top | item 45738157

(no title)

ef2k | 4 months ago

On MacOS it warns you when you're about to open an app you've downloaded and installed yourself. "Foo has been downloaded from the internet, are you sure you want to open it?". It doesn't stop you from installing it. Why should doing so on your phone be any different?

discuss

bpfrh|4 months ago

Depending on your app this is not all.

If i send a golang binary to someone with a mac via signal or other mediums, apple simply displays a dialog that the app is damaged and can't be run.

You need to use chmod to manually remove the quarantine flag to run it.

That for me is something that should be fined ad infinitum, because it is clearly designed to disallow non technical people to run custom apps.

Zak|4 months ago

On the other hand, it used to be very common for malware on Windows to email itself to all your contacts using your real email client. It's probably reasonable for an OS to add a little friction to the process in the modern era, though it probably shouldn't lie and claim the binary is damaged when that's not the problem.

bpye|4 months ago

> If i send a golang binary to someone with a mac via signal or other mediums, apple simply displays a dialog that the app is damaged and can't be run.

Has this changed? I thought it failed to launch, but if you go to Privacy & Security in Settings it would give you the option to allow it to run?

Though yes, macOS doesn't prompt you to do that, you have to know where to find it.

spcebar|4 months ago

I believe they are saying that this update will remove the ability to decide if you want to install it and will require developers to register and pay for their applications to be installable at all. It's been several years since I developed for Mac, but they operated a similar way, secretly marking a file as quarantined and saying "XYZ Is Damaged and Can’t Be Opened. You Should Move It To The Trash" if you didn't pay to play. Maybe this has since changed, or maybe I'm just a dummy. Regardless, whether a platform has any business funneling a user into their walled garden is another philosophical argument altogether.

LoganDark|4 months ago

Quarantine is for any executable downloaded from the Internet. It doesn't prevent it from being opened, it only marks it to be checked for malware.

WorldPeas|4 months ago

I sure hope they still allow `xattr -r -d com.apple.quarantine /Applications/*`

conradev|4 months ago

This is the key and only difference. Scanning is great, and security is great.

but macOS lets you override any system determination, iOS does not, and Google is proposing the iOS flavor.

bloomca|4 months ago

macOS warns you literally about every downloaded app not from MAS (signed!), unless you build it yourself or remove quarantine manually.

I think it is mostly about expectations, macOS trained people that it is relatively safe to install signed apps. If your app is unsigned, Gatekeeper will refuse to run it.

bpye|4 months ago

Do they have to be from the App Store, or "just" notarized?

WorldPeas|4 months ago

it also sometimes says `"Foo" Not Opened` `"Apple could not verify “Foo” is free of malware that may harm your Mac or compromise your privacy."` This is frankly pretty insulting to the intelligence of the user and /does/ stop them. I think the paradigm is flowing towards "less" rather than "more"

greatgib|4 months ago

If you install the binary directly, but obviously it does not ask when you are installing through a store like brew...

CrossVR|4 months ago

> Why should doing so on your phone be any different?

Because it's obscenely profitable for the platform holder to have complete control over app distribution.

Can we stop pretending it's about anything else than that? Just imagine if Microsoft got a 30% commission on every PC software purchase in the world...