macOS Security Will Never Stop Us From Running Software of Our Choice

There is an emerging notion that as macOS security gets better, it will make the

use of a Mac more burdensome. A WWDC 2019 session affirms that this is false.

Here it is from Session #701, “Advances in macOS Security.”

A promise from WWDC 2019, session 701.

That incorrect notion derives from the suspicion that the user will be confronted with obstacles, limits of use, and onerous messages that would disrupt workflows and make using the Mac less productive and enjoyable in the future.

This is exactly the opposite of Apple’s vision for the future of macOS. As the slide above affirms, in the tradition of the Mac, fully informed users who wish to take responsibility for their choice of software to run will always be able to do so.

What Session #701 reiterates is that Apple’s Security Engineering and Architecture team wants to achieve is better security for those users who aren’t experts and who aren’t familiar with the intricacies of security threats. Those users expect the system to look out for them behind the scenes in intelligent, even proactive ways.

Catalina’s Gatekeeper is smarter, not more burdensome.

Catalina Evolution

A good example is that, in macOS Mojave, Gatekeeper validates apps launched via Launch Services. This check makes sure the app 1) has no malicious content, 2) is (digitally) signed by the developer (and not tampered with), 3) complies with the user policy expressed in the Gatekeeper options, and has been expressly approved for launch by the user.

In macOS Catalina, this protection is extended to ways of loading code not managed by Launch Services. There are few geeky ways that I won’t delve into in this overview.

This planned, elegant escalation of the oversight power of macOS’s Gatekeeper, intended to work behind the scenes, remains transparent to the average user. It allows Apple to size up and react to emerging threats. What it doesn’t do is get in the way of the user’s workflow or constrain the user.

Another enhancement in Catalina is the goal of minimizing user authorization prompts by introducing protections that invoke “User Intent” as opposed to the simpler, more obtrusive “User Consent” actions in Mojave. In other words, the security team is trying to make macOS more proactive instead of reactive by understanding what the user is doing. That’s because too many authorization prompts make macOS feel needy and nagging, and it slows the user down.

These are just a few examples from Session #701 that affirm how Apple is working to make macOS, as it evolves, more secure under the hood without, ultimately obstructing the experienced Mac user from mindfully running software that they deem necessary.

Developer Issues

Of course, what’s often overlooked is that Apple requires developers to play along and update their code in some cases. For example, new apps published after June 1, 2019 must be notarized. Sometimes, developers find that, as macOS security evolves, they must balance their traditional ways of coding with the new security protocols. They sometimes complain about this evolution because, of course, it’s more work.

But we shouldn’t equate this occasional griping with the suspicion of a gradual, wholesale loss of macOS flexibility. Apple works with developers to mitigate the impact of new security policies and thereby retain desired app functionality. I think that ongoing dialog and struggle is what makes some observers believe that macOS will eventually shrivel into a Gordian knot of restrictions and frustration, leaving them no option but to forsake macOS for Linux.

In summary, Apple’s legacy and ongoing plan with macOS is to gradually improve security in smart, effective, transparent ways so that average users can remain confident and unfettered all the while retaining the UNIX underpinnings for power users who have special needs. That’s a laudable, right-headed approach.

Share this post