Developers unsurprised, but cautious about Gatekeeper, NewsIT.info

Developers unsurprised, but cautious about Gatekeeper

Thursday's surprise announcement of the next version of Mac OS X had developers across the Mac community perking up their ears, thanks in no small part to a new feature in Mountain Lion called Gatekeeper.

"My takeaway on Gatekeeper is it's a lightweight introduction of the notion of registered developers outside the App Store," Daniel Jalkut, proprietor of Red Sweater Software, explained to Macworld.

Gatekeeper relies on a technique called code-signing, in which software developers are provided with a cryptographic certificate from an authority--in this case, Apple--which they can then use to digitally "sign" their applications. It's similar to the process that consumers encounter when they buy things via the Web, in which they've been trained to look for the padlock icon that indicates a secure transaction.

"Security based on digital signatures has been a long time coming, so it shouldn't be much of a surprise to developers," said Ecamm Network co-owner Glen Aspeslagh. "As the Mac gains in popularity, Apple's approach will be a powerful and much needed weapon against malware."

While our Windows-using compatriots have been plagued by malware of all shapes and flavors, Mac users have remained largely unscathed, although the debate continues to rage over whether that's because of innate superiority in the Mac operating system or the Mac's smaller market share presenting a less tempting target for writers of malicious software.

Certificate of authenticity

Apple's new approach relies on the idea of what it calls "identified developers," which is to say developers to whom the company has issued a digital certificate. That certificate becomes linked with the developer's identity and subsequently with their applications. If Apple finds that a software maker is distributing an application that contains some sort of malicious code, it can revoke the certificate, which--depending on how a user has Mountain Lion set up--may prevent the app from launching. Presumably, Apple could even revoke all the apps from a single developer with the flip of a switch.

This isn't really a new concept for Apple; code-signing as an option has been around since 2007, when it was introduced as part of Mac OS X 10.5 Leopard. And the company has employed it as a requirement for programs distributed in both the App Store for iOS and the Mac App Store.

"We've been in the Mac App Store for a while (since the very beginning)," Bare Bones Software's Rich Siegel told Macworld, "and as far as I can tell, if you're shipping a Mac App Store product today, you're an 'identified developer.'"

But, of course, not all Mac developers participate in the Mac App Store. So while developers can sign their own code to certify, for example, that the contents of their apps have not been altered since distribution, they can't reap all the potential benefits that code-signing has to offer. In order to do that, the certificates would need to be issued by a trusted authority--to wit, Apple.

Developers unsurprised, but cautious about Gatekeeper

About

Tags

Posts we like