Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Gatekeeper - Apple getting ready to phase out 'install apps from anywhere'?

Brien

Brien

macrumors 68040
Original poster
Aug 11, 2008
3,827
1,404
Noticed that every computer I've updated to 10.10 has reset the setting for Gatekeeper to only allow signed apps. In addition, it looks like in Yosemite this setting reverts to the default after 30 days (so you will have to continually change it back to Anywhere).

Anyone else see the writing on the wall? Seems like Apple is easing us into signed apps only (especially with all of the kernel, kext, and UNIX security/signing stuff that was added in Yosemite).

Just my thought of the day.
 
K

KALLT

macrumors 603
Sep 23, 2008
5,380
3,415
Brien said:
Noticed that every computer I've updated to 10.10 has reset the setting for Gatekeeper to only allow signed apps. In addition, it looks like in Yosemite this setting reverts to the default after 30 days (so you will have to continually change it back to Anywhere).

Anyone else see the writing on the wall? Seems like Apple is easing us into signed apps only (especially with all of the kernel, kext, and UNIX security/signing stuff that was added in Yosemite).

Just my thought of the day.
Click to expand...

It wouldn’t surprise me that much. To be honest, I never understood why developers wouldn’t want to get a certificate from Apple. The pricing is obviously a barrier, but not having a certificate can be a deterrent. I think twice before I install any uncertified app now.

However, I absolutely dislike automatic resets of my preferences. I hope you’re wrong. I don’t want Apple to switch on/off settings I have purposefully turned on/off.
 
simonsi

simonsi

Contributor
Jan 3, 2014
4,851
735
Auckland
Mine stayed at "Mac App Store and Identified Developers" over the upgrade, obviously a fresh install will reset it to default. I haven't been on Yosemite 30days yet so can't comment on the time based reset though.
 
ABC5S

ABC5S

Suspended
Sep 10, 2013
3,395
1,646
Florida
Brien said:
Noticed that every computer I've updated to 10.10 has reset the setting for Gatekeeper to only allow signed apps. In addition, it looks like in Yosemite this setting reverts to the default after 30 days (so you will have to continually change it back to Anywhere).

Anyone else see the writing on the wall? Seems like Apple is easing us into signed apps only (especially with all of the kernel, kext, and UNIX security/signing stuff that was added in Yosemite).

Just my thought of the day.
Click to expand...

Not Mine yet but not yet 30 days...
 

Attachments

  • Screen Shot 2014-11-12 at 10.42.51 PM.png
    Screen Shot 2014-11-12 at 10.42.51 PM.png
    73.7 KB · Views: 348
M

Manic Harmonic

macrumors 6502
Dec 4, 2011
299
1
If it does reset after 30 days, you could at probably lock the plist to keep OS X from writing to it. I really hope they don't do this... for the sole reason that it's my computer and I should be able to install whatever I want. I use quite a few apps that are from "unrecognized developers."

I agree that there's not much of a reason not to sign your apps.

What would be really terrible is if they only allowed you to install apps from the App Store.
 
D

dsemf

macrumors 6502
Jul 26, 2014
441
114
I have it set to the middle option. I do have use an application that gets updated once a month, so when I run that, it displays the non-developer error. I just go to System Preferences >> Security and Privacy and click on the Run Anyway button. Authenticate and all done.

DS
 
K

KoolAid-Drink

macrumors 68000
Sep 18, 2013
1,859
947
USA
It'll be a month for me on 11/27, so I'll report then. For those who installed Yosemite on launch day (10/16), please check and confirm by 11/16 or 11/17 to see whether or not the setting has been reset.

Mine's set to 'Anywhere.'
 
Alphabetize

Alphabetize

macrumors 6502
Oct 6, 2013
452
48
I've had Yosemite for a long time and the Gatekeeper setting has never changed. I set it to "Anywhere" and it's stayed that way since.
 
K

KALLT

macrumors 603
Sep 23, 2008
5,380
3,415
Manic Harmonic said:
What would be really terrible is if they only allowed you to install apps from the App Store.
Click to expand...

I would leave OS X behind immediately. The App Store is far too strict at this point. I’ve observed a little exodus away from the App Store lately. Big apps like Coda, previously on the App Store, are no longer there. Apps like 1Password and Scrivener have reported discrepancies and maintain two separate versions just because of the App Store limitations. The Unarchiver, one of the evergreens in the top-ten list, is now broken because of the App Store. I would never allow Apple to impose the App Store upon me.
 
F

freeskier93

macrumors 6502
Jul 13, 2008
321
68
Absolutely not going to happen, it would kill OS X. It would make OS X unusable in some way for virtually every user. Way too many apps that aren't certified and never can/will be certified.
 
bmac89

bmac89

macrumors 65816
Aug 3, 2014
1,388
468
Are you sure it is actually re-setting the system preference after 30 days. Maybe it occurred when you updated something such as beta 10.10.1 ?

On a slightly separate note - I don't like the way Apple is locking everything down - especially soldering hardware components such as RAM. There is no reason other than forcing the user to upgrade the whole computer.
 
simonsi

simonsi

Contributor
Jan 3, 2014
4,851
735
Auckland
If the 30-day reset becomes standard I think it is just Apple keeping slightly ahead in the security stakes, its becoming more common generally to open permissions temporarily rather than permanently, this makes any device in consumer-land more secure vs a once-open-then-forgotton model.

It wouldn't be to onerous, even if you were installing new unsigned apps daily it would be a monthly chore to reset it, if that dissuades the OS X platform from attracting malware writers then that seems reasonable price to pay. I really can't see Apple wanting to completely lock down the installer to only MAS Apps.
 
L

leman

macrumors Core
Oct 14, 2008
19,516
19,661
I have used Yosemite since DP2 and my settings are still the way I have set them in Mavericks.

In addition, I have absolutely no problem with signing becoming more mandatory — provided that Apple starts giving certificates for free.
 
C

chanwbkenneth

macrumors newbie
Oct 1, 2014
6
0
I think they should just set default as "Mac App Store and identified developer", since a developer will know how to enable installation from elsewhere without disabling the whole thing totally.
 
Fishrrman

Fishrrman

macrumors Penryn
Feb 20, 2009
29,233
13,301
OP wrote above:
[[ Noticed that every computer I've updated to 10.10 has reset the setting for Gatekeeper to only allow signed apps. In addition, it looks like in Yosemite this setting reverts to the default after 30 days (so you will have to continually change it back to Anywhere). ]]

Is there a .plist file for Gatekeeper?

Would it be possible to:
1. Set Gatekeeper to allow apps from anywhere
2. Lock the Gatekeeper .plist (or .plists)
???

And -- having done so -- Gatekeeper could not "revert back"?
 
xgman

xgman

macrumors 603
Aug 6, 2007
5,697
1,425
Fishrrman said:
OP wrote above:
[[ Noticed that every computer I've updated to 10.10 has reset the setting for Gatekeeper to only allow signed apps. In addition, it looks like in Yosemite this setting reverts to the default after 30 days (so you will have to continually change it back to Anywhere). ]]

Is there a .plist file for Gatekeeper?

Would it be possible to:
1. Set Gatekeeper to allow apps from anywhere
2. Lock the Gatekeeper .plist (or .plists)
???

And -- having done so -- Gatekeeper could not "revert back"?
Click to expand...

or something . . . . Apple sure gives the term "control freak" new meaning.
 
S

SolarShane

macrumors 6502
Mar 7, 2014
302
0
"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesperson told iMore. "We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website."

Note the bold parts and how Apple includes OS X "first." That's a very subtle way of telling average customers to only download from the App Store.


Closing OS X has been a slow process and is what will lose me to Windows and possibly Ubuntu if Elgato ports it's software to Linux.
 
Partron22

Partron22

macrumors 68030
Apr 13, 2011
2,655
808
Yes
If I write an App myself, and try to run it on my own Mac is it potentially malicious? What if I try to port it to my wife's machine over the wi-fi?

A totally closed garden approach is a nice fantasy for consumers too ignorant to protect themselves, but it'd drive away content creators in droves.
 
B

Badagri

macrumors 6502a
Aug 9, 2012
500
78
UK
Partron22 said:
A totally closed garden approach is a nice fantasy for consumers too ignorant to protect themselves, but it'd drive away content creators in droves.
Click to expand...

Todays world. Ignorance rules. :( Big brush everything because of ignorance. Or I should say, big brush everything is because it's easy to deal with due to ignorance.
 
B

Badagri

macrumors 6502a
Aug 9, 2012
500
78
UK
It still comes up with the warning but cannot run it unless you select anywhere for first run of that app.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom