Security: Gatekeeper & Code Signing

Bearboat Software Logo
Bearboat Software


Inexorable Tightening

Security

The continuing epidemic of malware has caused Apple to try and lockdown the Mac more and more. A utility, Gatekeeper, tries to protect users from installing evil programs. If you ever download software outside of the App store, you are probably familiar with the dialog boxes that come up when you first try and run downloaded software. You are reminded that the software came from the internet, and it asked whether you are sure that you want to launch the program.

The wording in these dialog boxes varies. Under some circumstances, the wording is very alarming.

The tenor of these dialogue boxes and the hoops that you have to jump through to actually get the program to run for the first time primarily depend on the notarization status of the application. Apple has an Apple Developer Program which a developer can sign up for which involves a years fee of $100, the signing of a legal agreement and acquisition of a Developer ID code signing certificate. This ultimately allows the developer to have their applications notarized.

This is a nightmare for me, and I suspect others, who want to distribute free software over the internet. The yearly expense is only part of this. It introduces a good deal of complexity, indeed I do not know all the details of the process, and my eyes glaze over when I try reading about it. For some time, I have simply instructed my users on the techniques to open un-notarized applications. You cannot just simply double-click on the application to start it up that first time. This has usually involved right-clicking on the application and choosing Open from the contextual menu that appears. It feels a little dangerous and illicit, and I am sure that many people are simply scared away. But once you have gone through the process, the application will subsequently open without difficulty.

The situation, however, is getting worse. The more modern the macOS, the more dire the warnings and the more difficult it is to make the right-click solution work. There is some evidence that Apple may, in the future, simply block the work-arounds altogether. Indeed, this may effectively be the case with the new Apple Silicon Macs running Big Sur.

My own plans are to get one of the new Apple Silicon Macs by the end of the year. I will then join the Apple Developer Program, and I hope to be able to understand the entire code signing process sufficiently to move forward. I will also then be running the most recent macOS and can experiment with it. Until then, I recommend my users on Mac to use the right-click technique to open and run the applications for the first time.

I strongly recommend the link below which describes the various steps required to open un-notarized applications and how this has changed over time. If you are having any trouble with opening one of my apps on your Macintosh, this could be helpful.

The Eclectic Light Company.

This website recommends additionally looking at two other sites to try and understand the issue and how it is evolving.

Jeff Johnson’s article is worth reading, as is Michael Tsai’s article

App Translocation

In macOS Sierra, Apple added a strange security feature called App Translocation (sometimes known as Gatekeeper Path Randomization) which means that after downloading an application, if you do not move the resulting application somewhere (anywhere!), with the Finder (you must use the Finder!), the application will be run as if it is located at a randomly chosen path by the system.

This can potentially affect RAAViewer when it is initially run. The user must uncompress the application itself (RAAViewer) and also the support files/folder (RAAData.sqlite and RAA_Images). After being decompressed, these support items live in a folder RAASupportFiles. The user is then asked to use the Finder to move the RAAViewer application into the RAASupportFiles folder along with the two items. There are now three items in that folder. Now you can run RAAViewer for the first time and the support files will automatically end up in their correct location. This specific dance is choreographed to try and avoid running afoul of Translocation problems.