Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 17, 2012, 04:46 PM   #201
dashiel
macrumors 6502a
 
Join Date: Nov 2003
Quote:
Originally Posted by petsounds View Post
As I said, it's a concern. I'm not saying it's going to happen. But it's a steep cliff and a long way down should Apple decide to exert "editorial control" over the apps it has signed. You trust them to play fair, I don't. Jobs never gave me much reason to. Perhaps the Tim Cook-era Apple will instill some. I hope!

This is inductive reasoning run amuck. A leads to B, B leads to C, C leads to D, therefore A leads to Z, except Apple hasn’t even done A yet. I don’t think there’s a single instance of Apple abusing (or using for that matter) a signed certificate or “kill switch” to remove or stop the distribution of an iOS app.

Chalkboards aren’t a convincing argument.

Quote:
Originally Posted by petsounds View Post
And why would Apple need that kind of authority? Having a list of flagged apps is enough to notify users of malicious code. Control of the cert signing would only be necessary to cause apps to no longer run -- something you argue Apple would never do.
The whole point of using a signed certificate is so Apple is certain the App they’re going to prevent from being installed is the App. The blacklist of flagged apps as you suggest is already in place that’s what Apple used to fend off MacDefender, the problem is MacDefender just kept changing the name so it slipped through the black list. Having a cryptographically signed app means Apple knows exactly what App it can block.

Additionally it adds levels of social security. Malicious software developers can easily acquire signed certificates, either self-signed or from less than reputable sources. Apple issuing the certificate adds a layer of complexity for criminals having to come up with a credit card, a fake address, fake name, masked IP, etc… all of course easily circumvented, at the same time still a hassle.

A signed cert from Apple has the weight of Apple’s reputation behind it, your mistrust aside, most people have a lot more faith in Apple than GoDaddy. As I mentioned earlier this program is basically allowing third party developers to ride along on Apple’s coattails in terms of consumer trust.
dashiel is offline   1 Reply With Quote
Old Feb 17, 2012, 05:26 PM   #202
charlituna
macrumors 604
 
charlituna's Avatar
 
Join Date: Jun 2008
Location: Los Angeles, CA
Quote:
Originally Posted by waltermitty View Post
This is ridiculous. An obvious money grabbing attempt by making users (by default) go through their App Store to get their software and system updates.
Hardly since you can get a certificate just by asking for one. And then you have no issues until it is found out that you are distributing malware and then your certificate will be invalidated and those that have blocked non signed and non MAS apps won't accidentally open it and cause any harm.

----------

Quote:
Originally Posted by Stella View Post
You turn off Gate Keeper.
Or after it warns you that your software may not be safe you use the whole Option+click method to open it without the warning that Apple isn't keeping a secret.

----------

Quote:
Originally Posted by Nermal View Post
Do you have a reference for that? I've seen a couple of people mention it but I'm having trouble with finding official documentation stating that a Developer ID is free.
A developer ID is not free. But as a registered developer a signing certification for your apps is.

----------

Quote:
Originally Posted by babyj View Post
I believe the whole point is that Apple will be the only ones issuing certificates and if an app turns out to be bad they have a big kill switch button they can press.
Yes and no. They can kill the app from automatically opening as a 'signed app' but the user can always open it anyway.
charlituna is offline   2 Reply With Quote
Old Feb 17, 2012, 05:50 PM   #203
petsounds
macrumors 6502a
 
Join Date: Jun 2007
Quote:
Originally Posted by dashiel View Post
This is inductive reasoning run amuck. A leads to B, B leads to C, C leads to D, therefore A leads to Z, except Apple hasn’t even done A yet. I don’t think there’s a single instance of Apple abusing (or using for that matter) a signed certificate or “kill switch” to remove or stop the distribution of an iOS app.
You're being a bit pedantic here. Mountain Lion != iOS. On iOS, aside from jailbreaking the only way to get an app on your device is through the App Store. On ML, you only need a signed app (under default settings) to install it. So there's no precedent for Apple using certs to block apps because if Apple wants to blackball an iOS app, they just remove it from their store. Yes, a few people can keep it backed up locally and Apple hasn't remotely removed them (if they even have that ability), but effectively the app is dead.

What we're discussing with a cert being revoked is no different. People can still install it, but the vast majority won't touch it if the cert is dead, and the app maker won't be able to release a new version.


Quote:
Additionally it adds levels of social security. Malicious software developers can easily acquire signed certificates, either self-signed or from less than reputable sources. Apple issuing the certificate adds a layer of complexity for criminals having to come up with a credit card, a fake address, fake name, masked IP, etc… all of course easily circumvented, at the same time still a hassle.
In regards to your MacDefender example, I was inferring that Apple key off the 3rd-party cert, not a binary hash of the app executable. If Apple did allow 3rd-party certs, it would obviously only be from trustworthy signing authorities like VeriSign. Yes, info can be faked just like with an Apple cert, but it gives developers more flexibility and control rather than be corralled into a pen by Apple. I see no reasonable benefit to Apple controlling the cert process.
petsounds is offline   -1 Reply With Quote
Old Feb 18, 2012, 01:58 AM   #204
ArmCortexA8
macrumors 6502
 
Join Date: Feb 2010
Location: Terra Australis
Hi all

I just tried this in Mac OSX on my 2011 MacBook Air. I did a Flash update with this feature enabled, and got the options of got to trash or cancel. There was no choice for me to continue. In effect I was forced to turn this feature off before I could update Flash.
__________________
Apple iPod Touch 64GB 5th Gen (Retina) / Apple iPhone 5 64GB (3G / LTE) / Apple MacBook Air 13" (2011) Core i7 / 256GB
ArmCortexA8 is offline   -1 Reply With Quote
Old Feb 18, 2012, 02:45 AM   #205
DigitalFreedom
macrumors newbie
 
Join Date: Feb 2012
what I liked there

The fact is Apple is trying to force a locked system approach the way they have it in iOs - to rule everything - is sad. And I think they'll even get some court cases regarding that from third-party software distributors.

What I did like in 10.8 is that they FINALLY made it possible to disable that **** "Reopen windows when logging back in" check-box. It's getting disabled after you uncheck that option in General settings. Oh my, why didn't they do this simple thing in Lion, even in 10.3? Heh - just to get your money again.

Also 10.8 features some nice new multi-touch gestures for laptop and magic trackpad owners. And it runs faster than Lion.

The only thing that can drop Apple success is their greedy managers - their engineers are excellent.
DigitalFreedom is offline   -1 Reply With Quote
Old Feb 18, 2012, 09:32 AM   #206
dashiel
macrumors 6502a
 
Join Date: Nov 2003
Quote:
Originally Posted by petsounds View Post
You're being a bit pedantic here. Mountain Lion != iOS. On iOS, aside from jailbreaking the only way to get an app on your device is through the App Store. On ML, you only need a signed app (under default settings) to install it. So there's no precedent for Apple using certs to block apps because if Apple wants to blackball an iOS app, they just remove it from their store. Yes, a few people can keep it backed up locally and Apple hasn't remotely removed them (if they even have that ability), but effectively the app is dead.
It's not even remotely pedantic. You assert handing Apple power is concerning, yet on iOS where they have even greater power (I.e., the ability to remotely kill an app) they have not used either one. There is no precedent for this Orwellian future you fear.

Furthermore the App Store is not the only way to get Apps on the iPhone. AdHoc installation, TestFlight, Provisioned devices, enterprise installs.


Quote:
Originally Posted by petsounds View Post
I see no reasonable benefit to Apple controlling the cert process.
I'll give you three

1) Apple couldn't revoke the certificate, only the authorizing agent can. Having the ability to revoke the certificate is critical to maintaining the security of the system.
2) Apple has more trust equity than VeriSign amongst average users
3) Perhaps you read the recent Dutch study showing 4 of every 1000 public keys provide no security whatsoever, including one major authorizing agent. By being the sole provider Apple maintains quality control
dashiel is offline   1 Reply With Quote
Old Feb 18, 2012, 01:07 PM   #207
stanton
macrumors member
 
Join Date: Jan 2008
Location: Philly
Quote:
Originally Posted by dashiel View Post
It's not even remotely pedantic. You assert handing Apple power is concerning, yet on iOS where they have even greater power (I.e., the ability to remotely kill an app) they have not used either one. There is no precedent for this Orwellian future you fear.
Apple being the only CA is definitely an issue. Let's say I create a BluRay/DVD ripping application or a file sharing application. These programs have dubious legality here in the US do to both Copyright laws and DMCA provisions, however these laws aren't binding for developers in other countries. As has been shown, ICE can seize property such as domain names to protect copyrighted works. So what's to stop them from seizing developers certificates since Apple is a US corporation?
stanton is offline   -1 Reply With Quote
Old Feb 18, 2012, 01:20 PM   #208
Stella
macrumors 603
 
Stella's Avatar
 
Join Date: Apr 2003
Location: Canada
Quote:
Originally Posted by dashiel View Post
Furthermore the App Store is not the only way to get Apps on the iPhone. AdHoc installation, TestFlight, Provisioned devices, enterprise installs.
For the regular person it is.. otherwise there would be no need for jail breaking. For developers, you need to give apple at lest $99 in order to install your own applications on your own device.
__________________
Hardware / Software: The right tools for the job - be it Apple or otherwise.
Stella is offline   1 Reply With Quote
Old Feb 18, 2012, 01:45 PM   #209
firewood
macrumors 603
 
Join Date: Jul 2003
Location: Silicon Valley
Quote:
Originally Posted by Stella View Post
For the regular person it is.. otherwise there would be no need for jail breaking. For developers, you need to give apple at lest $99 in order to install your own applications on your own device.
I had to give Apple over $700 to install apps on a device. $499 base iPad price, $100 more for more storage, $99 more for the signing key. Plus taxes. Lets me install any type of app for which I can write or download suitable source code.

Cheaper prices available for those who don't need as much memory or a signing key.

Plus my developer signing key is usable on up to 99 other devices, so maybe it was only a $1 per device feature upgrade? A whole bunch cheaper than the $100 for additional storage.
firewood is offline   1 Reply With Quote
Old Feb 18, 2012, 02:49 PM   #210
tblrsa
macrumors regular
 
Join Date: Jan 2010
I just activated Gatekeeper on Lion for some testing.

By pressing the Option Key before clicking on the App Icon you are indeed able to disable Gatekeeper Protection for this one app. The OS remembers your choice and will start this app without further checking in the future. I´ve used Adium for testing this. Not bad, I think.

In case the signature will be free for devs, I don´t see much of a problem here to be honest. Apple is handling this very open, we are all able to test it on our Lion Machines.
__________________
Macbook Pro 13" Mid 2010, 2,4 GHz C2D, SAMSUNG 840 EVO 250 GB SSD, 8 GB DDR3 RAM, NVIDIA GeForce 320M 256 MB
tblrsa is offline   1 Reply With Quote
Old Feb 18, 2012, 02:58 PM   #211
petsounds
macrumors 6502a
 
Join Date: Jun 2007
Quote:
Originally Posted by dashiel View Post
It's not even remotely pedantic. You assert handing Apple power is concerning, yet on iOS where they have even greater power (I.e., the ability to remotely kill an app) they have not used either one. There is no precedent for this Orwellian future you fear.
Please re-read what I wrote. I posited that killing an app's cert is equivalent, in terms of the majority of users, to removing an iOS app from the store. And they have removed apps for all sorts of reasons, so there is significant enough of an *equivalent* precedent here to be concerning. Again: for the majority of users, revoking an app's cert will have roughly the same consequences as removing an app from the store because most users won't ever change from the default option of "signed apps only".

Quote:
Furthermore the App Store is not the only way to get Apps on the iPhone. AdHoc installation, TestFlight, Provisioned devices, enterprise installs.
Come on, these are edge cases. This discussion has been based on the majority of users. Power users can always find ways around limitations.

Quote:
1) Apple couldn't revoke the certificate, only the authorizing agent can. Having the ability to revoke the certificate is critical to maintaining the security of the system.
Apple doesn't need to revoke the cert; they just need to flag it in their database. I don't know how Gatekeeper manages certs, but I assume it keeps a local database of valid certs, and then phones home to Apple every so often to make sure none of them have become invalid. So, in my 3rd party example, they'd only need to flag a cert in their database and it would be just as blackballed as if they had revoked their own cert.
petsounds is offline   -1 Reply With Quote
Old Feb 18, 2012, 07:43 PM   #212
dashiel
macrumors 6502a
 
Join Date: Nov 2003
Quote:
Originally Posted by petsounds View Post
Please re-read what I wrote. I posited that killing an app's cert is equivalent, in terms of the majority of users, to removing an iOS app from the store. And they have removed apps for all sorts of reasons, so there is significant enough of an *equivalent* precedent here to be concerning.
I understand what you’re saying; you are claiming absent the editorial approval on the iOS/Mac App Store, Apple will use a security feature for de-facto editorial control/censorship. But that conclusion requires a leap in logic, i.e. the slippery slope fallacy, as there is no precedent on the iOS App Store for Apple utilizing a security feature to exert editorial control. In fact the opposite is true, consider Apps that have been pulled from the App store for copyright or TOS violations. Apple has the legal right and technical capability to remove those Apps from a users device, but they haven’t.

Beyond the leap in logic though there are far more practical issues. Signed certificates operate on trust, at their most basic level developers trust Apple, users trust Apple, therefore a user can trust any developer Apple trusts. If Apple breaks that trust with the developer community then the whole concept of GateKeeper is ruined. Developers will simply drop the certificate program or the Mac platform altogether. Those developers who choose to stay will have step-by-step instructions on their web site detailing how customers can change their security settings, just like today when an App requires a little more than a simple DMG. The very existence of the MacDefender tojan is evidence users are willing to circumvent security for something they think they want.



Quote:
Apple doesn't need to revoke the cert; they just need to flag it in their database. I don't know how Gatekeeper manages certs, but I assume it keeps a local database of valid certs, and then phones home to Apple every so often to make sure none of them have become invalid. So, in my 3rd party example, they'd only need to flag a cert in their database and it would be just as blackballed as if they had revoked their own cert.
Yes they do, certificate revocation is an essential feature of signed certificates, without it you might as well just have developers submit checksum data and some sort of UNID. Without revocation certificates are susceptible to man-in-the-middle attacks. Without revocation privileges, the trusted third party (Apple) has no power and by definition cannot be trusted.

Beyond eliminating a fundamental requirement of signed certificates, introducing a fourth party adds an additional and unnecessary layer of insecurity. As I detailed above developers trust Apple, users trust Apple so users trust the developers Apple trust. In your scenario that agreement changes, Apple would in essence be saying “Trust me, I trust this CA and they trust the developer.” That’s skeptical just based on degrees of separation. Even more troubling though is it hands a critical amount of power to a fourth party. How can Apple know the CA is going to be in business next year or their servers online to verify certifications? How do they know there aren’t nefarious individuals working there, or their security has been compromised? And before you say those are flights of fancy, look at Comodo, just last year they were seriously compromised and false certificates were issued for google.com and mozilla.com

Take a look at the conclusion a Tor contributor drew from the Comodo attack:

Quote:
The browsers chose a user privacy invasive stance without the user protecting security properties. They did this because they claim that CAs are unable to provide working OCSP/CRL systems for request handling. This is a fair claim if true but it must not stand any longer. If the CA cannot provide even a basic level of revocation, it's clearly irresponsible to ship that CA root in a browser. Browsers should give insecure CA keys an Internet Death Sentence rather than expose the users of the browsers to known problems.
(emphasis mine)
https://blog.torproject.org/blog/det...wser-collusion

Bottom line when dealing with security the fewer people you have to trust the more secure you are.

Last edited by dashiel; Feb 18, 2012 at 07:51 PM.
dashiel is offline   1 Reply With Quote
Old Feb 19, 2012, 06:53 PM   #213
ArmCortexA8
macrumors 6502
 
Join Date: Feb 2010
Location: Terra Australis
Quote:
Originally Posted by tblrsa View Post
I just activated Gatekeeper on Lion for some testing.

By pressing the Option Key before clicking on the App Icon you are indeed able to disable Gatekeeper Protection for this one app. The OS remembers your choice and will start this app without further checking in the future. I´ve used Adium for testing this. Not bad, I think.

In case the signature will be free for devs, I don´t see much of a problem here to be honest. Apple is handling this very open, we are all able to test it on our Lion Machines.
Thanks or that tip so Option then Open the app to prevent future notifications. Would have made more sense to have a "don't apply to this app" or equivalent for future, but this would have made it too easy to disable if implemented down the track.
__________________
Apple iPod Touch 64GB 5th Gen (Retina) / Apple iPhone 5 64GB (3G / LTE) / Apple MacBook Air 13" (2011) Core i7 / 256GB
ArmCortexA8 is offline   0 Reply With Quote
Old Feb 21, 2012, 06:17 AM   #214
milo
macrumors 603
 
Join Date: Sep 2003
Quote:
Originally Posted by petsounds View Post
Please re-read what I wrote. I posited that killing an app's cert is equivalent, in terms of the majority of users, to removing an iOS app from the store.
But it's not.
milo is offline   0 Reply With Quote
Old Feb 22, 2012, 05:53 PM   #215
petsounds
macrumors 6502a
 
Join Date: Jun 2007
Quote:
Originally Posted by dashiel View Post
Beyond the leap in logic though there are far more practical issues. Signed certificates operate on trust, at their most basic level developers trust Apple, users trust Apple, therefore a user can trust any developer Apple trusts. If Apple breaks that trust with the developer community then the whole concept of GateKeeper is ruined.
Did Apple pulling apps on "moral" grounds break trust with the dev community? Probably. Did developers flee to the Android store? No, because Apple is where the money is. And so it shall be. Let's be real -- if Apple decided to revoke an app's cert, there would be a lot of angry blog posts and angry forum postings, and then everyone will continue on like normal.

I trusted Apple when I got my Mac Plus in 1986 and I trusted Apple when I switched back to OS X, but they've pulled enough stunts the past few years that I don't trust them so much anymore. You call it a leap of logic, but it's more of an emotional response.

I guess time will tell if Apple is just trying to improve security, or if they are trying to turn the walled garden into a prison cell.

By the way, interesting article you linked, thanks.
petsounds is offline   0 Reply With Quote
Old Feb 23, 2012, 06:21 PM   #216
dashiel
macrumors 6502a
 
Join Date: Nov 2003
Quote:
Originally Posted by petsounds View Post
I trusted Apple when I got my Mac Plus in 1986 and I trusted Apple when I switched back to OS X, but they've pulled enough stunts the past few years that I don't trust them so much anymore. You call it a leap of logic, but it's more of an emotional response.
That sums it up right there. Emotional responses are beliefs and beliefs, sadly, have greater power than facts.
http://motherjones.com/politics/2011...e-chris-mooney
dashiel is offline   1 Reply With Quote
Old Feb 23, 2012, 07:52 PM   #217
Harriet03
macrumors newbie
 
Join Date: Feb 2012
[IMG]http://www.***************/avatar1.jpg[/IMG]MacRumors sure bears its name today!
Harriet03 is offline   -1 Reply With Quote
Old Feb 23, 2012, 09:13 PM   #218
petsounds
macrumors 6502a
 
Join Date: Jun 2007
Quote:
Originally Posted by dashiel View Post
That sums it up right there. Emotional responses are beliefs and beliefs, sadly, have greater power than facts.
http://motherjones.com/politics/2011...e-chris-mooney
Emotional responses are not beliefs. It's a gut reaction, in this case a reaction based on prior behavioral patterns. Apple has a recent history of making decisions that do not benefit customers who want choice. You're looking at it from a very x + y = z point-of-view, but I see a wider corporate strategy at work which Jobs was responsible for. I sincerely hope this changes back to the "old" Apple under the helm of Cook. I hope that you're right and these three choices will stay there in future versions of OS X. But it will take some time before I *trust* that Apple will again be on the side of the customer.

If you don't agree with my assessment, that's fine, but don't insinuate I'm just being blindly emotional about it.
petsounds is offline   -1 Reply With Quote
Old Feb 24, 2012, 08:56 AM   #219
dashiel
macrumors 6502a
 
Join Date: Nov 2003
Quote:
Originally Posted by petsounds View Post
Emotional responses are not beliefs. It's a gut reaction, in this case a reaction based on prior behavioral patterns. Apple has a recent history of making decisions that do not benefit customers who want choice.
You are correct, I was being inarticulate. Beliefs aren’t by definition emotional responses. A gut reaction is an emotional response; a belief based on a gut reaction is therefore emotional.

Quote:
Originally Posted by petsounds View Post
You're looking at it from a very x + y = z point-of-view,
Yes – logically – whereby an argument’s validity is determined by its logical form. Hence the assertion you are making a leap in logic.

Quote:
Originally Posted by petsounds View Post
If you don't agree with my assessment, that's fine, but don't insinuate I'm just being blindly emotional about it.
I’m not insinuating, I’m stating a belief based on a gut reaction is an emotional one. Your gut reaction to the editorial policy of the iOS/Mac App Store is biasing your judgement on a security feature. You are jumping to the conclusion because Apple pulls Apps from their store for content, they will pull certificates for the same reason. If you can provide an example of Apple using a security feature to exert editorial control I will gladly re-evaluate my position.
dashiel is offline   1 Reply With Quote
Old Feb 25, 2012, 03:14 AM   #220
petsounds
macrumors 6502a
 
Join Date: Jun 2007
Quote:
Originally Posted by dashiel View Post
If you can provide an example of Apple using a security feature to exert editorial control I will gladly re-evaluate my position.
Dude, I don't care whether you re-evaluate your position or not. I was giving my opinion, you gave yours. This isn't an argument or debate. I don't really have anything more to say on the subject. Peace.
petsounds is offline   -1 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Testing app on iPhone without Developer account Ryan Burgess iPhone/iPad Programming 5 May 2, 2013 10:42 PM
Overriding Gatekeeper khlsq Mac Applications and Mac App Store 2 Aug 5, 2012 02:38 PM
gatekeeper...when? fisherking OS X 10.8 Mountain Lion 16 Jul 30, 2012 12:11 PM
Gatekeeper jrock2004 OS X 10.8 Mountain Lion 10 Jul 28, 2012 09:27 PM
Resolved: Gatekeeper not working in 10.8 GM spiderben25 OS X 10.8 Mountain Lion 6 Jul 20, 2012 03:28 PM

Forum Jump

All times are GMT -5. The time now is 10:19 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC