For example, we’ll take a look at Starcraft. If you enable the firewall and set it to allow Starcraft to have incoming connections, Mac OS X will append some junk (obviously not junk, but looks like that to me) to the file “Starcraft (Carbon)”. The first time you attempt to connect to Battle.net after installing or updating Starcraft, Mac OS X will prompt you to cancel or allow. Bothersome, given the fact that Starcraft is full-screen usually, but not a problem compared to what happens next. Because Battle.net has already checked your program, you will be allowed to connect and play games. However, the application has already been modified, and subsequent attempts to connect to Battle.net will return an “unidentified application” error. After discovering this I turned off my firewall and stuck to Little Snitch for my filtering needs.

In other words, code signing is not inherently neutral the way it’s implemented Mac OS X; it’s actually inherently negative.

Why do we need porn *apps*? Users can already put as much porn on an iPhone/Touch as RAM will allow, so what’s the big deal? I’m sure there might be a few clever ideas out there for a game or something, in which you undress a model as you score points (or whatever), but is the blocking of such apps really a great loss?

Many iPhone users are teens, so I’m sure that politically, Apple scores points for blocking “porn apps.” But in reality, who needs porn in the form of an “app”?

I do understand that the point, here, is freedom of choice: we should be entitled to install whatever we like on our devices. Of course I get that. I just don’t think the porn example is the best example, in particular — especially since (a) it’s already doable and (b) code signing doesn’t affect current functionality at all.

Carry on… :-)

But I could be wrong and it wouldn’t be that annoying or concerning (the warning is identical sounding when you disable it to be able to use your computer without being asked 5 times if you really want to run that application).

And I too would have issues with needing approval from a 3rd party to run ALL my applications. Let me trust the company that writes it and go from there.

However, if they think they’re going to make this the default that I can’t even run my own program I just wrote without signing up for a developer account and getting a valid Apple issued certificate, I’ll just be dropping the Mac for good(been using it since my IIci). I don’t think it’d ever come to that but I’m just putting that out there.

I was initially excited that I could buy an iPhone and put my own apps on it but now that I have to pay money for that privilege even if I don’t plan on selling any applications, that really stinks. I understand they want to keep the iPhone stable for the majority of users but there should be a way for people do do what they want with the device without resorting to hacking. If it does come down to hacking the iPhone to get my own apps on there without being signed I will do it. The pre release iPhone OS 2.0 already got hacked to run apps without Apple’s signing so I’m hopeful for the future.

I shouldn’t have to be forced to run Windoze Mobile or Google’s phone OS just so I can put my own apps on the phone.

I appreciate that this infrastructure is targeted at giving the user more power over his own device, and if that’s where it stays then I’m quite happy with it. However, the sudden appearance of the iPhone SDK, using code signing to completely lock down the device, makes me pessimistic. Maybe it is fundamentally different, maybe Apple would never dream of doing this on a “real” Mac, but it makes me paranoid.

I find it a little odd that you describe an environment which only runs signed code as “nirvana”, yet at the same time admit that the simple possession of a signature is meaningless. If you accept anything that’s signed, then an attacker can merely re-sign the app after modifying it. You gain no protection from alteration, only some small form of accountability over it.

I’m also somewhat doubtful about how well this will protect from viruses and worms. All the worms will be signed in such an environment, and will appear as legitimate as they always have. A user may have to take some action to approve them, but he intends to take that action anyway since he will have to do it for any new application. It may allow an administrator to save his underlings from themselves, but that case is significantly more rare than a user who owns his own machine.

My understanding of how code signing is implemented is that it won’t detect an application whose security has been compromised by means of a buffer overflow or other such exploit. It may limit the damage which can be done by such an application once it has been compromised, but then we come back to having the exploit code re-sign any applications it modifies. Certainly you’d be able to exploit Safari’s image handling to upload all of the user’s credit card numbers to a server in Uzbekistan without needing to hit any other apps.

If Apple can resist the temptation to turn this into a tool of evil then I think it can be a good thing, although of course it is far from a panacea. But I’m afraid that the iPhone has demonstrated that Apple may not be very temptation-resistant.

One last note: I think you meant to say, “Apple is legally required to make a totally half-assed attempt at keeping you from hacking DVD Player.app”.

As others have mentioned, I think this will oppress users and suppress the innovation of new applications that haven’t been conceived yet.

I think this is extortion. Some developers may be unable or unwilling to pay $99 or 30% to distribute applications. Even if signed, there is no technical reason that an application must be distributed by Apple (others are already deveoping and distributing applications now). They too are a software development company and this gives them an unfair advantage over others… it’s clearly a conflict of interest.

I like the idea of code signing so I can identify the source of an application but not so it can be used against me and force my usage of an application. Consumers should not be forced to delegate the responsibilities of informed consent to a third-party.

I like the idea of a repository for downloading applications but not one that creates a monopoly and restricts my choice to obtain software elsewhere.

This has been a problem since the beginning of time. Applications need to be signed with the manufacturer or phone provider’s certificate in order to get access to integral functionality (camera, phone book, filesystem etc.). Then the phone provider decides to get greedy (*cough*T-Mobile*cough*) and strips manufacturer certs off the phones so that developers need to pay twice to play. Things get greedier and greedier as you go up the chain.

So yeah, this is not new; the whole certificate industry is messed up.

Companies like Adobe, Apple (in this case), Microsoft, Thawte, Verisign etc. have all positioned themselves so that a) they get paid under the false premise of security, and b) they retain the role of gatekeeper. Look at Microsoft: back in the late 90s they owned 5% of VeriSign’s equity. Should it come as a surprise that VeriSign is the only acceptable certificate authority for signing device drivers under Windows?

Code signing for developer identification is a good idea (I like Thawte’s Web of Trust concept), but the idea of needing to pay dozens of profiteering gatekeepers for my iPhone app, J2ME app, Symbian app and SSL-enabled web app is ridiculous. Only problem is, the issue is much bigger than Apple-targeted development.

i also hope that apple recognizes this will be the best course, in the long run, for the iphone. is it more likely that the mac ends up going the direction of the iphone, or the iphone ends up going the direction of the mac. we can only wait and see. what’s clear to me is that the community is the best place, in the long run, to vet apps and give them recognition. there will always be more manpower than one company can afford, and there’s a big advantage in having a wide range of people providing opinions. i hope apple sees it this way as well, and that the iphone ecosystem can evolve in this direction.

@Brian Erdelyi
“I also believe this will enable Apple to further lock down the iPhone and prevent unlocking while forcing us to use particular carriers (a practice which I believe is illegal in some parts of Europe).”
Yes, this is illegal in France (where I live). You cannot force people to buy two products at once, i.e. in our case an iPhone and a monthly GSM plan. You must allow people to buy them separately. For the iPhone it means an unlocked iPhoned at 750€, an iPhone on the Orange network with no plan at 650€, and an iPhone with a two year Orange plan at 399€ (+ the price of the plan).
Normally for the same reason it should be possible to buy a PC with no operating system (Windows…), but the consumers associations are having a hard time trying to enforce this. When I buy a PC I get a license for Windows in a sealed enveloppe. If I refuse the license I should get a refund of the Windows OS (while keeping the PC). But this refund is impossible to get, and actually it is impossible to know the price of Windows on top of the hardware’s price in the first place.