AAPL Stock: 118.3 ( 0 )

Printed from

Apple to require developers to re-sign, update older apps

updated 09:42 pm EDT, Mon August 4, 2014

Essentially requires all apps be recompiled for Mavericks to avoid Gatekeeper trap

A upcoming change in the way the OS X security feature Gatekeeper works is essentially going to force developers to re-build and re-"sign" their applications and submit updates to Apple for programs that need to run in Mavericks or Yosemite. The upcoming change for security purposes only affects those running the forthcoming 10.9.5 or later, but cause cause apps that aren't updated to "break" (not launch) except through bypassing Gatekeeper, which most users will be loathe to do. The change will not force users to update their OS versions.

The Gatekeeper change will, however, cause minor issues for users who will be running Mavericks 10.9.5 and later, as developers who fail to rebuild their apps for Mavericks (and thus update the developer "signing" that verifies the code) could be inundated with complaints from users who find that the apps no longer launch. While there is an easy workaround for the problem -- right-clicking on the app in question to open it bypasses Gatekeeper -- the issue incentivizes most developers to update their apps.

The updated signing will likely be rolled into normal updates for most apps, and any programs currently in active development from registered Apple developers is unlikely to be affected by the problem. Developers who are building their apps on machines that run some version of OS X older than Mavericks, however, are essentially being forced to upgrade their OS, reports 9to5Mac. This again should not be a big issue, as most developers should already be running Mavericks, and nearly any Mac being used for iOS or OS X development is recent enough to quality for the free 10.9 upgrade.

However, third-party developers who are outside Apple's Developer Program -- such as many freeware and web app makers who are not part of Apple's $99 per year developer program -- could find their apps unlaunchable in the manner users are used to once the 10.9.5 upgrade is released, which is likely to happen later this summer. It could be that Apple will offer some workaround or reset deadlines for compliance if the problem appears to be widespread, but as the most likely source of any future malware outbreaks would likely be from unsigned, unregistered apps and developers, Apple is not expected to bend much from its security-conscious stand.

The Gatekeeper feature in OS X 10.7.5 and later is intended as an anti-malware protector, which prevents unsigned or otherwise problematic code from being run until users verify its legitimacy. It has proven to be very effective, but there are legitimate developers who choose not to sign up for Apple's developer program for one reason or another. An example is Joël Barrière, who created and maintains the well-regarded system maintenance program OnyX. As his software is given away for free and also supports much older versions of OS X, Barrière has chosen not to pay for an ADC membership at present.

Gatekeeper can be turned off, if desired, by users -- but this creates a much higher risk for non-virus malware to be accidentally installed and run. By default, Apple turns Gatekeeper on in the security settings of OS X 10.8 and higher, allowing both Mac App Store apps and "identified developer" apps (those who are part of the Apple developer connection but have chosen not to sell some apps exclusively in the Mac App Store)n to run automatically on launch. Unknown third-party apps from developers who are not "known" to Apple -- or, starting in 10.9.5, those who haven't updated the app for Mavericks -- will get flagged by Gatekeeper for not having a valid signature.

Apps that do go through the update process will still be able to run on OS X systems back to 10.6 (Snow Leopard), so users will not face a "forced migration" to later OS versions, but at present Apple estimates that less than half of the Mac user base is running an OS X version older than the current one. The updated Gatekeeper and compliance with it by developers will become more important following the release of the next major OS upgrade, Yosemite (10.10), expected this fall, as Mac users have taken to rapidly adopting new versions of OS X as the price has fallen. Mavericks was released free of charge, and Yosemite will be as well.

by MacNN Staff



  1. sibeale1

    Fresh-Faced Recruit

    Joined: 02-23-06

    Actually, most users will be loath to do it, not loathe to do it.

  1. sullivantom

    Fresh-Faced Recruit

    Joined: 08-05-14

    The problem with Gatekeeper is that it doesn't properly educate users on their options. It becomes a de-facto Walled Garden since, even if you do get your app signed, it still presents a security warning that will scare even intermediately-skilled users.

    Apple is trying to say the Mac isn't walled up like iOS, but their scare tactics with Gatekeeper tell a different tale. This is why I'm so thankful Android is finally coming to the PC with Console OS, and getting its Metal on with Android Extension Pack... it will be a deterrent to Apple, at least.

    Is Apple going to give developers a free code signing period, or make people pay $99 to update apps that don't need to be re-signed except for this mixup? Yeah, right, devs with old apps have to re-up for another year to pay up for Apple's mistakes... wonderful.

  1. Thorzdad


    Joined: 08-16-01

    I can easily see a lot of developers simply opting to not update older versions of their software and force migration on users.
    For instance...I'm a designer and, of course, use Adobe's Creative Suite products. I know a lot of designers who have not moved to Adobe's Creative Cloud products. So, they've stayed with CS5 or CS6 suites, since they both work perfectly fine in Mavericks and are expected to be fine in Yosemite, too. However, I can easily see Adobe opting to not update CS5 and CS6 to work with this change to Gatekeeper, "encouraging" users to buy-in to the CC6 scheme.

  1. Kees

    Junior Member

    Joined: 09-15-01

    regardless of security settings, gatekeeper stills pops up a message the very first time any app is launched. So even if you allow apps form anywhere, the first launch still requires your express confirmation.
    That's enough for me.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented