Can you distribute Mac software over the internet without signing it, thereby avoiding Developer ID and notarization entirely? Technically, currently, yes, although Apple has indicated that a future version of macOS may not allow unsigned code to run at all. Some people claim that Mac users can “just right click” to run unsigned software. But what does that mean exactly? Let’s look at the user experience, in a series of screenshots. For illustration, I created an unsigned application, “MyGreatApp”, uploaded it to my server, and then downloaded the app with Safari on macOS 10.15.6, the latest public version of the Mac operating system. (The experience is essentially the same on the beta version of macOS Big Sur, except the new iOS style alerts look even worse.) Here’s what you see when you try to open the app normally (double click) in Finder.
[…]As a Mac developer, it’s nearly impossible to run a viable software business when this is the first-run experience of new customers. You’ll never get any new customers! This is why every Mac developer I know signs up for Developer ID and ships only signed, notarized apps. It would be financial suicide to do otherwise. Technically, the option is there to “just right click”, but practically it’s not a viable distribution option for Mac developers. From a business perspective, there’s no avoiding the Gatekeeper.
For all intents and purposes, Macs and macOS are already entirely locked down and can only run software approved by Apple. macOS Big Sur on ARM Macs will make the rules even stricter – while ARM Macs can still run unsigned Intel code in the way described above, you can’t run unsigned code compiled for Apple Silicon.
The screws are being tightened little by little, and just as I predicted and warned way back in 2010 with the introduction of the Mac App Store (and then again in 2011 with the introduction of sandboxing, and then again in 2012 with the introduction of Gatekeeper), we’re very close to a total lockdown of macOS, thereby completing turning the Mac into iOS – appliances you do not control and do not own. You pay a hefty sum for the mere privilege of borrowing your iOS or Mac appliance, but you don’t actually buy them.
Microsoft Windows is more open than the leading Unix OS by marketshare.
Go and tell that to a person 25 years back.
BTW I do believe that some form of whitelisting (aka signing) is necessary, considering that there is no way to identify 100% of malware. The problem is that signing is granted via private contracts on the OS vendor’s terms.
Windows is not too far behind. If you download an app, it would be blocked by default, and the user needs to go thru some scary dialog boxes.
Even the PowerShell scripts I wrote were blocked. Back in time, when I first tried them, they would not work when double-clicked on the explorer. It turns out I had to run an admin command to enable running those.
Windows will prompt when you try to run something that is unsigned. However Microsoft doesn’t control who can sign an application. Apple requires that programs be signed with a certificate provided by them. On windows it is only necessary to obtain a certificate from a CA.
The ability to tax all commercial software makes apple & microsoft executive’s eyes light up. Both companies want to be middle men charging the same fees. To be fair the main version of windows isn’t closed yet, but microsoft keeps testing the waters with more restrictions. Over time they wear people down and more of their anti-features stick. In the apple camp the transition is nearing completion. If the article is right, the new macos is no longer an open platform. To me it’s absolutely tragic that the industry is coming to this. For all the naysayers who said new ARM macs wouldn’t be any more restricted, can you please finally call out apple on this crap? That $6000 entry level x86 mac pro may well be the last apple mac pc where you can still technically get through the hoops.
Full disclosure: I am a software developer who stands to loose a significant part of my salary should these 30% fees become the norm on computers. Think about that. These companies will make their next trillions off the backs of millions of developers without doing anything to earn it other than applying coercive market control tactics. They don’t deserve your sympathy!
Part of the problem in my mind is: malware/virusses, etc. The incentive for companies on that side is also: don’t allow installing untrusted/3rd party programs.
Lennie,
It’s a problem when that’s used as an excuse to take away rights. In apple’s case, making it difficult to avoid their 30% fee is the end goal by whatever means necessary. However if it wasn’t their goal, we would be seeing more innovation with tools designed to inform and empower owners. Like making it easy to identify all code signatures on the system and in process monitor, identifying where the software was downloaded from and enabling owners to trusting software based on the publisher’s HTTPS certificates. Making it possible for companies to install their own policies to further protect their networks (just because the software was published in an “app store” doesn’t imply it’s trustworthy). Instead of a “move to trash” feature designed to harm apple’s competitors, users might get a “run in isolation” feature that gives owners the tools they need to run software securely.
I’m just running ideas off the cuff here, I’m sure we could come up with tons of ideas. But apple is too fixated on it’s 30% fees to do deliver a product to serve owner’s needs rather than it’s own. That’s what makes this so disappointing, macos is getting dumbed down like ios. Training wheels have a place, but for gods sake that’s for children, not professionals.
Edit: I don’t mean to direct any criticism your way, I think your views are quite reasonable, I’m just frustrated with the movement against owner freedoms in general.
Welcome to the future, everything is rented: https://www.youtube.com/watch?v=aJ6SbvrjxZA
“You pay a hefty sum for the mere privilege of borrowing your iOS or Mac appliance, but you don’t actually buy them.” – this is scary. I never owned a Mac and only use Windows at work (and it fits the purpose).
I enjoy having full control of what software is running, what and when to install patches, and (if needed) to inspect the source code I that is running on my computer. I started using Linux in ’95, and am used to being in control, with the responsibility and knowledge that comes with that.
The article says you can still ad-hoc sign an app (basically just leave out the developer identity) and it will run on Apple Silicon. So for all intents and purposes it’s not any more locked down than it is currently.
Please note the current state of Mac software is that it needs notarization. This is completely different from needing permission to be in the Store, because there are no content or distribution requirements beyond not being malware. Sandboxing is only required for App Store apps. None of this is changing.
I agree the situation on iOS is a catastrophe. That’s one of the reasons I don’t use it. But on Mac things are not even remotely comparable.
Moochman,
At least it doesn’t say “move to trash” as a default action, good grief apple’s piling it on thick with that crap. But honestly, in your heart, do you really believe that these changes in macos provide a viable path for professional software outside of apple’s store? And for how long?
The macOS app store is still by far the less popular way of installing apps – in fact I can’t think of a single major developer (outside of Apple itself) that actually uses it – and even a lot (most?) indie developers offer a way to purchase outside of the app store, in addition to the app store, often with more features in the non-app-store version to boot. The macOS app store, in other words, never really took off. As long as this is the status quo, then the answer to your question remains “yes”.
Moochman,
Not for nothing, but I’ve personally struggled to install sideloaded applications on a mac because of this UI nonsense. I had to get help from someone who knew how to get around it and that was before these new changes. If you find that acceptable then I guess we’ll have to disagree. I don’t have any confidence whatsoever that apple isn’t going to continue making it harder for independent shops in the next decade. I think it’s naive to not see the writing on the wall, but I guess that’s just me.
TBH, I’m used to it, for the occasion once in a blue moon that I need to deal with it. And I’ve been doing it “the hard way” all this time (via System Preferences -> Security and Privacy) – I had no idea it was as “easy” as just right-clicking.
It’s been like this for years now (as Thom mentioned in his summary, Gatekeeper was introduced in 2012) and despite Thom’s constant warning all this time, nothing has really changed. So no, I’m not particularly concerned ATM.
Moochman,
That’s not true though, you’re not able to disable the gatekeeper anymore. You have to go through this bullshit UI every time where it’s easy to accidentally move your program to trash because they made that the default action. I’d respect you a whole lot more if you admitted this was regressive because we both know that it is, and I know that you’d be lying to say that it isn’t.
Of course we can “get used to” just about any regressive policies, One can get used to a regressive dictator too, but that doesn’t mean we should excuse it. Many people are apathetic, but unfortunately when they don’t call it out, it only begets more abuse.
Alfman,
From the article:
He tested on the current version of macOS, Catalina – and as he says in Big Sur it’s the same. In fact the behavior has remained more of less the same since the introduction of Gatekeeper. Up until Sierra (v10.12, released in 2016), there was an option to install from “Anywhere” (disabled by default), after that it was possible to show the option via a terminal command: https://talk.automators.fm/t/catalina-refusing-app-installation-and-how-to-trick-it/5237 . In all of these versions (unbeknownst to me), right-clicking was an option.
Starting with Mojave (v10.14, released in 2018) they actually made allowing unsigned apps slightly more visible, with a new UI in the Security and Privacy preference pane to individually allow applications to open. This has remained the status quo until now and continues in version 11 Big Sur, including on Apple Silicon.
So there is no “regression”, at least not since 2016 with the release of Sierra. This article is not “news” but rather an observation of the long-term status quo.
I’m starting to get pretty tired of having to debunk this kind of misinformation, TBH. I am as annoyed by some of Apple’s practices as anyone else, but I am equally annoyed when people try to spread FUD that’s not based in fact.
Moochman,
The “Move to trash” is not FUD, that is apple’s BS and they deserve to be called out on it.
Regarding your assertion that it will still be possible to disable gatekeeper and make this UI nonsense go away, I cannot test that personally right now and will have to take your word on it, They deserve critisism over making it hard to find even for professionals. And if it comes to it, I hope you will speak out against apple removing all options to disable gatekeeper rather than making excuses for them, agreed?
Agreed, if they change policies to make circumvention impossible I would for sure get pretty pissed.
“You pay a hefty sum for the mere privilege of borrowing your iOS or Mac appliance, but you don’t actually buy them.”
It’s time to stop acting surprised Thom. There is a clear industry-driven trend to make everything a “license” that you “use” for a disclosed or (here is the kicker) undisclosed amount of time. What are customers going to do, stop having things? Remember back when we owned DVDs of movies and games? No internet required. Remember when thermostats and home-automation systems, even internet-enabled ones, worked by setting up a server in your home internet connection (using UPnP port-forwarding) and not by relying on the servers of a company like Nest that could be shut-down anytime (after the usual unapologetic announcement obviously)?
The only bit of computer kit you really own these days is Windows PCs and Android phones with unlocked bootloaders. Oh, and movies and music you have pirated and hence are in DRM-free formats in your harddrive. Everything else is “licensed”, because the software they require to run is “licensed”. Apple wants a system they own all the rights (such as the right to make UX changes without asking) but no responsibilities (such as caring about the hardware and replacing it), so the current system of “licensing” the software but selling the hardware that relies on it completely is very good for them.
And if I may add, “just don’t but Apple” is not a good answer, because every company out there wants to copy the Apple model, from car manufacturers to Smart TV manufacturers. The business model I mentioned above (aka: “license” the software but sell the hardware that depends on said software completely) is very good from a business perspective and there is no regulation to stop businesses from going with it. What are customers going to do? What are YOU going to do? Stop buying TVs? Buy a non-Smart TV? Good luck finding one that isn’t total junk. And even if you find one today, good luck repeating the experiment 5 years from now. Same for cars with “infotainment” systems that come with EULAs. This goes far beyond Apple products. Game over.
kurkosdr,
+1
They always try to make it someone else’s problem. Don’t mind the elephant in the room.
Just IMO but if we had a society or government that was not masochistically tied to letting business run rough shod over them, this would be the role of government. Sadly I live in the US, and people here seem to enjoy having no consumer rights and protections, they will make ANY excuse for the businesses involved.
Hi OSnews community,
one question: how will this affect PWAs? As far as I understand the concept those applications aren’t signed normally, are they? Could Apple (or Microsoft) hinder those apps as well? Or charge their 30 % tax on them?
Mac OS X runs Chrome proper, so as long as Chrome is signed, which it is, no effect. iOS doesn’t run Chrome proper and doesn’t have PWAs.
For now.
I strongly suspect that as developers demand more and more native access for PWAs to the underlying platform, you’ll see the misuse of PWAs grow… and then that will be used as an excuse to go through the same process of locking down PWAs to approved vendors only, in stages. It’s a cycle that seems to repeat itself.
No (technical) reason to block it, unless it needs special permissions like filesystem access (which I think isn’t allowed right now, not even an API currently exists as far as I know).
And I feel a lot better about my Mac because of it. (Except for the giant loophole that is homebrew. I love using homebrew and having access to all the software it provides. But I have no idea how secure that software is. I generally stick to the well known dev tools but for all I know I’m pulling down someone’s corrupted version of those tools)
Oh the irony in a Mac requiring a right-click to run software
lol