Reviews
Most Popular
Most Discussed
© 2016 MNM Media LLC.. Privacy Policy is applicable to you. All rights reserved.
Apple to require developers to re-sign, update older apps
- updated 09:42 pm EDT, Mon August 4, 2014
-
by MacNN Staff
by MacNN Staff
Essentially requires all apps be recompiled for Mavericks to avoid Gatekeeper trap
A upcoming change in the way the OS X security feature Gatekeeper works is essentially going to force developers to re-build and re-"sign" their applications and submit updates to Apple for programs that need to run in Mavericks or Yosemite. The upcoming change for security purposes only affects those running the forthcoming 10.9.5 or later, but cause cause apps that aren't updated to "break" (not launch) except through bypassing Gatekeeper, which most users will be loathe to do. The change will not force users to update their OS versions.
The Gatekeeper change will, however, cause minor issues for users who will be running Mavericks 10.9.5 and later, as developers who fail to rebuild their apps for Mavericks (and thus update the developer "signing" that verifies the code) could be inundated with complaints from users who find that the apps no longer launch. While there is an easy workaround for the problem -- right-clicking on the app in question to open it bypasses Gatekeeper -- the issue incentivizes most developers to update their apps.
The updated signing will likely be rolled into normal updates for most apps, and any programs currently in active development from registered Apple developers is unlikely to be affected by the problem. Developers who are building their apps on machines that run some version of OS X older than Mavericks, however, are essentially being forced to upgrade their OS, reports 9to5Mac. This again should not be a big issue, as most developers should already be running Mavericks, and nearly any Mac being used for iOS or OS X development is recent enough to quality for the free 10.9 upgrade.
However, third-party developers who are outside Apple's Developer Program -- such as many freeware and web app makers who are not part of Apple's $99 per year developer program -- could find their apps unlaunchable in the manner users are used to once the 10.9.5 upgrade is released, which is likely to happen later this summer. It could be that Apple will offer some workaround or reset deadlines for compliance if the problem appears to be widespread, but as the most likely source of any future malware outbreaks would likely be from unsigned, unregistered apps and developers, Apple is not expected to bend much from its security-conscious stand.
The Gatekeeper feature in OS X 10.7.5 and later is intended as an anti-malware protector, which prevents unsigned or otherwise problematic code from being run until users verify its legitimacy. It has proven to be very effective, but there are legitimate developers who choose not to sign up for Apple's developer program for one reason or another. An example is Joël Barrière, who created and maintains the well-regarded system maintenance program OnyX. As his software is given away for free and also supports much older versions of OS X, Barrière has chosen not to pay for an ADC membership at present.
Gatekeeper can be turned off, if desired, by users -- but this creates a much higher risk for non-virus malware to be accidentally installed and run. By default, Apple turns Gatekeeper on in the security settings of OS X 10.8 and higher, allowing both Mac App Store apps and "identified developer" apps (those who are part of the Apple developer connection but have chosen not to sell some apps exclusively in the Mac App Store)n to run automatically on launch. Unknown third-party apps from developers who are not "known" to Apple -- or, starting in 10.9.5, those who haven't updated the app for Mavericks -- will get flagged by Gatekeeper for not having a valid signature.
Apps that do go through the update process will still be able to run on OS X systems back to 10.6 (Snow Leopard), so users will not face a "forced migration" to later OS versions, but at present Apple estimates that less than half of the Mac user base is running an OS X version older than the current one. The updated Gatekeeper and compliance with it by developers will become more important following the release of the next major OS upgrade, Yosemite (10.10), expected this fall, as Mac users have taken to rapidly adopting new versions of OS X as the price has fallen. Mavericks was released free of charge, and Yosemite will be as well.
The Gatekeeper change will, however, cause minor issues for users who will be running Mavericks 10.9.5 and later, as developers who fail to rebuild their apps for Mavericks (and thus update the developer "signing" that verifies the code) could be inundated with complaints from users who find that the apps no longer launch. While there is an easy workaround for the problem -- right-clicking on the app in question to open it bypasses Gatekeeper -- the issue incentivizes most developers to update their apps.
The updated signing will likely be rolled into normal updates for most apps, and any programs currently in active development from registered Apple developers is unlikely to be affected by the problem. Developers who are building their apps on machines that run some version of OS X older than Mavericks, however, are essentially being forced to upgrade their OS, reports 9to5Mac. This again should not be a big issue, as most developers should already be running Mavericks, and nearly any Mac being used for iOS or OS X development is recent enough to quality for the free 10.9 upgrade.
However, third-party developers who are outside Apple's Developer Program -- such as many freeware and web app makers who are not part of Apple's $99 per year developer program -- could find their apps unlaunchable in the manner users are used to once the 10.9.5 upgrade is released, which is likely to happen later this summer. It could be that Apple will offer some workaround or reset deadlines for compliance if the problem appears to be widespread, but as the most likely source of any future malware outbreaks would likely be from unsigned, unregistered apps and developers, Apple is not expected to bend much from its security-conscious stand.
The Gatekeeper feature in OS X 10.7.5 and later is intended as an anti-malware protector, which prevents unsigned or otherwise problematic code from being run until users verify its legitimacy. It has proven to be very effective, but there are legitimate developers who choose not to sign up for Apple's developer program for one reason or another. An example is Joël Barrière, who created and maintains the well-regarded system maintenance program OnyX. As his software is given away for free and also supports much older versions of OS X, Barrière has chosen not to pay for an ADC membership at present.
Gatekeeper can be turned off, if desired, by users -- but this creates a much higher risk for non-virus malware to be accidentally installed and run. By default, Apple turns Gatekeeper on in the security settings of OS X 10.8 and higher, allowing both Mac App Store apps and "identified developer" apps (those who are part of the Apple developer connection but have chosen not to sell some apps exclusively in the Mac App Store)n to run automatically on launch. Unknown third-party apps from developers who are not "known" to Apple -- or, starting in 10.9.5, those who haven't updated the app for Mavericks -- will get flagged by Gatekeeper for not having a valid signature.
Apps that do go through the update process will still be able to run on OS X systems back to 10.6 (Snow Leopard), so users will not face a "forced migration" to later OS versions, but at present Apple estimates that less than half of the Mac user base is running an OS X version older than the current one. The updated Gatekeeper and compliance with it by developers will become more important following the release of the next major OS upgrade, Yosemite (10.10), expected this fall, as Mac users have taken to rapidly adopting new versions of OS X as the price has fallen. Mavericks was released free of charge, and Yosemite will be as well.
TAGS
Now AAPL Stock: 117.55 ( -0.08 )
Cirrus creates Lightning-headphone dev kit
Apple supplier Cirrus Logic has introduced a MFi-compliant new development kit for companies interested in using Cirrus' chips to create Lightning-based headphones, which -- regardless of whether rumors about Apple dropping the analog headphone jack in its iPhone this fall -- can offer advantages to music-loving iOS device users. The kit mentions some of the advantages of an all-digital headset or headphone connector, including higher-bitrate support, a more customizable experience, and support for power and data transfer into headphone hardware. Several companies already make Lightning headphones, and Apple has supported the concept since June 2014. http://bit.ly/29giiZj
Apple Store app offers Procreate Pocket
The Apple Store app for iPhone, which periodically rewards users with free app gifts, is now offering the iPhone "Pocket" version of drawing app Procreate for those who have the free Apple Store app until July 28. Users who have redeemed the offer by navigating to the "Stores" tab of the app and swiping past the "iPhone Upgrade Program" banner to the "Procreate" banner have noted that only the limited Pocket (iPhone) version of the app is available free, even if the Apple Store app is installed and the offer redeemed on an iPad. The Pocket version currently sells for $3 on the iOS App Store. [32.4MB]
Porsche adds CarPlay to 2017 Panamera
Porsche has added a fifth model of vehicle to its CarPlay-supported lineup, announcing that the 2017 Panamera -- which will arrive in the US in January -- will include Apple's infotainment technology, and be seen on a giant 12.3-inch touchscreen as part of an all-new Porsche Communication Management system. The luxury sedan starts at $99,900 for the 4S model, and scales up to the Panamera Turbo, which sells for $146,900. Other vehicles that currently support CarPlay include the 2016 911 and the 2017 models of Macan, 718 Boxster, and 718 Cayman. The company did not mention support for Google's corresponding Android Auto in its announcement. http://bit.ly/295ZQ94
Apple employees testing wheelchair features
New features included in the forthcoming watchOS 3 are being tested by Apple retail store employees, including a new activity-tracking feature that has been designed with wheelchair users in mind. The move is slightly unusual in that, while retail employees have previously been used to test pre-release versions of OS X and iOS, this marks the first time they've been included in the otherwise developer-only watchOS betas. The company is said to have gone to great lengths to modify the activity tracker for wheelchair users, including changing the "time to stand" notification to "time to roll" and including two wheelchair-centric workout apps. http://bit.ly/2955JDa
SanDisk reveals two 256GB microSDXC cards
SanDisk has introduced two 256GB microSDXC cards. Arriving in August for $150, the Ultra microSDXC UHS-I Premium Edition card offers transfer speeds of up to 95MB/s for reading data. The Extreme microSDXC UHS-I card can read at a fast 100MB/s and write at up to 90MB/s, and will be shipping sometime in the fourth quarter for $200. http://bit.ly/294Q1If
Apple's third-quarter results due July 26
Apple has advised it will be issuing its third-quarter results on July 26, with a conference call to answer investor and analyst queries about the earnings set to take place later that day. The stream of the call will go live at 2pm PT (5pm ET) via Apple's investor site, with the results themselves expected to be released roughly 30 minutes before the call commences. Apple's guidance for the quarter put revenue at between $41 billion and $43 billion. http://apple.co/1oi1Pbm
Twitter stickers slowly roll out to users
Twitter has introduced "stickers," allowing users to add extra graphical elements to their photos before uploading them to the micro-blogging service. A library of hundreds of accessories, props, and emoji will be available to use as stickers, which can be resized, rotated, and placed anywhere on the photograph. Images with stickers will also become searchable with viewers able to select a sticker to see how others use the same graphic in their own posts. Twitter advises stickers will be rolling out to users over the next few weeks, and will work on both the mobile apps and through the browser. http://bit.ly/29bbwUE
sibeale1 Fresh-Faced Recruit Joined: Feb 23, 2006
Actually, most users will be loath to do it, not loathe to do it.
sullivantom Fresh-Faced Recruit Joined: Aug 05, 2014
The problem with Gatekeeper is that it doesn't properly educate users on their options. It becomes a de-facto Walled Garden since, even if you do get your app signed, it still presents a security warning that will scare even intermediately-skilled users.
Apple is trying to say the Mac isn't walled up like iOS, but their scare tactics with Gatekeeper tell a different tale. This is why I'm so thankful Android is finally coming to the PC with Console OS, and getting its Metal on with Android Extension Pack... it will be a deterrent to Apple, at least.
Is Apple going to give developers a free code signing period, or make people pay $99 to update apps that don't need to be re-signed except for this mixup? Yeah, right, devs with old apps have to re-up for another year to pay up for Apple's mistakes... wonderful.
Thorzdad Moderator
Joined: Aug 16, 2001
I can easily see a lot of developers simply opting to not update older versions of their software and force migration on users.
For instance...I'm a designer and, of course, use Adobe's Creative Suite products. I know a lot of designers who have not moved to Adobe's Creative Cloud products. So, they've stayed with CS5 or CS6 suites, since they both work perfectly fine in Mavericks and are expected to be fine in Yosemite, too. However, I can easily see Adobe opting to not update CS5 and CS6 to work with this change to Gatekeeper, "encouraging" users to buy-in to the CC6 scheme.
Kees Junior Member Joined: Sep 15, 2001
regardless of security settings, gatekeeper stills pops up a message the very first time any app is launched. So even if you allow apps form anywhere, the first launch still requires your express confirmation.
That's enough for me.