Panic Software has a long post explaining code signing and Apple’s new Gatekeeper feature in OS X Mountain Lion. Gatekeeper provides a way for developers to digitally sign their applications, verifying their origin, and for those signatures to be revoked so that the applications cannot run any longer if they are shown to be compromised by malware. Users can decide for themselves whether they want to let their Mac run any application or only applications which have been signed. (Or only applications from the App Store, although I think you’d have to be crazy to do that.) What I find particularly interesting about this is that Apple had decided last year to implement much more draconian rules that would essentially force developers into the App Store by making that the only way that developers could distribute signed applications. Wil Shipley beseeched Apple to take another course and allow developers to sign apps themselves. Here’s the recommendation he made last November:
My suggestion is for Apple to provide certificates directly to developers and allow the developers to sign their own code. And, by doing this, Apple can then reasonably say, “Ok, now we’re going to, by default, not allow the user to run any code whose certificate wasn’t issued by us and signed by a real third-party developer (except the stuff the user checks in the control panel).”
Apple then has the power, if any app is found to be malware, to shut it down remotely, immediately. This is a power Apple doesn’t have now over malware, and that won’t come from more sandboxing or more code audits. I have shown the only way to achieve it is to require developers to sign their code with a certificate from Apple.
At the time, I read the post, linked to it, and thought that it made too much sense for Apple to do it. I was pleasantly surprised to see Apple take that advice.
Update: Nelson Minar reminds us that features like Gatekeeper require users to put a lot of trust in the gatekeeper. I think one reason people are happy about Gatekeeper is that it’s such a retreat from Apple’s previous untenable position.
Daniel Jalkut’s post on Gatekeeper is also worth reading. Gatekeeper is important because it’s a step back from Apple’s previous decision to essentially force developers to distribute their apps via the App Store. That was problematic because App Store apps will be required to operate within a very limited Sandbox. Daniel Jalkut argues that the next step for Apple should take is to greatly increase the rights granted to apps in the Sandbox. Even though Apple has climbed back from its stance that would force developers into the App Store (and Sandbox), it is still making some new features of the OS available only to apps that are distributed through the App Store, so it’s important that the Sandbox be flexible enough to satisfy as many independent developers as possible.
Leave a Reply