Apple Gatekeeper
| Basic Information | |
|---|---|
| Release Year | 2012 |
| Product Type | Security Technology |
| In Production | Yes |
| Official Website | https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/web |
Gatekeeper is a security technology built into Apple's macOS operating system designed to ensure that only trusted software runs on a user's Mac computer. First introduced in Mac OS X Mountain Lion (10.8) in 2012, Gatekeeper checks applications downloaded from the internet for known malicious content before allowing them to run. While promoted as a security feature to protect users from malware, Gatekeeper has also been criticized for restricting user freedom and reinforcing Apple's control over software distribution.[1]
Consumer impact summary
User Freedom
Gatekeeper restricts users' ability to install and run software of their choice by default, requiring extra steps to run non-Apple-approved applications and creating a closed ecosystem that limits choice.
User Privacy
While positioned as protecting privacy, Gatekeeper requires online verification of apps, which involves sending data to Apple's servers about software usage patterns.
Business Model
The technology reinforces Apple's walled garden approach, directing users to the App Store ecosystem where Apple collects a 15-30% commission on all software sales.
Market Control
By implementing increasingly strict security measures, Apple has gained significant control over which software developers can effectively distribute applications to Mac users, potentially stifling competition and innovation.
Incidents
This is a list of all consumer protection incidents related to this product.
Hidden "Anywhere" option (2016)
In macOS Sierra (10.12), Apple removed the "Allow applications downloaded from: Anywhere" option from the Security & Privacy settings, making it harder for users to disable Gatekeeper restrictions. While technically still possible to disable through Terminal commands, this change represents a deliberate effort to obscure user choice and make it more difficult for average users to exercise control over their own computers.[2]
Mandatory notarization requirement (2019)
In macOS Catalina (released in 2019), Apple made it mandatory for all software distributed outside the Mac App Store to be "notarized" by Apple to run without Gatekeeper warnings. This controversial move required all developers to submit their applications to Apple for review before distribution, effectively extending Apple's gatekeeping role beyond its own App Store to all Mac software.[3] The change gave Apple unprecedented control over third-party software distribution on macOS, forcing developers to comply with Apple's terms or risk their software being blocked by default.
Achilles vulnerability (2022)
In December 2022, Microsoft researchers revealed a vulnerability in macOS, dubbed "Achilles" (CVE-2022-42821), that allowed attackers to bypass Gatekeeper security features. This vulnerability exposed the limitations of Apple's security model and raised questions about the effectiveness of its restrictive approach.[4] Despite Apple's emphasis on security as the justification for its restrictive Gatekeeper policies, the discovery highlighted that these restrictions hadn't necessarily resulted in an impenetrable system.
Developer signing requirement barriers (ongoing)
Since Gatekeeper's introduction, Apple has required developers to pay for an annual Apple Developer subscription ($99/year) to obtain a Developer ID certificate necessary for distributing software outside the App Store that doesn't trigger Gatekeeper warnings. This creates a financial barrier for independent and open-source developers who may not be able to afford or justify this recurring expense.[5] The requirement effectively monetizes the right for developers to distribute software without their users experiencing security warnings.
Blocked legacy software (ongoing)
With each major macOS update, Apple has increased Gatekeeper restrictions, often rendering older software unusable without complex workarounds. Many users have found themselves unable to use legitimately purchased software after OS updates, as Gatekeeper blocks unsigned or un-notarized applications. This has forced users to either avoid system updates (potentially exposing themselves to security vulnerabilities) or repurchase software, effectively devaluing their previous purchases.[6]
Internet connection requirement controversy (ongoing)
- Main article: macOS Online Verification Requirements
Gatekeeper's notarization verification process requires an internet connection, which has caused issues for users in environments without reliable internet access or those who prefer to work offline for privacy reasons. This requirement has been criticized as an unnecessary limitation that treats users' computers as terminals requiring constant verification rather than personal property under the user's control.
See also
References
- ↑ Apple Support. "Gatekeeper and runtime protection in macOS." https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/web
- ↑ Wikipedia. "Gatekeeper (macOS)." https://en.wikipedia.org/wiki/Gatekeeper_(macOS)
- ↑ SentinelOne. "What is macOS Notarization? Security Hardening or Security Theater?" September 11, 2019. https://www.sentinelone.com/blog/maco-notarization-security-hardening-or-security-theater/
- ↑ Microsoft Security Blog. "Gatekeeper's Achilles heel: Unearthing a macOS vulnerability." December 19, 2022. https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/
- ↑ Apple Developer. "App notarized but Gatekeeper still shows warning." https://forums.developer.apple.com/forums/thread/120016
- ↑ Molleindustria. "Gatekeeper and the rise of the Total Apple Consumer." https://www.molleindustria.org/blog/gatekeeper-and-the-rise-of-the-total-apple-consumer/