GateKeeper’s Technology Isn’t Really New… But Its Control Over Developers Is



Mountain Lion’s GateKeeper feature is designed to improve Mac security by harnessing the power of the Mac App Store and through a new developer program in which Apple will offer Developer IDs to members of its Mac Developer Program. Those IDs will let developers digitally sign their applications so that Mountain Lion Macs can verify an app’s authenticity and security before running it.

While this may seem like a new approach and an extension of the Mac App Store model, it’s actually based on technology that has been part of OS X since the release of Leopard.

Leopard introduced the concept of application code signing. Code signing allows developers to apply a cryptographic digital signature to their apps. That allows a Mac to verify that the application has been modified each time that it’s run. Leopard , Snow Leopard, and Lion have all used code signing in some major ways.

Alerting user if an application has been modified (damaged or infected) when the user launches
Making the OS X application firewall more secure by allowing or denying connections based on the application and its digital signature in addition to the network ports it attempts to use when connecting to the Internet
Controlling access to applications via Parental Controls (or Managed Preferences in education/business setting)

Until now, code signing has been a feature that developers could choose to implement or not implement. Apple didn’t make code signing a requirement or offer incentives to use it outside of the Mac App Store. If unsigned apps are run on a Mac with Leopard, Snow Leopard, or Lion installed, the Mac will simply create a digital signature and sign them the first time they’re used.

Mountain Lion, on the other hand, gives developers a big incentive because not using code signing and not being part of the Developer ID program will likely lower sales for apps not sold through the Mac App Store. That puts Mac developers on a shorter leash and incentives membership in Apple’s Mac Developer Program. It also makes it much easier for consumers to ensure the integrity of apps and security of their Macs.

  • ??nD ??os??A

    I know this sounds harsh to people that make a living writing code for Macs, but in 5 years we will look back at the idea of downloading a random piece of executable code from the internet and actually running it as a ridiculous “What the hell were we thinking” idea. 
    Look at the Path problem with the contacts list in iOS….not imagine that I could download a piece of code to my Mac that not only uploads my contacts but every file on my Mac. The days of shareware are over. There are just too many malware people with bad intentions out there, and the barrier to write highly intrusive code is very low. Don’t hate me, but the App Store Only mentality is great for security. The 30% cut to Apple is not great, but that’s how you get a $500 stock price…you monetize, monetize, monetize.

  • WVMikeP

    The 30% cut is a fair price to pay for what you get in return.  For one, not having to do your own transaction processing and accounting for each state’s different approach to sales tax is pretty big.  Another is bandwidth, especially if your app is large.

  • CGJack

    I like the idea of GateKeeper. I think it will be great for developers of freeware and open source projects, just so long as getting a ‘Developer ID’ is free. It will show the Mac world that their software is completely legitimate. Not only that, but it protects users from the malware and viruses that could potentially find their way onto OS X.

  • Darren Swanson

    If there were a dislike button, I would press it. Allowing a single entity like Apple to control what I can and cannot install on my machine is simply too Orwellian for me. Do not let companies think that there is serious consumer interest for this. Please. It’s just too horrible for me to bear! 

  • Kelvin Smith

    That’s John Appleseed? I was expecting more GQish

  • ??nD ??os??A

    Here is a good example of why GateKeeper is a good thing:

    People that want to run random code from unknown sources should be on Linux. I love Linux for tinkering and building stuff. But for my day-to-day get-shit-done-reliably computer, I want OS X, I want it to integrate seamlessly with my phone and my tablet and I want it to be as secure as it can be.