Tech —

Two months later, developers (mostly) positive about OS X’s GateKeeper

Most devs support GateKeeper, but some worry about the future of the platform.

GateKeeper can be used to block non-Mac-App-Store or unsigned apps, but it might also prevent developers from getting into programming on the Mac.
GateKeeper can be used to block non-Mac-App-Store or unsigned apps, but it might also prevent developers from getting into programming on the Mac.

Remember the wails about Apple turning OS X into a "walled garden" when news of GateKeeper emerged? The tool, which allows OS X users to restrict where their apps come from, was announced in February 2012 and was included with Mountain Lion when it was released in July. The controversy hinged on Apple's attempt to guide users toward installing only those apps downloaded from the Mac App Store, or at least settling for a middle ground wherein users could also install apps "signed" by the developer—an action that still costs the developer $99 per year and pads Apple's bank account.

The goal was to increase security on the Mac—especially in light of the recent Flashback scare—but power users bristled. GateKeeper does allow Mac users to install apps from any source they'd like, but it's not as easy as it used to be. The OS throws up flags that warn users about unsigned applications, which can easily discourage people from trying new software.

On the developer side, however, there was a cautious optimism that GateKeeper could mean good things for Mac users. Before GateKeeper was released to the public, Ars interviewed a number of developers who told us they generally felt comfortable with the tiers of control, even if things weren't perfect. Some acknowledged that Apple was indeed stepping up its level of control over users' computers, however, and expressed concern that Apple could change its default settings at any time to limit software distribution even further.

So has the apocalypse come? Two months post-Mountain Lion, are developers suffering from GateKeeper's new restrictions? We reached out to a handful of Mac developers for their perspective, and to see how their work has been impacted by the change.

End-users are better off with GateKeeper

Every developer we spoke to said they believe end users are better off security-wise with GateKeeper. Whether it's because users need to be protected from themselves or they simply need an extra layer of security so they can sleep easier at night, there appears to be a tremendous level of confidence in the fact that users are safer now.

"I think GateKeeper is a huge boon to end-users—it’s effective against man-in-the-middle and masquerade attacks, and the latter is a very common vector for malware," Delicious Monster's Wil Shipley told Ars. "GateKeeper is a brilliant design because there’s a cost to develop each round of computer viruses/trojans/worms, and GateKeeper lowers the chances of any particular piece of malware being a hit. It changes the economics of malware in favor of Mac users."

Iconfactory's Craig Hockenberry agreed. "I definitely think that GateKeeper is helping end users. I know that whenever I click on a download link and see that the developer hasn't signed their app, I think twice about installing it," Hockenberry told Ars.

It also appears GateKeeper hasn't caused huge problems for developers who actively market and sell their apps. "From a development point-of-view, it's been a simple change with a lot of benefit. I hear a lot of my fellow developers saying the same thing," Hockenberry said.

"It's simple to implement, has low impact on developers and users, and feels like a good way for Apple to block truly malicious applications. We're totally on board," Panic's Cabel Sasser added.

Shipley explained why developers seem to benefit from Apple's implementation of GateKeeper: because it lets customers know that if they trust the company's name, they can trust the company's software, too.

"Without GateKeeper, a customer could download a copy of Delicious Library from some third-party download site which had maliciously inserted some malware into it. We couldn’t prevent this, and the user couldn’t detect it. Now the user will be informed the software wasn’t blessed by us, so they can discard it safely before it ever launches," Shipley said. "That kind of user confidence is what made the iPhone App Store such a success. Many falsely attribute the safety of the App Store to sandboxing, but in fact it’s due to the iPhone’s implicit version of GateKeeper (e.g., every app that runs on the iPhone has to have been signed by Apple)."

It's worth remembering that there are ways to install non-Mac-App-Store, unsigned apps on your Mac under Mountain Lion—you just have to turn off or work around GateKeeper. This can be done by going to your Settings and into the Security & Privacy control panel, or by right-clicking to force open an unsigned app. This, developer Colin Barrett argues, is easy enough for most users.

"I have not personally heard of people, users or otherwise, having much trouble thanks to Gatekeeper itself. Some folks have had problems with it that were easily solved once they learned about the handy right-click Open 'work-around' Apple included (which is one of my favorite pieces of security UX in recent memory)," Barrett told Ars. "Also, a lot of people have discovered said workaround through the excellent confirmation box Apple includes when you try to turn off Gatekeeper entirely."

Jamie Phelps, a "code wrangler" from AgileBits, echoed this sentiment. "I think Gatekeeper is helping the vast majority of end users. I have Gatekeeper enabled on my Mac. Whenever I download an application and double-click, the 'unidentified developer' pop-up gives me pause," Phelps told Ars. "As a nerd, I know I can bypass this, but at a very minimum it makes me take a beat and think about what I'm doing."

But Sasser warned against turning off GateKeeper due to overconfidence—he's concerned that too many will disable GateKeeper's protections altogether, which might only help to spread malicious software in the future. "Users will all-too-readily set their default to 'Anywhere,' rendering the whole feature useless. I hope that people will think twice before changing this setting," he cautioned.

Challenges faced by smaller developers

Although many developers are happy with GateKeeper, not everyone sees such a rosy future for Mac software. In particular, hobbyist programmers and open source developers—generally, the ones not trying to make money out of the gate—are those whose work is suffering the most from GateKeeper's restrictions. And although they might be OK with that on a personal level, they're not always OK with it when it comes to where the platform is going.

Wesley Reynolds has given up development of his popular Dropbox Droplet widget, thanks in part to Mountain Lion and GateKeeper. His widget stopped working when Mountain Lion was released, and he's unable to figure out how to make it work again without shelling out $99 for a Mac developer account—even though he doesn't make any money from the widget. When I asked him his take on how things have changed, he explained that while he admires what Apple is trying to accomplish, he doesn't like the way the ecosystem hurts smaller developers.

"I could pay my $99 to find out how to fix this problem and sign my app, but I did this as a bit of a hobby to learn how dashboard widgets work, and the $99 was too big a pill to swallow," Reynolds said.

"I think Gatekeeper is pretty much killing the hobbyist coder on Mac. No longer will you be able to grab the tools for free that you need to code a program and then share it with whoever may be interested in it," Reynolds continued. "It was exciting for me to have created a handy little widget as an experiment to learn about Dashboard Widgets, and then, just because it's done, throw it up on the Web and have many thousands of people download it and use it. Now, a hobbyist coder can still download the tools for free, and learn to code and make a neat app that will run on their computer, no problem, but they can't give it to anyone over an Internet connection without Gatekeeper kicking in."

Reynolds acknowledged that there are some end user benefits to this restriction—namely that some hobbyist applications are "half-baked," low-quality, and have the potential to be dangerous. His own widget uses behind-the-scene Terminal commands in order to function, and he pointed out that he could have easily programmed the widget to delete things it shouldn't.

But if not for hobbyist programmers, would OS X be where it is today as a platform? Longtime Mac users no doubt remember the struggle to find useful software for anything, and the robust developer ecosystem we have today might not even exist if not for individuals taking an interest in coding for the Mac in their free time. Many have since turned their hobbies into full-fledged software houses, but there are others still tinkering around to see if they want to hop on board.

"Open source apps are legitimately hurt the worst, I think. Low-budget, but super-useful apps," Reynolds said. "My mom will have a hard time running an old or potentially dangerous app. Now, she'll also have a hard time running an old and harmless app she used to love. But at least it's safety in the better direction."

Where is Apple going from here?

When we first interviewed developers, some indicated a certain level of unease with where the Mac platform might be going. Rogue Amoeba's Paul Kafasis pointed out at the time that Apple already has more control with GateKeeper than it did previously—even with the middle-ground option. Stand Alone's Ben Gottlieb said he actually fears the day Apple tries to change the default to "only allow App Store apps."

Reynolds, unsurprisingly, took a similar stance when I asked him what he thought. "I think the Mac will be further locked down, requiring sandboxing for non-App Store apps perhaps?" Reynolds said. "I can see a world where you are unable to download an app to your Mac from the Internet without going through the manicured App Store, but that's a huge burden and liability to Apple if they claim 100% ownership over taste and over what is a 'good' app, and something awful goes wrong. The hobbyist coder will really be dead and buried at that point."

But the other developers I spoke to seemed to have a more positive take on the direction of third-party software on OS X.

"I really think Apple is in the business of creating the best experience possible for their users. I don't think that means Mac App Store apps only, because I don't think anyone at Apple would argue that the loss of apps like SuperDuper!, TextExpander, or Hazel would be best for the users' experience," Phelps told Ars.

"It's always hard to predict Apple's plans for the future, but if the past few years is any guide, I'd look for the Mac to get even more secure," Hockenberry added. "The trick, of course, is to do that while providing developers with the flexibility to create the applications that their customers want to purchase."

Listing image by Randen Pederson

Channel Ars Technica