You just have to move the .app bundle into another directory, if it is bundled with other files. If it is the only item in that ZIP archive, then this will not affect it. Basically, the mechanism just wants to make sure that nothing that is bundled with it could be compromised. Developers can use signed disk images to avoid this entirely.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
macOS 10.12 Gatekeeper discussion
- Thread starter maflynn
- Start date
- Sort by reaction score
You just have to move the .app bundle into another directory, if it is bundled with other files. If it is the only item in that ZIP archive, then this will not affect it. Basically, the mechanism just wants to make sure that nothing that is bundled with it could be compromised. Developers can use signed disk images to avoid this entirely.
It does seem like this is bringing MacOS one step closer to iOS limitations. I suspect at some point Apple will have 1 OS and it will be more like the walled garden of iOS. Never thought I'd have to jailbreak a Mac but that may be on the horizon.
[doublepost=1466687805][/doublepost]
[doublepost=1466687805][/doublepost]
I really don't think this is about security, anymore than I think SIP/rootless is about security. This is trying to lock people into the ecosystem. But I think in the long run this could backfire. I may be in the minority but I have no intention of upgrading-away my ability to control my machine.
What would your suggestion be in solving the malicious bundle injection problem?
What control has been taken away from you? Can’t be System Integrity Protection or Gatekeeper, as both can be turned off.
Gatekeeper in Sierra has not removed the ability to run any apps you could run before. Speculation about what may be in future versions is exactly that, speculation.
For me nothing has changed. I still have the Anywhere option in System Preference and also can launch APP files from DMG images.
Before upgrading from El Capitan it was already set to Anywhere, also SIP was disabled and both stayed that way. Maybe that's the cause.
Does SIP even have anything to do with it?
Before upgrading from El Capitan it was already set to Anywhere, also SIP was disabled and both stayed that way. Maybe that's the cause.
Does SIP even have anything to do with it?
I agree. It's not like it's a huge barrier to entry. If you really want to write/distribute malware code signing does nothing to stop you - anyone can acquire a cert and sign their code, good, bad or ugly. (Obviously they cannot put their malware in the App Store. At least I hope they can't)
True, but once malware starts to spread, Apple can revoke the cert and deal with it without fear of widespread infection. If my developer of a piece of software is so lazy they can't get a cert from Apple, I don't want their software anyway. Transmission showed how a vulnerability was stopped dead in its tracks because they were signed by Apple. Otherwise the problem would have been much much worse.
Yes, true. It does do something to let Apple shutdown nasties but, honestly, by the time that happens a lot of damage may be done.
Edit, just to clarify my position. I'm all for Gatekeeper in its present form.
Agree to beefing up gatekeeper to protect non-technical users from themselves.
If Apple ever does wall-in MacOS, they'll lose a big chunk of their following if we can't find a way around it.
I have several apps that don't conform with Apple's code of conduct that I wouldn't live without. At least 2 of them only also reside on *shudder* windows. (otherwise, I'd be back to Linux)
Really, REALLY never want to have to make that (Linux) my preferred OS at home again - just a waste of time.
If Apple ever does wall-in MacOS, they'll lose a big chunk of their following if we can't find a way around it.
I have several apps that don't conform with Apple's code of conduct that I wouldn't live without. At least 2 of them only also reside on *shudder* windows. (otherwise, I'd be back to Linux)
Really, REALLY never want to have to make that (Linux) my preferred OS at home again - just a waste of time.
Last edited:
I agree. It's not like it's a huge barrier to entry. If you really want to write/distribute malware code signing does nothing to stop you - anyone can acquire a cert and sign their code, good, bad or ugly. (Obviously they cannot put their malware in the App Store. At least I hope they can't
It seems to me that removing the "Anyone" choice, Apple is making the choice for users. Why not just inform users that there 'COULD' be malware and let them decide if they want to run the risk? I resent Apple's paternalistic attitude that they know ALL circumstances and ALL situations where I might send or receive files. (MHO)...
But they haven’t removed the option to run any code whatsoever. Signed/Unsigned/App Store/Non-App Store. You simply right/option click and choose Open. If someone is not capable of doing that then they are, in the balance (imo) being protected more than they will ever be harmed by that.