GateKeeper’s Technology Isn’t Really New… But Its Control Over Developers Is

By

devID

Mountain Lion’s GateKeeper feature is designed to improve Mac security by harnessing the power of the Mac App Store and through a new developer program in which Apple will offer Developer IDs to members of its Mac Developer Program. Those IDs will let developers digitally sign their applications so that Mountain Lion Macs can verify an app’s authenticity and security before running it.

While this may seem like a new approach and an extension of the Mac App Store model, it’s actually based on technology that has been part of OS X since the release of Leopard.

Leopard introduced the concept of application code signing. Code signing allows developers to apply a cryptographic digital signature to their apps. That allows a Mac to verify that the application has been modified each time that it’s run. Leopard , Snow Leopard, and Lion have all used code signing in some major ways.

Alerting user if an application has been modified (damaged or infected) when the user launches
Making the OS X application firewall more secure by allowing or denying connections based on the application and its digital signature in addition to the network ports it attempts to use when connecting to the Internet
Controlling access to applications via Parental Controls (or Managed Preferences in education/business setting)

Until now, code signing has been a feature that developers could choose to implement or not implement. Apple didn’t make code signing a requirement or offer incentives to use it outside of the Mac App Store. If unsigned apps are run on a Mac with Leopard, Snow Leopard, or Lion installed, the Mac will simply create a digital signature and sign them the first time they’re used.

Mountain Lion, on the other hand, gives developers a big incentive because not using code signing and not being part of the Developer ID program will likely lower sales for apps not sold through the Mac App Store. That puts Mac developers on a shorter leash and incentives membership in Apple’s Mac Developer Program. It also makes it much easier for consumers to ensure the integrity of apps and security of their Macs.