Thursday, February 16, 2012

Relax! Apple Doesn't Want To Lock OSX Down Like iOS

Before reading this article, you'll want to be familiar with how Gatekeeper operates on the OSX Mountain Lion beta. Macworld has a concise overview with screenshots.

Let's start by examining the reasons why iOS doesn't allow you to run unapproved third-party software.

  1. Thirty percent. Apple certainly benefits from taking a 30% cut of software sales made through the App Store. (It should be noted, of course, that you can publish free software via the App Store as well)
  2. Carrier network limitations. If iOS users run bandwidth-intensive apps on wireless networks, there's a real potential for iOS users to overwhelm wireless networks already struggling to keep up with demand. This is why applications such as Skype, or even Apple's own FaceTime, don't let you videoconference over cellular networks. Apple has extraordinary leverage with carriers, but Apple simply can't sell a device that would overwhelm the networks it relies on.
  3. Because they can. iOS is a new platform, with no history of allowing you to run unapproved third-party software.

Of the above reasons, only #1 is relevant to OSX.

There's no doubt that a 30% cut of all OSX software revenue would appeal to Apple. Gatekeeper, however, really has nothing to do with funneling OSX software through the Mac App Store. Once you get your free developer certificate from Apple, you can distribute your signed software any way you like, with no obligation to funnel it through the App Store.

Apple has also made it quite easy to run unsigned applications. You can disable the check for signed applications entirely via a one-time setting in Security & Privacy under System Preferences. From the Macworld article:

"If you want Mountain Lion to run every app under the sun, you can just change the setting to Anywhere."

Or, you can override Gatekeeper on a per-application basis. From the Macworld article:

"Finally, it’s important to note that because Gatekeeper uses the File Quarantine system, it only works the very first time you try to launch an app, and even then only when it’s been downloaded from an app on your Mac like a web browser or email program. And once an app has been launched once, it’s beyond the reach of Gatekeeper.

Combine this with the ease of overriding Gatekeeper by using the Open command and it’s clear that Gatekeeper in Mountain Lion isn’t intended to be some sort of high-security app lockdown. It’s just a tool to encourage people not to run software they don’t trust. If they really, truly want to run an app, Mountain Lion won’t stop them."

The only remaining worry is: Are we on a slippery slope? Is this merely Apple's first step towards a total iOS-style lockdown? We can't rule that out. The downsides to such a lockdown would be tremendous: developers, power users and early adopters would flee OSX in droves… and, even if we assume Apple doesn't care about good will, remember that those are precisely the people Apple needs to write iOS software using its OSX-only iOS developer tools.

I do agree wholeheartedly with Lloyd from Mac Performance Guide on several points. LLoyd lays out several possible worst-case scenarios:

  • "Apple disables, removes or forbids an application because of Congressional pressure. No Rule of Law, no due process, just arbitrary removal or shut-down of an application. This already happened once last year. It doesn’t matter whether you agree or disagree with what any particular app does; that’s not the point. Policies regard can change at any time."
  • "A repressive country (Iran, China, Syria, etc) decides that it doesn’t like the certain apps being used by Undesirable Elements. So it demands that Apple disable those apps. Apple doesn’t want to risk its commercial market there, so it disables those apps."
  • "Hackers penetrate Apple’s systems. All applications of any kind worldwide could be suddenly disabled and/or removed. If a key cryptographic provider (RSA) can be compromised, it can happen anywhere. Or consider this article. Or this one. Or this one. Or this one. Or thousands of others. And that’s just what has been made public; assuming all such compromises are disclosed would be extremely naive. An exploit of this magnitude would be like an Olympic gold medal for hackers— highly attractive."

The likelihood of those scenarios is nearly irrelevant to me; I'm not comfortable with a private company (or a government) having that level of arbitrary control over my computer. However, as noted above in Macworld's Gatekeeper feature, the impact of those worst-case scenarios seems extremely small: you could simply disable Gatekeeper!

That's why I'm sticking with OSX, and I'll most likely give Mountain Lion a shot when it's released. Though, maybe not until it reaches 10.8.1…

No comments:

Post a Comment