How one security “feature” makes macOS frustrating to use.
Before you ask, GIMP is an image manipulation program. Like Photoshop, but free.
The other day, I wanted to make an animated gif. PicGif is good for simple gifs, but my project was a multi-layered affair with a transparent animated overlay on a static image. PicGif couldn’t do it. However, despite it’s lousy user interface, I remembered that GIMP, a free image manipulation program, was capable of taking layers and make them into a gif. Navigating GIMP’s UI was a bit tricky, but the most frustrating part wasn’t hidden features, a lack of tool tips, or poor labeling. No, it was something Apple did: forbid me from installing the software I just downloaded.
Here’s how to get around this annoyance, and a suggestion for Apple to both improve their security and also improve their user experience.
The Security Problem
Apple doesn’t want you to install software they didn’t approve. This is for security purposes, and it does make some sense. The App Store is carefully curated by Apple, which drastically improves iOS security. Getting malware or scam apps past Apple isn’t easy. However, macOS has always been a secure operating system with an open atmosphere. Anyone could make apps for macOS and distribute them, and, through good security and obscurity, Apple was able to make it one of the most secure PC operating systems on the market. However, more users began choosing Apple computers, and Apple suddenly had to worry more about security. They introduced the Mac App Store, both to control security and profit off of apps made for macOS. It wasn’t much later that they began to introduce unwanted security “features” that made installing software on macOS a bit of a pain.
First, Apple added a simple security option: only allow apps installed from the App Store. It wasn’t the default macOS setting, users could still choose to download and install apps from identified developers from outside of the Mac App Store, as well as unidentified developers. However, something changed. Apple first set the default to only allow apps from the app store. Next, they removed the option to install apps from unidentified developers. Now when you download an app online, if they didn’t get verified as an Apple developer, you can’t install it. Something you just downloaded yourself, installed yourself, and then opened yourself cannot be opened.
How Does This Improve Security?
How does forbidding unidentified developers improve security? To become identified, a developer has to give their personal information to Apple. This means, if they release a malicious app, Apple can quickly remove their verification to disable the app on all Macs, even if the user already installed it. On top of that, it also means Apple can pursue legal action against the malicious app developer. However, this is a problem for small app developers, hobbyists, open source software created by a group of people, and apps that perform actions Apple may not want users to be capable of doing. This can create an extremely frustrating experience for users. You found the perfect app, now you can’t even use it!
The Work Around
System Preferences > Security > Open my damn app, Apple (paraphrasing)
Opening an app after Apple has disabled it isn’t too difficult, but Apple didn’t make it easy. Users have to open System Preferences. Then, navigate to the Security & Privacy screen. After that, they need to tap “Open Anyway” next to the app they tried to download. If you don’t see that button or message, try to re-open the app again, and it should display. Your app will open, and macOS will create an exception for your app, allowing you to open it normally from then on.
How Apple Could Solve It
Look at this little painter, how could this app be evil?
How could Apple solve the problem without reducing security on the platform? Artificial Intelligence. Apple could see that an app was downloaded by a browser, from a website I willingly hunted down. They could see that I opened the DMG file, dragged it to my applications folder, and then opened it the way I typically open applications, through the Applications stack on my dock. They could recognize my actions as typical, see that they were performed by me, with a mouse and keyboard, not a script, and still give me a warning when I go to open it for the first time, asking “This app was downloaded from an unidentified developer fromĀ website. It could harm your computer, are you sure you want to open it?”
That alone would be enough to solve the problem, and would allow machine learning, trained by my own actions, to improve the security of my computer. Apple could even use this for identified developers, to assert that I am installing apps, not someone else. Security shouldn’t make your experience with your computer awful, it should free you to use your computer any way you see fit. Apple isn’t doing a good enough job freeing users to create and enjoy their computers, but they have the tools to fix the problem.