By Jason Snell
June 5, 2018 9:16 PM PT
With Mojave, Apple makes changes inside and outside Mac App Store
Note: This story has not been updated for several years.
The introduction of macOS Mojave will see Apple make some important changes to how Mac software is secured and analyzed—both inside and outside of the Mac App Store.
If you view software on the Mac as a simple binary—it’s either approved and scanned by Apple or it’s a free-for-all—you’re missing some important nuances. By default, macOS launches apps from the Mac App Store or apps that are cryptographically signed by a developer with its Apple-generated certificate. If an app from outside the Mac App Store isn’t signed, it won’t open (unless you change the security settings or override the check).
But in Mojave, the Mac App Store is getting more expansive. For example, Apps are able to ask for permission to creep out of the restrictive “sandbox” and access files more broadly across your Mac’s hard drive. The severe restrictions of the Mac App Store’s security policies were one of the reasons most frequently cited by developers who decided to bail out on the store and just go back to selling apps directly. It’s no coincidence that two notable developers who abandoned the Mac App Store, Bare Bones and Panic, were highlighted in a slide at the WWDC Keynote: That’s Apple sending a message to developers that the Mac App Store is changing and that they might want to give it a second look. I’d expect Apple to continue in this direction with the Mac App Store in the future.
Mojave also introduces a new set of security measures for apps outside the Mac App Store. The new concept is called “notarizing” apps, which is a way for Apple to digitally mark an app release that’s been signed by a registered Apple developer. To release an app (outside the Mac App Store), developers will upload their app to an Apple server, where it’s automatically scanned for malware. This isn’t anything formal like an App Store review, but it’s meant to catch obvious malware. When an app passes the scan, Apple generates a file that’s provided back to the developer. Developers don’t need to use this approach in Mojave, but down the road it seems like it will replace the current app-signing option for non-App Store apps.
The notarized-apps approach has some notable benefits, like the fact that a single rogue version of an app can be stopped without disabling every single app signed by that developer—a harsh side effect of the current approach to signing apps. But it also adds a delay in the software release, and brings Apple directly into the app release workflow. Any technical breakdown on Apple’s end could get in the way of app updates going out the door.
Still, it’s an interesting contrast: Apple is making it easier for more apps to get into the Mac App Store, while also instituting somewhat tighter security controls on apps that are released outside the store. Anyone who wants to see a slippery slope that ends up in the Mac software experience being entirely locked down will undoubtedly see it here; it’s more likely that this is Apple’s way of balancing the freedom of Mac software distribution with the need to protect Mac users from malware infestations.
As for the Mac App Store, this is great news. While the keynote showed off a fancy new App Store interface, complete with editorial content akin to what’s been on the iOS App Store since the release of iOS 11 last fall, you can’t write engaging marketing material about apps that aren’t allowed in the store. Altering policies and providing new tools for apps to ask permission, thereby returning developers like Panic and Bare Bones to the store, is what it will take to refresh the Mac App Store. And it looks like that’s exactly what’s happening.
If you appreciate articles like this one, support us by becoming a Six Colors subscriber. Subscribers get access to an exclusive podcast, members-only stories, and a special community.