With the announcement of OS X Mountain Lion today, Apple dropped a ton of cool iOS features like iMessage, Game Center, AirPlay, Notification Center and more into its desktop offering. Those are very cool, but one that is probably the most interesting to developers making apps for the Mac is something called Gatekeeper.
Apple is billing Gatekeeper as a security feature for users of the Mac. At its core is the ability of users to control which apps are able to be installed onto their computer. Apple describes the controls this way:
For maximum security, you can install and run only apps from the Mac App Store. You can choose to install and run apps from the Mac App Store and apps that have a Developer ID. Or you can install all apps from anywhere, just as you can today. You can even temporarily override your setting by Control-clicking, and install any app at any time.
With Gatekeeper, Apple is defaulting casual Mac users to installing apps that are purchased through the Mac App Store and signed digitally via the Developer ID Program. This is a free certification that allows developers to sell apps right from their websites, but allows Apple the ability to disable or disallow those apps if they become an issue.
Essentially, there are three settings:
- Install only stuff from the Mac App Store
- Install stuff from the MAS and stuff from any site that has been signed by a Developer ID certificate
- Install anything that you want
There are also limitations that make some features of OS X, like iCloud and Notification Center, will only be available to apps installed from the Mac App Store. This will make it harder for developers to offer identical features in version of their apps offered outside the store as well, and offer an incentive for them to comply with the MAS rules.
Gatekeeper holds a lot of implications for developers and the future of software on the Mac, but, at least at first glance, it seems like an interesting middle ground that offers benefits for both developers and users. While Mountain Lion hasn’t been public for that long, we decided we would speak to a few Mac app developers to see what their thoughts on GateKeeper were.
What we found is that, at least initially, their mood is upbeat.
We reached out to Paul Kafasis, the CEO of development house Rogue Amoeba because they make a lot of software that leverages bits of Apple’s OS in ways that are not approved by the new sandboxing restrictions.
He is optimistic, but says that “the devil is truly in the details. Apple’s provided an overview, but we don’t know enough about the [Developer ID Program] to see how it will work out.”
Nik Fletcher is the Product Manager at Realmac Software, who makes lovely apps like Analog and the recently released Clearsaid that the majority of their customers love the Mac App Store. “Gatekeeper looks to be a great technology to help folks use more secure apps,” said Fletcher. “Especially given the default setting is to allow MAS and Identified apps, pushing App Store adoption without completely blocking the ‘sideloading’ of apps.”
Fletcher went on to say that there was a lot of things that they were excited to try but that they were just getting started exploring. He did say that he was “very glad” to see that Apple was going to an annual release with OS X, as it is now called, sans ‘Mac’.
That sentiment was shared by others I spoke to, like Out of the Box developer Oliver Nelson, who said “more substantial than Gatekeeper was the statement that they are planning on an OS release per year. This will allow them to get so far ahead its almost too much to believe.”
A schedule of one OS release per year is certainly more aggressive than the 3-4 year development cycle of Windows and is far faster than the delay experienced in the release of Mac OS X Leopard. This should allow Apple to reach feature parity between iOS and OS X more quickly, and then maintain that, with any applicable features being added to both operating systems almost immediately. It also gives them the ability to adapt to the industry flexibly as well as blazing a path for standards and features, much in the way it did for mobile OSs with iOS.
The central issue to Gatekeeper is whether it will be a benefit to security, as Apple is primarily positioning it, or more of a detriment to developers offering applications outside of the Mac App Store due to problems with Apple’s sandboxing policies. The sandboxing features introduced with OS X Lion ostensibly make apps more secure for users, but limits app access to the system.
Developer Marco Tabini thinks that Gatekeeper could “go both ways.” He believes that if they “emphasize security without hamstringing independent developers, it could be absolutely fantastic.” Tabini said that this would be a great situation for users that are less tech savvy and ones who don’t mind a bit of tweaking to get things the way that they want them. “If done right, this could mean secure computers unless you know what you’re doing. Perfect!”
There is also the problem of supporting applications that take liberties not allowed by sandboxing.
“Provided getting to be an Identified Developer is not onerous,” Kafasis said about Gatekeeper’s new ‘split rules’, “it may well be a good middle ground for developers like Rogue Amoeba who make software which doesn’t fit until Apple’s App Store restrictions, but is still used by tens of thousands of customers.”
Manton Reece, the developer of Tweet Library, is also positive about apps in Mountain Lion. “I think Gatekeeper is great news. To me, it means Apple won’t abandon apps that can’t fit into the Mac App Store.”
He thinks that it gives developers a way to keep doing what they’re doing, without fear of being locked out of people’s Macs due to aggressive sandboxing.”It’s a good compromise. I’d already been thinking about removing my Mac app Clipstart from the MAS if it can’t work with sandboxing, since it assumes it has full access to the hard drive,” he told us. “With Gatekeeper, presumably I wouldn’t have to worry that Apple would eventually cut my app off from regular users.”
Kafasis agrees, telling us that as long as Apple uses a “light touch”, there is little downside to be seen as of yet. “Gatekeeper should provide more security for users, while not hindering developers in any noticeable way.”
That doesn’t, he notes, discout the fact that this new feature indicates that Apple is taking more control over apps installed on Macs more than they ever have, and there are questions that raises. “That’s something worth considering, as a user. Who really owns my machine? With this, I still do, but what about in the future?”
Gatekeeper on iOS?
The interest in Gatekeeper isn’t limited to how it will affect Mac apps either, many developers I spoke to were interested in seeing its capabilities be extended to the iOS platform as a way to allow for apps to be installed directly, outside Apple’s normal App Store framework.
“If Gatekeeper is good enough for the Mac,” says Kafasis, “why not for iOS as well? I’d certainly love to see that, as both a user and a developer.”
That sentiment was shared by many on Twitter who echoed John Gruber’s thoughts, in his excellent writeup of the Mountain Lion reveal, “Call me nuts, but that’s one feature I hope will someday go in the other direction — from OS X to iOS.”
Dear Apple: please give us these Gatekeeper options on iOS. Love, mikeash.
— mikeash (@mikeash) February 16, 2012
If Gatekeeper were to come to iOS, it would effectively eliminate the practice of jailbreaking for some users. Those that wish to modify the system directly would still be out of luck, but those ‘experiemental’ apps that use just a bit too many private APIs for Apple to be comfortable would likely still get a pass.
There much yet to be determined about the way that Gatekeeper works and how beneficial it will be for developers and users. It certainly gives Apple an additional way to control the installation and activity of apps on the Mac. Whether that turns out to be the best thing that has happened to Mac users yet, or the end of an era in software remains to be seen.
But for now, the general opinion is ‘cautiously optimistic’.