OS X Mountain Lion Limits Apps to Mac App Store, Signed Apps by Default

by

One of the significant new features in OS X Mountain Lion is Gatekeeper, a new security system to help keep users from installing nefarious applications on their machines.

The new system relies not only on Mac App Store distribution as means of vetting apps, but also on a new "identified developer" program under which developers distributing their applications outside of the Mac App Store can register with Apple and receive a personalized certificate they can use to sign their applications. Apple can then use that system to track developers and disable their certificates if malicious activity is detected.

gatekeeper preferences
As Macworld notes in its review of Gatekeeper, OS X Mountain Lion's default setting will be to only allow initial launching of apps either downloaded from the Mac App Store or which are digitally signed under Apple's identified developer program. Users will be able to access Gatekeeper's settings in the Security & Privacy section of System Preferences, where they will also be able to choose from an even stricter setting that will allow for installation of Mac App Store apps only or a looser setting that will allow all applications to be installed and launched.

Located in the General tab of the Security & Privacy preference pane is a setting called “Allow applications downloaded from,” with three options:

Anywhere: This choice uses the same set of rules as every previous version of Mac OS X. If an app isn’t known malware and you approve it, it opens.

Mac App Store: When this choice is selected, any apps not downloaded from the Mac App Store will be rejected when you try to launch them.

Mac App Store and identified developers: This is the new default setting in Mountain Lion. In addition to Mac App Store apps, it also allows any third-party apps that have been signed by an identified developer to run.

For users on the default setting, they can bypass the initial Gatekeeper check the first time they launch an unsigned third-party app by right clicking on the app itself and choosing the "Open" command. Once the application has been opened one time, Gatekeeper no longer has any control over it.

As for apps that are signed by an identified developer, Macworld notes that OS X Mountain Lion will perform a daily check with Apple's servers for blacklisted developer signatures, and if an app from a blacklisted developer is installed on the user's system it will not open.

Importantly, Apple's identified developer program does not involve any sort of vetting on Apple's part, as certificates are automatically issued upon request and can be freely used by the developers. But what the program does do is provide a way for Apple to link specific developers to specific apps and use Gatekeeper to revoke application functionality should a developer be discovered to be distributing malware.

Popular Stories

maxresdefault

Five Features Coming to AirPods Pro 3

Friday June 27, 2025 10:52 am PDT by
Apple hasn't updated the AirPods Pro since 2022, and the earbuds are due for a refresh. We're counting on a new model this year, and we've seen several hints of new AirPods tucked away in Apple's code. Rumors suggest that Apple has some exciting new features planned that will make it worthwhile to upgrade to the latest model. Subscribe to the MacRumors YouTube channel for more videos. Heal...
Read Full Article57 comments
Chase Sapphire Reserve Apple Perk Feature

Chase Sapphire Reserve Card Introduces New Perk for Apple Customers

Wednesday June 25, 2025 2:08 pm PDT by
Chase this week announced a series of new perks for its premium Sapphire Reserve credit card, and one of them is for a pair of Apple services. Specifically, the credit card now offers complimentary annual subscriptions to Apple TV+ and Apple Music, a value of up to $250 per year. If you are already paying for Apple TV+ and/or Apple Music directly through Apple, those subscriptions will...
Read Full Article75 comments
anker power bank recall

PSA: Anker Recalls Multiple Power Banks Due to Fire Risk

Friday June 27, 2025 4:16 pm PDT by
Popular accessory maker Anker this month launched two separate recalls for its power banks, some of which may be a fire risk. The first recall affects Anker PowerCore 10000 Power Banks sold between June 1, 2016 and December 31, 2022 in the United States. Anker says that these power banks have a "potential issue" with the battery inside, which can lead to overheating, melting of plastic...
Read Full Article92 comments
iPhone Car Key WWDC 2025

Apple Announces 13 Automakers Planning to Offer iPhone Car Keys

Friday June 27, 2025 11:42 am PDT by
In 2020, Apple added a digital car key feature to its Wallet app, allowing users to lock, unlock, and start a compatible vehicle with an iPhone or Apple Watch. The feature is currently offered by select automakers, including Audi, BMW, Hyundai, Kia, Genesis, Mercedes-Benz, Volvo, and a handful of others, and it is set to expand further. During its WWDC 2025 keynote, Apple said that 13...
Read Full Article
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching in a Few Months With These 12 New Features

Thursday June 26, 2025 2:00 am PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are around three months away, and there are plenty of rumors about the devices. Apple is expected to launch the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max in September this year. Below, we recap key changes rumored for the iPhone 17 Pro models:Aluminum frame: iPhone 17 Pro models are rumored to have an...
Read Full Article21 comments
CarPlay Ultra Climate Controls

Here's Which Vehicle Brands Will and Won't Offer Apple's CarPlay Ultra

Friday June 27, 2025 9:52 am PDT by
Apple last month announced the launch of CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. There was news this week about which automakers will and won't offer CarPlay Ultra, and we have provided an updated list below. CarPlay Ultra is currently limited to newer Aston Martin vehicles in the U.S. and Canada. Fortunately, if you cannot...
Read Full Article137 comments
apple watch ultra 2 new black

Apple Watch Ultra 3 Finally Coming After Two-Year Hiatus

Tuesday June 24, 2025 3:40 am PDT by
Apple will finally deliver the Apple Watch Ultra 3 sometime this year, according to analyst Jeff Pu of GF Securities Hong Kong (via @jukanlosreve). The analyst expects both the Apple Watch Series 11 and Apple Watch Ultra 3 to arrive this year (likely alongside the new iPhone 17 lineup, if previous launches are anything to go by), according to his latest product roadmap shared with...
Read Full Article131 comments
macbook air spacegray purple

Apple Planning to Launch Low-Cost MacBook Powered By iPhone Chip

Monday June 30, 2025 3:20 am PDT by
Apple is planning to launch a low-cost MacBook powered by an iPhone chip, according to Apple analyst Ming-Chi Kuo. In an article published on X, Kuo explained that the device will feature a 13-inch display and the A18 Pro chip, making it the first Mac powered by an iPhone chip. The A18 Pro chip debuted in the iPhone 16 Pro last year. To date, all Apple silicon Macs have contained M-series...
Read Full Article228 comments
A18 Pro Chip

New MacBook With A18 Pro Chip Spotted in Apple Code

Monday June 30, 2025 8:05 am PDT by
Apple is developing a MacBook with the A18 Pro chip, according to findings in backend code uncovered by MacRumors. Earlier today, Apple analyst Ming-Chi Kuo reported that Apple is planning to launch a low-cost MacBook powered by an iPhone chip. The machine is expected to feature a 13-inch display, the A18 Pro chip, and color options that include silver, blue, pink, and yellow. MacRumors...
Read Full Article215 comments

Top Rated Comments

KingJosh Avatar
KingJosh
175 months ago
Why do some people take half the facts and cry?
Score: 32 Votes (Like | Disagree)
GenesisST Avatar
GenesisST
175 months ago
Well we all knew this was coming. After Mountain Lion we'll have to jailbreak to run apps from outside the App Store.

No we won't. You just need to turn down the setting to allow all apps.
Score: 22 Votes (Like | Disagree)
ppilone Avatar
ppilone
175 months ago
I knew I shouldn't have looked at this thread... immediately full of "Goodbye OS X" posts.

Gatekeeper really does seem like an intelligent approach to security in OS X. If anything, I think it re-affirms that OS X will not be Mac App Store only for the foreseeable future. Apple is giving developers an opportunity to play nice, without all the headache and restrictions placed on distributing through the Mac App Store.

Gatekeeper, IMHO, feels like a "we get it - it's not iOS" from Apple. In fact, I'm hoping for Gatekeeper to show up in iOS 6.
Score: 18 Votes (Like | Disagree)
GenesisST Avatar
GenesisST
175 months ago
Why do some people take half the facts and cry?

Complaining is fun! :D
Score: 16 Votes (Like | Disagree)
dethmaShine Avatar
dethmaShine
175 months ago
Image (http://obamapacman.com/wp-content/uploads/2011/02/Bill-Gates-Big-Brother-Apple-1984.jpg)
********.

You may wanna go and check the Gatekeeper developer meaning again.

As much as a geek I am, I am probably gonna run the OS in Mac App Store only Gatekeeper mode and revert to Anywhere when I need to install some stuff on the web.

This is the best Apple can do for the very vast number of users. Caters to us geeks, caters to normal people and caters to those who don't know the **** they are doing.

This is unbelievably awesome.


Well we all knew this was coming. After Mountain Lion we'll have to jailbreak to run apps from outside the App Store.
On the contrary, this is evidence that Apple is NOT going to close the Mac. Things cannot be much more obvious for those who really wish to see without bias and hatred.

Short story for those interested:
Just a couple of days back, one of my friends referred to this concept in general and I was so blown away (shame I couldn't figure out myself). This also prevented Apple from changing the underlying UNIX system to an extent where they would revoke installation permissions from the user or admin or even the super-user. Maybe an additional private kernel model only used for app installations.

This is absolutely surreal. Best ****in feature ever. People don't realise this but this makes me believe that Apple is running for the geeks too. Long live Apple.
Score: 13 Votes (Like | Disagree)
deputy_doofy Avatar
deputy_doofy
175 months ago
Yes, in Mountain Lion. But I was saying that Apple will silently phase that out in the next release.

I will remain an optimist for now. In some respects, I like the GateKeeper concept. However, if Apple removes (or hides) the "anywhere" feature in 10.9 or higher, I will re-think my OS of choice (but *still* won't consider Windows). When malware can get onto my machine and install like machine-gun fire (this is on a corporate network with "enterprise-level" anti-malware software) when I don't even have admin access myself to install anything, MS will never have my business. I guess I'll revisit (and learn) Linux at that point.
Score: 10 Votes (Like | Disagree)
Read All Comments