←back to thread

522 points josephcsible | 2 comments | | HN request time: 0.442s | source
Show context
mixologic ◴[] No.45570464[source]
If you want to install software on your Microsoft Windows computer, it has to be signed by a verified developer, otherwise you get an overridable warning that the developer cannot be verified, the software may contain malware etc.

If you want to install software on you MacOS machine, the same thing applies. It must come from a verified developer with an apple account, otherwise you get a warning and must jump through hoops to override. As of macos15.1 this is considerably more difficult to override.

If you want to install iOS apps, the apps have to be signed by a verified developer. Theres no exceptions.

I just dont see a future where being able to create and publish an app anonymously is going to be supported.

Becoming a verified developer is a PITA, and can take a while or be impossible (i.e. getting a DUNS number if you're in a sanctioned country might be not at all possible) but at the same time, eliminating the ability of our devices from running any old code it downloads and runs is a huge safety win.

replies(6): >>45570536 #>>45570538 #>>45570695 #>>45570709 #>>45570822 #>>45570944 #
yjftsjthsd-h ◴[] No.45570536[source]
There is a world of difference between "the OS throws up a bunch of warnings" and "the OS won't let you run unsigned software"
replies(1): >>45571278 #
like_any_other ◴[] No.45571278[source]
But Apple will change those "warnings" into straight-up lies, and fail to mention the user can override them, and hide those overrides in non-discoverable places:

Whenever I try to open an unverified app, this popup comes up saying "[AppName] Not Opened" "Apple could not verify [AppName] is free of malware that may harm your Mac or compromise your privacy." Then there's only two options to either press "Done" or "Move to Trash." - https://old.reddit.com/r/mac/comments/1ekv55h/cant_right_cli...

Your only option is to click on OK button, which won’t open the app. So how do you do it? - http://www.peter-cohen.com/2016/12/how-to-open-a-mac-app-fro...

Apple knowingly falsely claiming unsigned apps are "damaged": https://appletoolbox.com/app-is-damaged-cannot-be-opened-mac...

replies(2): >>45571349 #>>45571725 #
1. SoftTalker ◴[] No.45571725[source]
This also implies that Apple does verify that app store apps are free from malware, when that's not the case. It only verifies that they are from a developer who paid the fee and whose apps pass Apple's automated screens.
replies(1): >>45573565 #
2. CharlesW ◴[] No.45573565[source]
Apple does verify that App Store apps are free from known malware. https://support.apple.com/guide/security/about-app-store-sec...