Skip to main content

Mountain Lion isn’t a walled garden (yet), but it has a Gatekeeper

With the consistent iOS-ifying of Mac OS X, and the introduction of Apple’s Mac App Store last year modeling the iOS App Store’s Apple-controlled distribution platform, some have questioned whether OS X will soon resemble the iOS ecosystem. That is, will Apple attempt to mirror the so-called “walled garden” approach of the App Store by requiring users to only run software specifically approved by Apple for use on Macs?

The good news is Apple’s OS X 10.8 Mountain Lion developer preview does not impose that restriction. Instead, Apple introduced “Gatekeeper,” a new system for developers to sign their apps, and a new method within System Preferences for users to better control which apps have access to their Mac. While claiming malware is “hardly an issue on a Mac,” Apple said Gatekeeper would improve security and help users avoid malicious software. By default, the feature only allows apps from the Mac App Store or those singed by identified Apple developers…

Apple’s website that describes Gatekeeper starts with some advice: “The safest place to find apps for your Mac is the Mac App Store.” However, Gatekeeper also allows devs to sign their non-Mac App Store apps with a unique Apple Developer ID. From an end-user’s perspective, Gatekeeper is essentially an evolution of File Quarantine that prompts a user to confirm the first time a file downloaded from the Internet is ran.

For users in Mountain Lion, there are three new options (pictured above) presented in the Security & Privacy pane of System Preferences. Under General, there is now the ability to “Allow applications downloaded from:” with the following three options: “Mac App Store,” “Mac App Store and identified developers,” and “Anywhere.” Even though the “Anywhere” option allows users to download anything just like they could in past versions of OS X, many are quick to point out the removal of the feature in the future would leave OS X incapable of running non-Apple approved third-party apps. Apple does offer an option to easily override Gatekeeper when installing an app by Control-clicking.

MacWorld explained Apple could revoke a developer’s license if its found distributing malware in Mountain Lion, and Gatekeeper will update a blacklist of those developers daily. Gatekeeper will apparently prevent software from developers on the list from running in Mountain Lion:

“if a particular developer is discovered to be distributing malware, Apple has the ability to revoke that developer’s license and add it to a blacklist. Mountain Lion checks once a day to see if there’s been an update to the blacklist. If a developer is on the blacklist, Mountain Lion won’t allow apps signed by that developer to run… what does exist is largely based on legitimate apps that have been modified to include malware and then redistributed on piracy sites. With this new model, any tampering with an app would render it unlaunchable.”

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel


  1. […] file (done by double-clicking on the file itself). Because this app isn’t signed, Gatekeeper will block its installation by default. We’re going to have to control-click (or secondary […]


Avatar for Jordan Kahn Jordan Kahn

Jordan writes about all things Apple as Senior Editor of 9to5Mac, & contributes to 9to5Google, 9to5Toys, & He also co-authors 9to5Mac’s Logic Pros series.