Skip to main content

macOS Sierra beefs up Gatekeeper protection with two changes, one visible, one not

During Apple’s WWDC 2016 session What’s New in Security, the company shared two interesting changes to the way Gatekeeper works in macOS Sierra – one visible, one not.

The visible one, seen above, is that there’s no longer an immediately obvious way to allow unsigned apps to open. The System Preferences pane now limits you to two options, App Store and App store plus identified developers.

This doesn’t mean that you’re left out in the cold if you really need to open an unsigned app, though. There is still an option to open it anyway – you just can’t allow it universally any more. To open an unsigned app, just right-click the app and select Open.

The second change is invisible to users, but limits the damage that can be done by a rogue app. Although unsigned apps will still appear to be stored in the Applications folder, macOS 10.12 actually stores them in a randomized location on your drive. This prevents repackaging attacks, where one app pretends to be another one, because the rogue app won’t be able to access the resources belonging to the real one.

This is likely in response to the Gatekeeper vulnerability discovered by a security researcher last year and only partially-fixed earlier this year.

And on a related note, apps that are distributed outside of the Mac App Store in Sierra will be able to access iCloud features. That means developers distributing apps outside of the Mac App Store can now include things like iCloud Drive support, keychain, push notifications, MapKit and VPN entitlements.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications