OS X Mountain Lion Limits Apps to Mac App Store, Signed Apps by Default

One of the significant new features in OS X Mountain Lion is Gatekeeper, a new security system to help keep users from installing nefarious applications on their machines.

The new system relies not only on Mac App Store distribution as means of vetting apps, but also on a new "identified developer" program under which developers distributing their applications outside of the Mac App Store can register with Apple and receive a personalized certificate they can use to sign their applications. Apple can then use that system to track developers and disable their certificates if malicious activity is detected.


As Macworld notes in its review of Gatekeeper, OS X Mountain Lion's default setting will be to only allow initial launching of apps either downloaded from the Mac App Store or which are digitally signed under Apple's identified developer program. Users will be able to access Gatekeeper's settings in the Security & Privacy section of System Preferences, where they will also be able to choose from an even stricter setting that will allow for installation of Mac App Store apps only or a looser setting that will allow all applications to be installed and launched.

Located in the General tab of the Security & Privacy preference pane is a setting called “Allow applications downloaded from,” with three options:

Anywhere: This choice uses the same set of rules as every previous version of Mac OS X. If an app isn’t known malware and you approve it, it opens.

Mac App Store: When this choice is selected, any apps not downloaded from the Mac App Store will be rejected when you try to launch them.

Mac App Store and identified developers: This is the new default setting in Mountain Lion. In addition to Mac App Store apps, it also allows any third-party apps that have been signed by an identified developer to run.

For users on the default setting, they can bypass the initial Gatekeeper check the first time they launch an unsigned third-party app by right clicking on the app itself and choosing the "Open" command. Once the application has been opened one time, Gatekeeper no longer has any control over it.

As for apps that are signed by an identified developer, Macworld notes that OS X Mountain Lion will perform a daily check with Apple's servers for blacklisted developer signatures, and if an app from a blacklisted developer is installed on the user's system it will not open.

Importantly, Apple's identified developer program does not involve any sort of vetting on Apple's part, as certificates are automatically issued upon request and can be freely used by the developers. But what the program does do is provide a way for Apple to link specific developers to specific apps and use Gatekeeper to revoke application functionality should a developer be discovered to be distributing malware.

Top Rated Comments

(View all)
Avatar
112 months ago
Why do some people take half the facts and cry?
Score: 32 Votes (Like | Disagree)
Avatar
112 months ago

Well we all knew this was coming. After Mountain Lion we'll have to jailbreak to run apps from outside the App Store.


No we won't. You just need to turn down the setting to allow all apps.
Score: 22 Votes (Like | Disagree)
Avatar
112 months ago
I knew I shouldn't have looked at this thread... immediately full of "Goodbye OS X" posts.

Gatekeeper really does seem like an intelligent approach to security in OS X. If anything, I think it re-affirms that OS X will not be Mac App Store only for the foreseeable future. Apple is giving developers an opportunity to play nice, without all the headache and restrictions placed on distributing through the Mac App Store.

Gatekeeper, IMHO, feels like a "we get it - it's not iOS" from Apple. In fact, I'm hoping for Gatekeeper to show up in iOS 6.
Score: 18 Votes (Like | Disagree)
Avatar
112 months ago

Why do some people take half the facts and cry?


Complaining is fun! :D
Score: 16 Votes (Like | Disagree)
Avatar
112 months ago

Image (http://obamapacman.com/wp-content/uploads/2011/02/Bill-Gates-Big-Brother-Apple-1984.jpg)

********.

You may wanna go and check the Gatekeeper developer meaning again.

As much as a geek I am, I am probably gonna run the OS in Mac App Store only Gatekeeper mode and revert to Anywhere when I need to install some stuff on the web.

This is the best Apple can do for the very vast number of users. Caters to us geeks, caters to normal people and caters to those who don't know the **** they are doing.

This is unbelievably awesome.


Well we all knew this was coming. After Mountain Lion we'll have to jailbreak to run apps from outside the App Store.

On the contrary, this is evidence that Apple is NOT going to close the Mac. Things cannot be much more obvious for those who really wish to see without bias and hatred.

Short story for those interested:
Just a couple of days back, one of my friends referred to this concept in general and I was so blown away (shame I couldn't figure out myself). This also prevented Apple from changing the underlying UNIX system to an extent where they would revoke installation permissions from the user or admin or even the super-user. Maybe an additional private kernel model only used for app installations.

This is absolutely surreal. Best ****in feature ever. People don't realise this but this makes me believe that Apple is running for the geeks too. Long live Apple.
Score: 13 Votes (Like | Disagree)
Avatar
112 months ago

Yes, in Mountain Lion. But I was saying that Apple will silently phase that out in the next release.


I will remain an optimist for now. In some respects, I like the GateKeeper concept. However, if Apple removes (or hides) the "anywhere" feature in 10.9 or higher, I will re-think my OS of choice (but *still* won't consider Windows). When malware can get onto my machine and install like machine-gun fire (this is on a corporate network with "enterprise-level" anti-malware software) when I don't even have admin access myself to install anything, MS will never have my business. I guess I'll revisit (and learn) Linux at that point.
Score: 10 Votes (Like | Disagree)

Top Stories

iOS 14 Widgets Offer iPhone Users Creative Home Screen Ideas

Sunday September 20, 2020 8:43 pm PDT by
In iOS 14, Apple introduced ‌the concept of Home Screen‌ widgets, which provide information from apps at a glance. Widgets can be pinned to the Home Screen in various spots and sizes, allowing for many different layouts. Despite the relative lack of 3rd party widgets at launch, iOS users around the...

iPhone 12 Lineup Rumored to Be Named 'iPhone 12 mini,' 'iPhone 12,' 'iPhone 12 Pro,' and 'iPhone 12 Pro Max'

Monday September 21, 2020 5:24 am PDT by
Leaker known as "L0vetodream" has today shared the alleged naming for the upcoming iPhone 12 lineup on Twitter. The tweet proposes that the upcoming iPhone 12 models will be titled "iPhone 12 mini," "iPhone 12," "iPhone 12 Pro," and "iPhone 12 Pro Max." The names likely correspond to the three expected sizes of iPhone 12, with the 5.4-inch model being the iPhone 12 mini, the 6.7-inch model ...

Hands-On With the New Apple Watch Series 6 and Apple Watch SE

Friday September 18, 2020 1:19 pm PDT by
Today's the official launch date for the Apple Watch Series 6 and the Apple Watch SE, both of which Apple announced on Tuesday. We picked up a couple of the new models and thought we'd give them a quick look for MacRumors readers thinking of ordering a new watch. Apple Watch Series 6 & Apple Watch SE Hands-On! When it comes to design, both the $399 Series 6 and the $279 SE look just like...

iOS 14 Picture in Picture No Longer Working With YouTube's Mobile Website in Safari [Without Premium]

Friday September 18, 2020 12:21 pm PDT by
Apple in iOS 14 added Picture in Picture to the iPhone, a feature designed to let you watch a video in a small screen on your device while you continue to do other things on the phone. When Picture in Picture was working with YouTube The YouTube app doesn't support Picture in Picture, but up until yesterday there was a functional workaround that allowed videos from YouTube.com to be watched...

When Will the iPhone 12 Launch? Here's What We Know

Wednesday September 16, 2020 6:12 am PDT by
Yesterday's "Time Flies" Apple event saw the release of the Apple Watch Series 6, Apple Watch SE, iPad 8, and iPad Air 4, but no new iPhone models. Rumors before the event strongly alleged that it would not see the unveiling of new iPhones, with many reports pointing to an October launch. The lack of new iPhone models yesterday seems to confirm that the iPhone 12 lineup will not appear...

Here's How You Can Download iOS 14 and iPadOS 14 Around the World [It's Out]

Wednesday September 16, 2020 2:36 am PDT by
Apple's official public release of iOS 14 and iPadOS 14 dropped on Wednesday, September 16, just a day after the company released the Golden Master to third-party developers. Also set to be made available to the general public for the first time are watchOS 7 and tvOS 14. Getting Started With iOS 14 Video Click image to watch iOS 14 Getting Started While that's left a lot of developers...

AirPods Studio Rumored to Come With U1 Chip, Ultra-Wideband Said to Be Vital to Future Apple Ecosystem

Sunday September 20, 2020 6:17 am PDT by
Proven leaker known as "L0vetodream" has today shared a range of information about the ultra-wideband U1 chip in Apple's upcoming AirTags item trackers and AirPods Studio headphones. The first of a series of tweets shared today simply stated that AirPods Studio will contain an ultra-wideband U1 chip. It seems likely that the U1 chip would be used in AirPods Studio to track the location of...

Kuo: Apple to Accelerate Adoption of Mini-LED Displays in iPad and Mac Notebook Lineups

Sunday September 20, 2020 10:00 pm PDT by
Increased competition among Apple's suppliers for mini-LED display chips will accelerate the company's adoption of the advanced technology in its iPad and MacBook lineups, according to a new research note from analyst Ming-Chi Kuo seen by MacRumors. Kuo says that while Epistar had been predicted to be the exclusive supplier of mini-LED chips for Apple products in 2021, Sanan Optoelectronics...

Top Stories: Apple Event Recap, Apple Watch Series 6, Redesigned iPad Air, and More

Saturday September 19, 2020 6:00 am PDT by
This week's news was obviously dominated by Apple's media event and the launch of iOS 14, but there was a lot to digest, so check out our summary below for the high-level view of the past week. With the exception of the massively redesigned iPad Air, all of the new hardware introduced this week is starting to appear on store shelves and on customers' doorsteps, while all of the new software...

Apple Updates AirPods 2 and AirPods Pro Firmware to Version 3A283

Monday September 14, 2020 11:24 am PDT by
Apple today released new 3A283 firmware updates for the second-generation AirPods and the AirPods Pro. The second-generation AirPods are being updated from the 2D15 firmware they were previously running, while the AirPods Pros are being updated from the 2D27 firmware they had installed previously. Apple does not provide details on what's included in refreshed firmware so we don't know what's ...