{"id":36800,"date":"2022-08-18T09:30:13","date_gmt":"2022-08-18T13:30:13","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=36800"},"modified":"2022-11-07T16:27:52","modified_gmt":"2022-11-07T21:27:52","slug":"gatekeeper-changes-in-macos-ventura","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/08\/18\/gatekeeper-changes-in-macos-ventura\/","title":{"rendered":"Gatekeeper Changes in macOS Ventura"},"content":{"rendered":"

Howard Oakley<\/a>:<\/p>\n

\n

In the past, Gatekeeper has primarily been concerned with checking apps and other executable code which have been put in quarantine; once an app has passed those first run checks and its quarantine flag has been cleared, its notarization and signing haven’t been checked again in the same way. Apple has announced that’s changing in Ventura, where Gatekeeper will check that all notarized apps are correctly signed whenever they’re run.<\/em> This will ensure that no unauthorised modifications can be made to them, without these checks imposing noticeable delays in launching.<\/p>\n<\/blockquote>\n\n

Rich Siegel<\/a>:<\/p>\n

Does this mean that if (for example) a user adds or modifies something inside of a notarized application’s package, that macOS will subsequently refuse to launch it and report some helpful error (e.g. “SilverWriter.app appears to have been tampered with”)?<\/p><\/blockquote>\n\n

Rosyna Keller<\/a>:<\/p>\n

\n

You get the “this application has been damaged” alert. Of course, like other gatekeeper features, users can disable it.<\/p>\n<\/blockquote>\n\n

Guilherme Rambo<\/a>:<\/p>\n

Another change is that apps on macOS may no longer update\/modify apps that are not signed by the same development team, unless the other app declares the third-party team ID in its Info.plist<\/tt>. This will lead to some scary dialogs before everyone adapts to this new model.<\/p><\/blockquote>\n\n

See also: What’s new in privacy<\/a>, Phil Stokes<\/a> (Hacker News<\/a>).<\/p>\n\n

Previously:<\/p>\n