On MacOS it warns you when you're about to open an app you've downloaded and installed yourself. "Foo has been downloaded from the internet, are you sure you want to open it?". It doesn't stop you from installing it. Why should doing so on your phone be any different?
Depending on your app this is not all.
If i send a golang binary to someone with a mac via signal or other mediums, apple simply displays a dialog that the app is damaged and can't be run.
You need to use chmod to manually remove the quarantine flag to run it.
That for me is something that should be fined ad infinitum, because it is clearly designed to disallow non technical people to run custom apps.
On the other hand, it used to be very common for malware on Windows to email itself to all your contacts using your real email client. It's probably reasonable for an OS to add a little friction to the process in the modern era, though it probably shouldn't lie and claim the binary is damaged when that's not the problem.
chmod to dequarantine doesn't sound like "a little friction" to me.
On your point about security, this kind of aggressivity from the platform owner tend to backfire.
The user was already convinced to open that mail, download that file, and try to run it. Pushing the process to the terminal just means your clueless users now run the provided incantations in the shell instead, and the attack vector now becomes huge (the initial program doesn't even need to be malware)
I agree having to go to the command line is too much friction. Just clicking `overdue-invoice.doc.pif` is too little. About right is somewhere between a prompt and setting the file executable in the GUI.
I wish it would run in a stricter sandboxed mode and prompt the user on the first network requests and file writes outside of it's directory.
That wouldn't be perfect, but at least the user could be prompted for a concrete action instead of a vague "this script is scary" warning.
> If i send a golang binary to someone with a mac via signal or other mediums, apple simply displays a dialog that the app is damaged and can't be run.
Has this changed? I thought it failed to launch, but if you go to Privacy & Security in Settings it would give you the option to allow it to run?
Though yes, macOS doesn't prompt you to do that, you have to know where to find it.
I believe they are saying that this update will remove the ability to decide if you want to install it and will require developers to register and pay for their applications to be installable at all. It's been several years since I developed for Mac, but they operated a similar way, secretly marking a file as quarantined and saying "XYZ Is Damaged and Can’t Be Opened. You Should Move It To The Trash" if you didn't pay to play. Maybe this has since changed, or maybe I'm just a dummy. Regardless, whether a platform has any business funneling a user into their walled garden is another philosophical argument altogether.
Quarantine is for any executable downloaded from the Internet. It doesn't prevent it from being opened, it only marks it to be checked for malware.
In my experience the quarantine flag gets added if the file is downloaded via browser, chat program, email, or some other way that isn’t curl/wget/other CLI tool. At least for the past 6-8 months this has been my experience. Not that it excuses anything, but for what I have had to deal with it’s been somewhat helpful.
It definitely adds hurdles to running it.
Usually the hurdle is just a pop-up informing you that it's been downloaded from the Internet. Sometimes the malware checks go wrong though and try to prevent you from opening it at all.
I sure hope they still allow `xattr -r -d com.apple.quarantine /Applications/*`
This is the key and only difference. Scanning is great, and security is great.
but macOS lets you override any system determination, iOS does not, and Google is proposing the iOS flavor.
macOS warns you literally about every downloaded app not from MAS (signed!), unless you build it yourself or remove quarantine manually.
I think it is mostly about expectations, macOS trained people that it is relatively safe to install signed apps. If your app is unsigned, Gatekeeper will refuse to run it.
Do they have to be from the App Store, or "just" notarized?
Notarized works just fine.
it also sometimes says `"Foo" Not Opened` `"Apple could not verify “Foo” is free of malware that may harm your Mac or compromise your privacy."` This is frankly pretty insulting to the intelligence of the user and /does/ stop them. I think the paradigm is flowing towards "less" rather than "more"
If you install the binary directly, but obviously it does not ask when you are installing through a store like brew...
> Why should doing so on your phone be any different?
Because it's obscenely profitable for the platform holder to have complete control over app distribution.
Can we stop pretending it's about anything else than that? Just imagine if Microsoft got a 30% commission on every PC software purchase in the world...