Friday, December 4, 2020

iOS Apps on Mac Require System Integrity Protection

Longhorn:

If you disable SIP on an Apple Silicon Mac, you lose support for the Apple DRM. (FairPlay)

Your iOS apps will not run on the system and some media playback might be affected/become unavailable.

Apple keeps telling us that all the new security features don’t actually restrict what you can do with your Mac because you can turn them off. But here’s a case where you really do lose functionality—rather than just security—because you can’t run software that requires SIP and software that forbids it at the same time.

Previously:

9 Comments RSS · Twitter

If you disable SIP on an Intel Mac, do FairPlay media files play?

I thought .ipas on Apple Silicon Macs had no FairPlay protection?

@vintner Yes, my understanding is that the apps aren’t checked by FairPlay, but I guess the system won’t run them if FairPlay itself is inoperable? Hopefully someone will figure out more about what’s going on here.

This is the future folks. macOS will be subsumed into iOS via this kind of path.

I've been looking at the Thinkpad Carbon X1 to run linux on. Seems like a pretty decent MacBook replacement.

never_released

@Michael Tsai

iOS applications that do not require FairPlay do work. However, the developer can give you those, not iOS App Store distribution, except some rare apps. Catalyst apps and others specifically enrolled to Mac as a platform don't have that issue.

"FairPlay decryption failed on binary" is the error that shows up in Console.

@never_released What I take from this is that every iOS app from the store is encrypted with FairPlay, even if it doesn’t call media APIs, and so SIP needs to be on in order to decrypt it. But macOS does not check that the Apple ID in the DRM matches your Apple ID and does not do receipt validation.

@bob "This is the future folks. macOS will be subsumed into iOS via this kind of path".

Let's hope so. Can't wait until personal computers are as robust, integrated, and trouble-free as iOS devices.

Let's hope so. Can't wait until personal computers are as robust, integrated, and trouble-free as iOS devices.

That's what game consoles are for. Or "app consoles". Not computers.

The entire point of computers is that one can add functionality oneself. That means adding complexity. Complexity is never "trouble-free". The way you make things "trouble-free" is by restricting possible functionality. Then they are not computers anymore.

If you are happy with the level of complexity iOS provides you, use an iPad. Leave those of us who prefer computers alone.

Why wouldn't you just set up one OS with Full Security and another with Reduced? Do you have to have Reduced Security on every OS instance on the system? I assume SIP removal is vital to some security testing; why use the same OS you're running iOS apps on for something like that?
Regarding "macOS will be subsumed into iOS" - may I ask politely, for how many years have people been saying this when confronted with some new OS feature, to have been proven wrong time and again?

@Tim

I remember the tune from the time of Mountain Lion (10.8). But the locking down has been happening slowly but surely: Gatekeeper, SIP, (enhanced) Gatekeeper, quarantine, sealed System partition, ....
The only thing that has prevented them from closing macOS completely is that programmers buy the system too, and Apple needs programmers. If someday somehow they had a way to move programmers out of the OS, they would completely lock the system. And it's already happening. In this article you basically see how a certain sort of developers are forced to use a crippled system to be able to work with less restrictions.

Leave a Comment