Gatekeeper: Cancel or Allow?

The new OS X Gatekeeper encourages desktop apps to be registered with Apple, with users warned against installing unsigned software unless they disable the prompts.

The benefits—and the potential pitfalls—are obvious. It's intended as as an anti-malware system (with a whitelist rather than a blacklist), and the registration process will be simple and inexpensive. It'll destroy the nascent market for sleazy Windows-style antivirus subscriptions.

On the other hand, it's under the OS vendor's control, and once established, offers it certain temptations. Will Apple use it to anti-competitively influence the desktop software market? Will OS X end up as closed to unapproved developers as iOS? Will the controls end up co-opted by governments?

Jason Snell wrote a detailed explanation of Gatekeeper and the issues, pointing out how easy it will be to override.

Dustin Curtis, however, cites the following warning message (Briefly present in an early dev build of OS X Mountain Lion) as evidence that Apple's up to no good.

This is a fear mongering dialog. The vast majority of apps people download will not damage their computer, and mere mortals have no idea what "signed by a recognized distributor" means. The word "signed" in relation to security certificates is a very technical term and no one ever calls developers "distributors." Also, saying "You should move it to the Trash" is weirdly strong wording.

Maybe it could say: "The app Adium hasn't been checked by Apple. It can't be trusted. Use the App Store to find trusted apps."

At first blush, this looks like a red flag of Apple's intentions. But it struck me that this sort of messaging is consistent with Apple's claim that Gatekeeper's purpose is only to stop harmful code. It's an appropriate warning given the presumption of malware by whoever wrote it.

(Update: The harshly-worded dialogue has already been removed from developer builds. Let me make doubly clear that this dialogue is evidence that Apple's concern is malware, not bullying devs. Everyone is obsessing over its superficially hostile tone, rather than what it says about the company's thinking regarding Gatekeeper.)

If the message had been as Curtis suggests it should be, however, it would prove that Apple was already thinking about Gatekeeper as an iOS-style imprimatur, rather than as a safety warning. Implicitly addressing critics would be a sign of the devil at such an early stage of development.

At this point, the thing that unnerves me is not the prospect of Gatekeeper as a crude tool to herd OS X developers into a walled garden and crush freedom. It's the fact that code-controlling technologies tend to have unintended consequences that harm, rather than guarantee, the quality of user experiences.

The prospect of Apple becoming a desktop control freak, going full Sony on its own community to stop it using software the way it has for thirty years? Fun, but let's wait until it actually happens.

The truth is that Macs don't currently suffer much from malicious software, and DRM-esque lockouts are always circumvented. So what's the point of a DRM-esque system for malware prevention? A more pleasingly cynical answer is that it's a marketing move, aimed as much at analyst-fed Mac malware hysterics in the tech press as it is at real threats. For everyday users, Gatekeeper's more likely to echo the good old days of Vista's "Cancel or Allow" than to save them from themselves.

Update: Cory points out that DRM-esque mechanisms' real value to technology companies is legal, not technical. Circumventing them is illegal, giving the company control over interoperability, market access and competition.