Gatekeeper - Apple getting ready to phase out 'install apps from anywhere'?

Discussion in 'OS X Yosemite (10.10)' started by Brien, Nov 12, 2014.

  1. Brien macrumors 68030


    Aug 11, 2008
    Noticed that every computer I've updated to 10.10 has reset the setting for Gatekeeper to only allow signed apps. In addition, it looks like in Yosemite this setting reverts to the default after 30 days (so you will have to continually change it back to Anywhere).

    Anyone else see the writing on the wall? Seems like Apple is easing us into signed apps only (especially with all of the kernel, kext, and UNIX security/signing stuff that was added in Yosemite).

    Just my thought of the day.
  2. tywebb13 macrumors 68020

    Apr 21, 2012
    Maybe we'll get eased into jailbreaking macs now too.
  3. KALLT macrumors 601

    Sep 23, 2008
    It wouldn’t surprise me that much. To be honest, I never understood why developers wouldn’t want to get a certificate from Apple. The pricing is obviously a barrier, but not having a certificate can be a deterrent. I think twice before I install any uncertified app now.

    However, I absolutely dislike automatic resets of my preferences. I hope you’re wrong. I don’t want Apple to switch on/off settings I have purposefully turned on/off.
  4. simonsi macrumors 601


    Jan 3, 2014
    Mine stayed at "Mac App Store and Identified Developers" over the upgrade, obviously a fresh install will reset it to default. I haven't been on Yosemite 30days yet so can't comment on the time based reset though.
  5. ABC5S Suspended


    Sep 10, 2013
    Not Mine yet but not yet 30 days...

    Attached Files:

  6. Manic Harmonic macrumors 6502

    Dec 4, 2011
    If it does reset after 30 days, you could at probably lock the plist to keep OS X from writing to it. I really hope they don't do this... for the sole reason that it's my computer and I should be able to install whatever I want. I use quite a few apps that are from "unrecognized developers."

    I agree that there's not much of a reason not to sign your apps.

    What would be really terrible is if they only allowed you to install apps from the App Store.
  7. sjinsjca macrumors 68020


    Oct 30, 2008
    I think this was the default since Gatekeeper first arrived.
  8. dsemf macrumors 6502

    Jul 26, 2014
    I have it set to the middle option. I do have use an application that gets updated once a month, so when I run that, it displays the non-developer error. I just go to System Preferences >> Security and Privacy and click on the Run Anyway button. Authenticate and all done.

  9. KoolAid-Drink macrumors 65816

    Sep 18, 2013
    It'll be a month for me on 11/27, so I'll report then. For those who installed Yosemite on launch day (10/16), please check and confirm by 11/16 or 11/17 to see whether or not the setting has been reset.

    Mine's set to 'Anywhere.'
  10. Alphabetize macrumors 6502


    Oct 6, 2013
    I've had Yosemite for a long time and the Gatekeeper setting has never changed. I set it to "Anywhere" and it's stayed that way since.
  11. KALLT macrumors 601

    Sep 23, 2008
    I would leave OS X behind immediately. The App Store is far too strict at this point. I’ve observed a little exodus away from the App Store lately. Big apps like Coda, previously on the App Store, are no longer there. Apps like 1Password and Scrivener have reported discrepancies and maintain two separate versions just because of the App Store limitations. The Unarchiver, one of the evergreens in the top-ten list, is now broken because of the App Store. I would never allow Apple to impose the App Store upon me.
  12. freeskier93 macrumors 6502

    Jul 13, 2008
    Absolutely not going to happen, it would kill OS X. It would make OS X unusable in some way for virtually every user. Way too many apps that aren't certified and never can/will be certified.
  13. bmac89 macrumors 65816


    Aug 3, 2014
    Are you sure it is actually re-setting the system preference after 30 days. Maybe it occurred when you updated something such as beta 10.10.1 ?

    On a slightly separate note - I don't like the way Apple is locking everything down - especially soldering hardware components such as RAM. There is no reason other than forcing the user to upgrade the whole computer.
  14. simonsi macrumors 601


    Jan 3, 2014
    If the 30-day reset becomes standard I think it is just Apple keeping slightly ahead in the security stakes, its becoming more common generally to open permissions temporarily rather than permanently, this makes any device in consumer-land more secure vs a once-open-then-forgotton model.

    It wouldn't be to onerous, even if you were installing new unsigned apps daily it would be a monthly chore to reset it, if that dissuades the OS X platform from attracting malware writers then that seems reasonable price to pay. I really can't see Apple wanting to completely lock down the installer to only MAS Apps.
  15. leman macrumors G3

    Oct 14, 2008
    I have used Yosemite since DP2 and my settings are still the way I have set them in Mavericks.

    In addition, I have absolutely no problem with signing becoming more mandatory — provided that Apple starts giving certificates for free.
  16. chanwbkenneth macrumors newbie

    Oct 1, 2014
    I think they should just set default as "Mac App Store and identified developer", since a developer will know how to enable installation from elsewhere without disabling the whole thing totally.
  17. Fishrrman macrumors G5


    Feb 20, 2009
    OP wrote above:
    [[ Noticed that every computer I've updated to 10.10 has reset the setting for Gatekeeper to only allow signed apps. In addition, it looks like in Yosemite this setting reverts to the default after 30 days (so you will have to continually change it back to Anywhere). ]]

    Is there a .plist file for Gatekeeper?

    Would it be possible to:
    1. Set Gatekeeper to allow apps from anywhere
    2. Lock the Gatekeeper .plist (or .plists)

    And -- having done so -- Gatekeeper could not "revert back"?
  18. xgman macrumors 601


    Aug 6, 2007
    or something . . . . Apple sure gives the term "control freak" new meaning.
  19. n-evo macrumors 65816


    Aug 9, 2013
    You can always circumvent Gatekeeper bij right clicking an app and selecting open.
  20. SolarShane macrumors 6502

    Mar 7, 2014
    "We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesperson told iMore. "We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website."

    Note the bold parts and how Apple includes OS X "first." That's a very subtle way of telling average customers to only download from the App Store.

    Closing OS X has been a slow process and is what will lose me to Windows and possibly Ubuntu if Elgato ports it's software to Linux.
  21. Badagri macrumors 6502a

    Aug 9, 2012
    That doesn't bypass it.
  22. Partron22 macrumors 68020


    Apr 13, 2011
    If I write an App myself, and try to run it on my own Mac is it potentially malicious? What if I try to port it to my wife's machine over the wi-fi?

    A totally closed garden approach is a nice fantasy for consumers too ignorant to protect themselves, but it'd drive away content creators in droves.
  23. Badagri macrumors 6502a

    Aug 9, 2012
    Todays world. Ignorance rules. :( Big brush everything because of ignorance. Or I should say, big brush everything is because it's easy to deal with due to ignorance.
  24. Weaselboy Moderator


    Staff Member

    Jan 23, 2005

    How do you mean? If you have an app from an unidentified developer, you can just right click and override the Gatekeeper block just like n-evo said.
  25. Badagri macrumors 6502a

    Aug 9, 2012
    It still comes up with the warning but cannot run it unless you select anywhere for first run of that app.

Share This Page