OS X Mountain Lion Limits Apps to Mac App Store, Signed Apps by Default

One of the significant new features in OS X Mountain Lion is Gatekeeper, a new security system to help keep users from installing nefarious applications on their machines.

The new system relies not only on Mac App Store distribution as means of vetting apps, but also on a new "identified developer" program under which developers distributing their applications outside of the Mac App Store can register with Apple and receive a personalized certificate they can use to sign their applications. Apple can then use that system to track developers and disable their certificates if malicious activity is detected.

gatekeeper preferences
As Macworld notes in its review of Gatekeeper, OS X Mountain Lion's default setting will be to only allow initial launching of apps either downloaded from the Mac App Store or which are digitally signed under Apple's identified developer program. Users will be able to access Gatekeeper's settings in the Security & Privacy section of System Preferences, where they will also be able to choose from an even stricter setting that will allow for installation of Mac App Store apps only or a looser setting that will allow all applications to be installed and launched.

Located in the General tab of the Security & Privacy preference pane is a setting called “Allow applications downloaded from,” with three options:

Anywhere: This choice uses the same set of rules as every previous version of Mac OS X. If an app isn’t known malware and you approve it, it opens.

Mac App Store: When this choice is selected, any apps not downloaded from the Mac App Store will be rejected when you try to launch them.

Mac App Store and identified developers: This is the new default setting in Mountain Lion. In addition to Mac App Store apps, it also allows any third-party apps that have been signed by an identified developer to run.

For users on the default setting, they can bypass the initial Gatekeeper check the first time they launch an unsigned third-party app by right clicking on the app itself and choosing the "Open" command. Once the application has been opened one time, Gatekeeper no longer has any control over it.

As for apps that are signed by an identified developer, Macworld notes that OS X Mountain Lion will perform a daily check with Apple's servers for blacklisted developer signatures, and if an app from a blacklisted developer is installed on the user's system it will not open.

Importantly, Apple's identified developer program does not involve any sort of vetting on Apple's part, as certificates are automatically issued upon request and can be freely used by the developers. But what the program does do is provide a way for Apple to link specific developers to specific apps and use Gatekeeper to revoke application functionality should a developer be discovered to be distributing malware.

Popular Stories

iOS 18

Here Are Apple's Full Release Notes for iOS 18.2

Thursday December 5, 2024 11:48 am PST by
Apple seeded the release candidate version of iOS 18.2 today, which means it's going to see a public launch imminently. Release candidates represent the final version of new software that will be provided to the public should no last minute bugs be found, and Apple includes release notes with the RC launch. The iOS 18.2 release notes provide a look at all of the new features that are coming...
New Things Your iPhone Can Do in iOS 18

20 New Things Your iPhone Can Do in iOS 18.2

Friday December 6, 2024 4:42 am PST by
Apple is set to release iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls...
iPhone 17 Slim Feature

iPhone 17 'Air' Expected to Be ~2mm Thinner Than iPhone 16 Pro

Friday December 6, 2024 4:07 pm PST by
In 2025, Apple is planning to debut a thinner version of the iPhone that will be sold alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. This iPhone 17 "Air" will be about two millimeters thinner than the current iPhone 16 Pro, according to Bloomberg's Mark Gurman. The iPhone 16 Pro is 8.25mm thick, so an iPhone 17 that is 2mm thinner would come in at around 6.25mm. At 6.25mm,...
iPhone 14 Pro Display Two Times Brighter Feature

Every Display Upgrade Rumored for Apple's iPhone 17

Friday December 6, 2024 5:14 am PST by
Apple's next-generation iPhone 17 lineup may bring some of the most significant display improvements we've seen in recent years. While the iPhone 17 series isn't expected until late 2025, multiple rumors suggest Apple is working on substantial screen upgrades across its entire smartphone range. From enhanced refresh rates to advanced materials and improved power efficiency, these display...
airpods pro 2 gradient

AirPods Pro 3 Expected Next Year: Here's What We Know

Thursday November 28, 2024 3:30 am PST by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as...
iCloud General Feature

Apple Defeats Lawsuit Related to iCloud's Measly 5GB of Free Storage

Friday December 6, 2024 7:43 am PST by
The U.S. Court of Appeals for the Ninth Circuit this week upheld a lower court's dismissal of a lawsuit alleging that Apple illegally deceived customers into paying for iCloud storage, according to a court filing. The decision was reported by Law360. The lawsuit alleged that Apple deceived customers into purchasing iCloud-enabled devices by misleading customers into believing that they can...
surface studio 4

Microsoft Discontinues iMac Rival Surface Studio 2+

Friday December 6, 2024 6:30 am PST by
Microsoft has discontinued its Surface Studio 2+, marking the end of the company's only direct competitor to Apple's iMac, leaving a gap in the Windows ecosystem for high-end all-in-one PCs. Microsoft has confirmed to Windows Central that it has ended production of the Surface Studio 2+, a premium all-in-one desktop designed for creative professionals. With remaining stock now limited to...
open ai logo

OpenAI Launches $200/Month ChatGPT Pro Plan

Thursday December 5, 2024 4:19 pm PST by
OpenAI today announced the launch of ChatGPT Pro, a $200 per month subscription service that provides unlimited access to OpenAI o1, the company's newest and most advanced large language model. The plan includes unlimited use of OpenAI o1, o1-mini, GPT-4o, and Advanced Voice, along with o1 pro mode, an o1 version that uses more compute to provide better answers to the hardest problems. In...

Top Rated Comments

KingJosh Avatar
167 months ago
Why do some people take half the facts and cry?
Score: 32 Votes (Like | Disagree)
GenesisST Avatar
167 months ago
Well we all knew this was coming. After Mountain Lion we'll have to jailbreak to run apps from outside the App Store.

No we won't. You just need to turn down the setting to allow all apps.
Score: 22 Votes (Like | Disagree)
ppilone Avatar
167 months ago
I knew I shouldn't have looked at this thread... immediately full of "Goodbye OS X" posts.

Gatekeeper really does seem like an intelligent approach to security in OS X. If anything, I think it re-affirms that OS X will not be Mac App Store only for the foreseeable future. Apple is giving developers an opportunity to play nice, without all the headache and restrictions placed on distributing through the Mac App Store.

Gatekeeper, IMHO, feels like a "we get it - it's not iOS" from Apple. In fact, I'm hoping for Gatekeeper to show up in iOS 6.
Score: 18 Votes (Like | Disagree)
GenesisST Avatar
167 months ago
Why do some people take half the facts and cry?

Complaining is fun! :D
Score: 16 Votes (Like | Disagree)
dethmaShine Avatar
167 months ago
Image (http://obamapacman.com/wp-content/uploads/2011/02/Bill-Gates-Big-Brother-Apple-1984.jpg)
********.

You may wanna go and check the Gatekeeper developer meaning again.

As much as a geek I am, I am probably gonna run the OS in Mac App Store only Gatekeeper mode and revert to Anywhere when I need to install some stuff on the web.

This is the best Apple can do for the very vast number of users. Caters to us geeks, caters to normal people and caters to those who don't know the **** they are doing.

This is unbelievably awesome.


Well we all knew this was coming. After Mountain Lion we'll have to jailbreak to run apps from outside the App Store.
On the contrary, this is evidence that Apple is NOT going to close the Mac. Things cannot be much more obvious for those who really wish to see without bias and hatred.

Short story for those interested:
Just a couple of days back, one of my friends referred to this concept in general and I was so blown away (shame I couldn't figure out myself). This also prevented Apple from changing the underlying UNIX system to an extent where they would revoke installation permissions from the user or admin or even the super-user. Maybe an additional private kernel model only used for app installations.

This is absolutely surreal. Best ****in feature ever. People don't realise this but this makes me believe that Apple is running for the geeks too. Long live Apple.
Score: 13 Votes (Like | Disagree)
deputy_doofy Avatar
167 months ago
Yes, in Mountain Lion. But I was saying that Apple will silently phase that out in the next release.

I will remain an optimist for now. In some respects, I like the GateKeeper concept. However, if Apple removes (or hides) the "anywhere" feature in 10.9 or higher, I will re-think my OS of choice (but *still* won't consider Windows). When malware can get onto my machine and install like machine-gun fire (this is on a corporate network with "enterprise-level" anti-malware software) when I don't even have admin access myself to install anything, MS will never have my business. I guess I'll revisit (and learn) Linux at that point.
Score: 10 Votes (Like | Disagree)