Apple Pushes Developers Towards Mountain Lion Gatekeeper

| News

Apple began stepping up its effort to get developers on board with Gatekeeper, the digital signature technology for Mountain Lion. The company sent out emails to registered developers with information about Gatekeeper and encouraging them to sign up for their own Gatekeeper Developer ID.

Gatekeeper Missive

Apple Email Message

Gatekeeper was announced as part of OS X 10.8 Mountain Lion on February 16th, and with it, users can limit the software that can be installed on their Macs to software released through the Mac App Store, which will be the default setting in the new OS. Users can also choose to allow software from other sources (CD, DVD, external storage, downloaded from the Internet, etc.).

For developers to have access to all users, therefore, they must sell their software through the Mac App Store and sign up for a Gatekeeper certificate, which is then attached to their software through Apple’s Developer ID.

While Gatekeeper was announced with Mountain Lion and has been a part of the developer preview program for the new OS, Monday’s email marks a beginning of Apple’s public campaign to get developers on board with the technology.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

10 Comments Leave Your Own

Bosco (Brad Hutchings)

I am probably the only developer who thinks the first compound sentence of that email is condescending as all hell, let alone incorrect. As a developer, if I post apps to my own website, and those apps are not malware, then my site and the apps are at least a safe as Apple’s App Store, regardless of whether my apps are signed or not.

It’s really frigging wonderful how Apple will wrap itself up in “safety” to justify and get 30%, then institute policy in software that, by default, favors it getting 30%. As a developer, if you’re not comfortable giving Apple 30% for its seal of safety approval, then you have to agree to give it a remote kill switch for your software and pay them $99 so they won’t totally badmouth you. It’s totally crappy.

I can guaran-friggin-tee that 1 year from now, there will be multiple social exploits against this stupid security system. Why? Because there tremendous incentive to find them. I’ll silently applaud whoever manages to show what a joke this approach is. Hopefully, I will be applauding a white-hat.

Ion_Quest

I’m with you Brad, but no longer with Apple.  This scheme reminds me of the Mob selling protection to small neighborhood businesses.  Of course now that Macs really DO get viruses, this will help justify Gatekeeper!

vpndev

Sorry Brad, I don’t see it as condescending at all. Apple isn’t forcing sales through the App Store, as it does with iOS.

And from what I have read, “App Store Only” is NOT the default. The default is App Store + registered developers.

So you have to pay Apple $99 but do you seriously expect me to believe that you’ve gone to the trouble of developing your own app and setting up a web store and yet you are NOT a registered developer? Seriously?

And it’s true that your own unsigned apps from your own web site are secure. But then you get turkeys like CNET that change the bundling and do who-knows-what-else with your app. Thank you but I’d rather have a signed app without toolbars and trojans.

Bosco (Brad Hutchings)

So you have to pay Apple $99 but do you seriously expect me to believe that you?ve gone to the trouble of developing your own app and setting up a web store and yet you are NOT a registered developer? Seriously?

Since I don’t expect you to know what you’re talking about here, I guess, no, I don’t seriously expect you to know of how a serious developer could avoid Apple altogether.

There are third party tools that build real Mac OS applications. My favorite is Real Studio, but there’s also Adobe AIR and numerous others. For the most part, there is no reason to access paid Apple developer resources for most of these developers. Signing up to be kill-switched is what $99 gets these developers. Or you can get bad-mouthed for free.

Here’s how I expect this to play out. Most developers will play along, willingly or grudgingly. But there will be enough developers with good enough products who will not play along that the kinds of people who won’t let non-kill-switched software onto their Macs will be the same morons who stand in the TSA line at the airport and appreciate what D-students in uniform are doing to protect our skies. I.e. people with no clue.

vpndev

Brad, if you want to rant about TSA there are lots of forums for that. This is not one.

Please dump your venom there as it does nothing to improve the discussions here.

Bosco (Brad Hutchings)

It’s the same security theater issue. You think this Gatekeeper thing is making you safer. It isn’t. All it will do is add costs, reduce convenience, and direct payoffs to Apple for a “faster line”.

If enough developers of good software refuse to pay the bribe, Apple will probably end up having made the security situation worse.

I think you can understand my and many other developers’ reluctance to give Apple 30% of my/our revenues. I think you should be able to understand my/our reluctance to pay Apple $100 to hold a kill switch on our software. If you think deeply enough about this, you might even worry as a user. What if Apple mistakenly throws the kill switch on mission critical software that you use? Are you ready for that? It will happen. This system is set up so that such events are unavoidable, especially in grey areas where we’re talking about useful software that Apple and the developer have different opinions on what acceptable behavior is.

Bryan Chaffin

I suspect that everything will end up working out just fine. In the event that I’m wrong, I suspect that corrective actions will occur and that everything will end up working just fine.

Which is not to say that concerned developers (in this case) or other observers shouldn’t criticize or complain?I just don’t see doom and gloom.

Keep in mind that I’m not at all happy about a future where Apple is the sole gatekeeper of Mac software, which is a possibility. It works for me on my smartphone, but not on my computer, as I have said in the past.

Despite this, I still suspect everything will end up working out just fine.

vpndev

I think you can understand my and many other developers? reluctance to give Apple 30% of my/our revenues. I think you should be able to understand my/our reluctance to pay Apple $100 to hold a kill switch on our software. If you think deeply enough about this, you might even worry as a user. What if Apple mistakenly throws the kill switch on mission critical software that you use? Are you ready for that? It will happen.

I understand your reluctance to give Apple 30%. For some developers it’s worth it, for others it’s not.

I’m not quite as convinced about the danger of the kill-switch. Think about what happens if your well-maintained website is compromised. For only $99 you have a kill-switch that will disable the compromised versions of your software that were placed there. For some developers that would be sweet relief.

Thinking about the accidental throwing of the kill-switch ... I think that developers would do well to provide both signed and unsigned versions of their apps. A user who is worried about the accidental disabling of mission-critical software should download both and also verify the checksums. Maybe the developer will have a signed app that verifies the validity of the unsigned ones.

Bosco (Brad Hutchings)

The kill switch is a wonderful product idea if it is truly optional. In context of the outcome Apple would like to see (i.e. all apps signed with its certs or in the MAS), it’s half way between a protection racket and extortion. Even worse is that it will not be effective.

I’m leaning in a couple of directions now. One is to just not sign at all and spend the $100 on my artist to draw me a cartoon of Tim Cook in a TSA uniform feeling some other guy’s crotch. I know, not subtle at all and totally in poor taste, must like this Gatekeeper scam. The other is to spend the $100 on an Apple cert and offer two versions of software, one signed and one unsigned. The signed version will be an extra $20, as a statement of how we must all share the costs of security theater. I’d probably spend an additional $100 on my artist for the above described cartoon just to drive the point home.

Bryan hits the main nail on the head. This isn’t gloom and doom, though it will probably be ineffective. The iOS App Store didn’t protect anyone from a myriad of previously unthought of privacy breaches. But we all know what the trend here is. We all know which bollocks Apple would like to lick when it can. The desire has zero to do with security and everything to do with monetization.

vpndev

Bryan hits the main nail on the head. ... The iOS App Store didn?t protect anyone from a myriad of previously unthought of privacy breaches.

Actually Brad, you hit the nail on the head. The iOS App Store didn’t stop these from happening, but it did shut them down once they were recognized.

And just how many viruses and trojans have there been in iOS App Store apps? I don’t have definitive data but my belief is that the number is zero.

I like zero.

Log-in to comment