happy until we fly naked and in chains."

    We have arrived at Apple's TSA moment.
    williamlondon
  • Reply 3 of 6
    Also, note that as this article mentions, third-party Mac developers have to add an extended attribute to their app download distributions (com.apple.quarantine) if the apps are distributed outside the Mac App Store. Although most developers will honor this requirement, it's still possible that some won't - leaving some downloads as a security risk which can bypass some of Apple's app security in some cases.

    I feel like this isn't as clear as it should be. It isn't up to the third-party developers to add an extended attribute to their app download distributions. It is up the third-party applications that offer download or unarchiving capabilities to ensure the attribute is properly applied, or remains applied, when downloading and unarchiving.  The security provided by Gatekeeper would be 100% useless if all developers were required to do something for it to work. Bad actors would simply not add the attribute at all.

    Apple removing the bypass may cause more annoyance for some Mac users, since doing so now requires a trip to System Settings on every app first run for non-Mac App Store apps. There's not much users can do about this other than disabling SIP, which again, Apple doesn't recommend.

    It would only be accurate if the device is set to only allow applications from the App Store.  If it is set for App Store & Known Developers, it will only appear for applications that haven't gone through the appropriate processes to notarize their applications.

    lotones
  • Reply 4 of 6
    … or you could open the Terminal and type “sudo xattr -cr”, drop the app on the window, press return, type your admin password and press return again. Boom, problem solved.
    williamlondonappleinsideruser
  • Reply 5 of 6
    Why does Apple have to decide what I download on my computer? Oh something to do with the App Store and Apple making money?
  • Reply 6 of 6
    that's disgusting.
Sign In or Register to comment.