OS X Mountain Lion Limits Apps to Mac App Store, Signed Apps by Default

One of the significant new features in OS X Mountain Lion is Gatekeeper, a new security system to help keep users from installing nefarious applications on their machines.

The new system relies not only on Mac App Store distribution as means of vetting apps, but also on a new "identified developer" program under which developers distributing their applications outside of the Mac App Store can register with Apple and receive a personalized certificate they can use to sign their applications. Apple can then use that system to track developers and disable their certificates if malicious activity is detected.

gatekeeper preferences
As Macworld notes in its review of Gatekeeper, OS X Mountain Lion's default setting will be to only allow initial launching of apps either downloaded from the Mac App Store or which are digitally signed under Apple's identified developer program. Users will be able to access Gatekeeper's settings in the Security & Privacy section of System Preferences, where they will also be able to choose from an even stricter setting that will allow for installation of Mac App Store apps only or a looser setting that will allow all applications to be installed and launched.

Located in the General tab of the Security & Privacy preference pane is a setting called “Allow applications downloaded from,” with three options:

Anywhere: This choice uses the same set of rules as every previous version of Mac OS X. If an app isn’t known malware and you approve it, it opens.

Mac App Store: When this choice is selected, any apps not downloaded from the Mac App Store will be rejected when you try to launch them.

Mac App Store and identified developers: This is the new default setting in Mountain Lion. In addition to Mac App Store apps, it also allows any third-party apps that have been signed by an identified developer to run.

For users on the default setting, they can bypass the initial Gatekeeper check the first time they launch an unsigned third-party app by right clicking on the app itself and choosing the "Open" command. Once the application has been opened one time, Gatekeeper no longer has any control over it.

As for apps that are signed by an identified developer, Macworld notes that OS X Mountain Lion will perform a daily check with Apple's servers for blacklisted developer signatures, and if an app from a blacklisted developer is installed on the user's system it will not open.

Importantly, Apple's identified developer program does not involve any sort of vetting on Apple's part, as certificates are automatically issued upon request and can be freely used by the developers. But what the program does do is provide a way for Apple to link specific developers to specific apps and use Gatekeeper to revoke application functionality should a developer be discovered to be distributing malware.

Top Rated Comments

KingJosh Avatar
128 months ago
Why do some people take half the facts and cry?
Score: 32 Votes (Like | Disagree)
GenesisST Avatar
128 months ago
Well we all knew this was coming. After Mountain Lion we'll have to jailbreak to run apps from outside the App Store.

No we won't. You just need to turn down the setting to allow all apps.
Score: 22 Votes (Like | Disagree)
ppilone Avatar
128 months ago
I knew I shouldn't have looked at this thread... immediately full of "Goodbye OS X" posts.

Gatekeeper really does seem like an intelligent approach to security in OS X. If anything, I think it re-affirms that OS X will not be Mac App Store only for the foreseeable future. Apple is giving developers an opportunity to play nice, without all the headache and restrictions placed on distributing through the Mac App Store.

Gatekeeper, IMHO, feels like a "we get it - it's not iOS" from Apple. In fact, I'm hoping for Gatekeeper to show up in iOS 6.
Score: 18 Votes (Like | Disagree)
GenesisST Avatar
128 months ago
Why do some people take half the facts and cry?

Complaining is fun! :D
Score: 16 Votes (Like | Disagree)
dethmaShine Avatar
128 months ago
Image (http://obamapacman.com/wp-content/uploads/2011/02/Bill-Gates-Big-Brother-Apple-1984.jpg)
********.

You may wanna go and check the Gatekeeper developer meaning again.

As much as a geek I am, I am probably gonna run the OS in Mac App Store only Gatekeeper mode and revert to Anywhere when I need to install some stuff on the web.

This is the best Apple can do for the very vast number of users. Caters to us geeks, caters to normal people and caters to those who don't know the **** they are doing.

This is unbelievably awesome.


Well we all knew this was coming. After Mountain Lion we'll have to jailbreak to run apps from outside the App Store.
On the contrary, this is evidence that Apple is NOT going to close the Mac. Things cannot be much more obvious for those who really wish to see without bias and hatred.

Short story for those interested:
Just a couple of days back, one of my friends referred to this concept in general and I was so blown away (shame I couldn't figure out myself). This also prevented Apple from changing the underlying UNIX system to an extent where they would revoke installation permissions from the user or admin or even the super-user. Maybe an additional private kernel model only used for app installations.

This is absolutely surreal. Best ****in feature ever. People don't realise this but this makes me believe that Apple is running for the geeks too. Long live Apple.
Score: 13 Votes (Like | Disagree)
deputy_doofy Avatar
128 months ago
Yes, in Mountain Lion. But I was saying that Apple will silently phase that out in the next release.

I will remain an optimist for now. In some respects, I like the GateKeeper concept. However, if Apple removes (or hides) the "anywhere" feature in 10.9 or higher, I will re-think my OS of choice (but *still* won't consider Windows). When malware can get onto my machine and install like machine-gun fire (this is on a corporate network with "enterprise-level" anti-malware software) when I don't even have admin access myself to install anything, MS will never have my business. I guess I'll revisit (and learn) Linux at that point.
Score: 10 Votes (Like | Disagree)

Popular Stories

telsa cyberwhistle

Elon Musk Urges Customers to Buy 'Tesla Cyberwhistle' Instead of Apple Polishing Cloth

Wednesday December 1, 2021 4:01 am PST by
Tesla CEO Elon Musk has encouraged customers to buy the "Cyberwhistle" for $50 instead of Apple's much-discussed Polishing Cloth. The product page, which Musk shared on Twitter on Tuesday evening, offers a limited edition stainless steel whistle with the same distinctive design of the Tesla Cybertruck:Inspired by Cybertruck, the limited-edition Cyberwhistle is a premium collectible made from ...
iPhone SE Cosmopolitan Clean

New iPhone SE Reportedly on Track for Release in First Quarter of 2022

Tuesday November 30, 2021 8:08 am PST by
Apple plans to release a third-generation iPhone SE in the first quarter of 2022, according to Taiwanese research firm TrendForce. If this timeframe proves to be accurate, we can expect the device to be released by the end of March. As previously rumored, TrendForce said the new iPhone SE will remain a mid-range smartphone with added support for 5G:In terms of product development, Apple is...
maxresdefault

Five Features to Look Forward to in the 2022 MacBook Air

Tuesday November 30, 2021 1:51 pm PST by
In 2022, Apple is going to release an updated version of the MacBook Air with some of the biggest design changes that we've seen since 2010, when Apple introduced the 11 and 13-inch size options. In the video below, we highlight five features that you need to know about the new machine. Subscribe to the MacRumors YouTube channel for more videos. No More Wedge Design - Current MacBook...
2017 apple tv

Cyber Monday: Original Apple TV 4K Drops to $99.99 for Amazon Prime Members

Monday November 29, 2021 12:01 pm PST by
We've been tracking Apple product and accessory deals for Cyber Monday 2021 today, and now Woot is offering a solid discount on the previous generation 32GB Apple TV 4K. You can get this device in new condition for just $99.99 if you're an Amazon Prime member. Note that this sale will last for one day only. Note: MacRumors is an affiliate partner with some of these vendors. When you click a...
apple top apps games 2020

Apple Reveals the Most Downloaded iOS Apps and Games of 2021

Thursday December 2, 2021 12:05 am PST by
Along with naming its editorial picks for the top apps and games of 2021, Apple today shared charts for the most downloaded free and paid apps and games in the United States across 2021. The number one most downloaded free iPhone app was TikTok, followed by YouTube, Instagram, Snapchat, and Facebook. The top paid iPhone apps included Procreate Pocket, HotSchedules, The Wonder Weeks, and Touch...
Mac Notebook Upgrade Program

Apple Introduces New MacBook Upgrade Program for Business Partners

Monday November 29, 2021 7:38 am PST by
In association with CIT as the financing partner, Apple has launched a new Mac Upgrade Program for small businesses and Apple business partners that allow companies to easily distribute and upgrade their fleets of MacBooks at an affordable price to all of their workers. As outlined on CIT's website, shared by Max Weinbach, Apple Business Partners can distribute the 13-inch MacBook Pro,...
airpods prototype translucent

Transparent AirPods and 29W Power Adapter Prototypes Surface in Photos

Tuesday November 30, 2021 7:16 am PST by
Images of transparent prototype AirPods and a 29W Apple power adapter have been shared on Twitter by Apple device collector Giulio Zompetti. The prototypes, which appear to be either first-generation or second-generation AirPods, feature clear plastic along the stem and around the outer side of the earbud, with the normal white plastic on the inner side of the earbud. Transparent casings are ...
apple view concept right corner

Apple Planning to Replace the iPhone With AR Headset in 10 Years

Wednesday December 1, 2021 2:29 am PST by
Apple is planning to replace the iPhone with an augmented reality (AR) headset in 10 years, a process that is apparently due to start as soon as next year with the launch of a head-mounted device, according to a recent report. Concept render of Apple's rumored AR headset by Antonio De Rosa In a note to investors seen by MacRumors, eminent analyst Ming-Chi Kuo explained that "Apple's goal is...