Is Apple Building a Larger Walled Garden for Mac Users?

February 29th, 2012

When the Mac App Store arrived last year, some suggested it was only Apple’s first foray to move all Mac app sales under a single umbrella. Independent retail sales would be history, and Mac developers would soon have to get with the program in order to sustain a viable business.

Now from a practical standpoint, having someone else manage downloads and order processing might be a good thing, but it also means a developer has to depend on Apple giving them the green light to have their products posted. That’s where things get dicey. While there are thousands of Mac apps available via Apple’s software repository, a reasonable number of apps stand little or no chance of making it through Apple’s approval process, at least right now. It’s not just whether the apps work and are free of malware, but if they tap unapproved system resources, or have complicated installers that take them beyond the constraints of the Applications folder, Apple will say no.

Consider, for example, an app that can capture audio from your Skype or iChat conversation. This sort of inter-application legerdemain is prohibited, and things will only get worse once Apple institutes sandboxing, which is promised (or threatened) for June 1.

Now sandboxing, already available for iOS apps, basically walls off one app from another. This can help prevent a buggy, corrupted or infected application from wreaking havoc with other software, or the entire OS. From a security standpoint, it’s a good thing, but it also means that apps that need to talk to the OS or other apps are severely limited. For Mac apps, even those that perform backups may be severely constrained once the new conditions take effect.

Sure, Apple does provide hooks, called entitlements, which allow apps to grab onto certain system features or talk to other apps. Developers are evidently talking to Apple about expanding the entitlement repertoire to suit their needs. The current sandboxing deadline has already shifted twice, and it’s very possible things will change by the time the final policies are put into effect.

But there’s no indication yet that Apple will demand that app developers put all their stuff in the Mac App Store. At the same time, Apple has a new program called the Developer ID. According to Apple: “Developer ID is a new way to help prevent users from installing malware on their Mac. Along with Gatekeeper, a new feature in Mountain Lion, signing applications with your Developer ID certificate provides users with the confidence that your application is not known malware and has not been tampered with.”

There’s no extra cost and no specific restrictions on those apps, other than being free of malware, obviously. If a developer’s apps are found to contain malware, the certificate will be revoked, and the offender will lose their developer account. That’s only logical, and it’ll also make it difficult for Mac users to install and run those apps if they select the middle or evidently default Gatekeeper option, which restricts you to running apps with a valid Developer ID, or which came from the Mac App Store. Sure, that security block can be easily defeated with a control-click on the app icon, but most Mac users won’t consider that step under normal circumstances.

Now I suppose it’s easy to consider the Developer ID a scheme to coerce developers into the Mac App Store, but there’s no such requirement. The apps won’t be curated, and they can still be sold independently at a developer’s site, or through an independent reseller. The app can even be sold in a traditional hard copy form, with discs and printed documentation.

Besides, wouldn’t customers want the extra reassurance that an app, with certificate embedded, is therefore safe from a possible malware infection? It wouldn’t stop an Internet criminal from supplying a bogus version of the app with an embedded Trojan Horse of some sort, but Mac users will still be safer in a world where the platform is growing by leaps and bounds. That itself may make Macs more of a target for malware, although outbreaks so far have been relatively few and far between.

But does this mean that developers will ultimately be forced to alter their products to get approval from the Mac App Store? The marketplace may well make that decision, particularly as more and more newer Mac users — a large portion of whom are accustomed to the iOS App Store — will confine their software search to that source and no other. Sure, savvy marketing from developers will allow them to keep going, but the trend will ultimately take them to Apple’s download center.

I realize some of you will disagree with me, but so long as I’m making predictions, here’s one more: Apple still wants the larger developers, such as Adobe and Microsoft, to do business with Mac users. Thus, they they will make the appropriate changes to the store requirements to allow extra classes of software that today aren’t being accepted. Apple already offers a few titles from Adobe and Microsoft. I don’t think Apple’s management is crazy enough to want to prevent Mac users from buying the software they need for work or play. In the end, the Mac App Store will be adjusted to work with most developers without restricting the features customers expect.

| Print This Article Print This Article

2 Responses to “Is Apple Building a Larger Walled Garden for Mac Users?”

  1. dfs says:

    The Store may be a great way to vend software to individual users. It’s also about lousiest way imaginable to vend software in bulk to the Enterprise, to school districts, etc. etc. Apple is never going to cut itself off from these lucrative markets by becoming too married to the Store idea. If it insists on a “large umbrella“ approach to enforce a “walled garden” it is going to have to devise a completely different distribution systen for servicing these markets.

  2. Robert says:

    @dfs, Businesses and the enterprise already have different ways to manage software through the App Store. I had my boss’ boss actually ask about Gatekeeper and whether I thought it would help make Macs (even) more secure. I said yes, which it will because it won’t let unauthorized software run (if you have it set that way). I work for a government contractor and most of our effort is spent messing around trying to keep Windows systems secure (lost cause). Apple has demonstrated a “walled garden” approach that does work for the enterprise where installation of applications is (usually) controlled. Enhancing that can only lead to a more secure enterprise environment and hopefully will demonstrate that Apple is supplying a secure OS along with a secure App Store while Windows and Linux aren’t doing this. This can only help Apple’s further push into the enterprise market.

Leave Your Comment