Technically you can, but if you do, Apple will lie to everyone who tries to use your app by telling them that it's dangerous and probably contains malware, and will make them jump through a bunch of hoops and try to talk them out of it at every step before they can actually run it.
The message (before first run only) just says the software "can’t be opened because Apple cannot check it for malicious software." and "This software needs to be updated. Contact the developer for more information."
Anyway, it's only hard to run if you have no idea what you're doing... pretty much the same people who should not be running executables randomly downloaded from the internet are the ones blocked by hurdles like this.
Yeah, all Apple users know that "this software needs to be updated" means "the software itself is fine, the developer just needs to pay us money". It's obvious, not misleading or an attempt to create FUD at all.
Why doesn't Apple say what you said? "The software itself might or might not be fine, the developer just needs to pay us money"? Because then their extortion racket would be laid bare to consumers.
Open source and not-for-profit software has been put at a disadvantage here, which I think is very bad for several reasons.
I think you know that downloading an unsigned binary from the internet and executing it on your personal machine is utter stupidity from a security point of view.
However, there is a space of potential solutions to this problem, many of which don't involve giving Apple money.
Somehow Apple chose a solution which would involve developers giving Apple what is for many people and open source projects a significant sum of money.
Then, Apple decided to not directly tell Apple users that the thing standing between them and the software they downloaded is that Apple believes the developer needs to give Apple money.
> Somehow Apple chose a solution which would involve developers giving Apple what is for many people and open source projects a significant sum of money.
Perhaps if the open source community had provided a solution that actually served the needs of end users in this regard, Apple could have adopted it.
> Then, Apple decided to not directly tell Apple users that the thing standing between them and the software they downloaded is that Apple believes the developer needs to give Apple money.
You’ve admitted that they are solving a real problem, therefore this is not an honest representation of what is going on.
I don't like the $99 fee either, but to be fair, Apple will tell you that they can't tell if the app is dangerous. Not that it is dangerous. Specifically, they will tell you that the app Cannot Be Opened Because the Developer Cannot be Verified
You can of course open it the app anyway by disregarding this protection for the specific app in settings.
> Apple will tell you that they can't tell if the app is dangerous. Not that it is dangerous. Specifically, they will tell you that the app Cannot Be Opened Because the Developer Cannot be Verified
Okay, how about this? They're trying their hardest to give everyone the impression that it's dangerous without explicitly saying so.
It makes random apps much less likely to be dangerous.
https://news.ycombinator.com/item?id=36086537 is an analogous case. When the primary provider of free domains names went away, there was a HUGE reduction in phishing websites. Those types would spin up thouands of sites on xyz, vip and similar TLDs faster than the white hats could whackamole them.
A domain going from $0 to $10 vastly curtailed that activity. You don't have to make something impossible, you just have to make it not cost effective to shot gun it.
Having "skin in the game" is a way to keep a community honest. Even darknet markets use bonding for vendors. Not to mention that in the case of Apple registration, it leaves a paper trail. Though I'd agree that the $99 for the privilege seems arbitrary.
I don't mind the pop up except for, I wish they had a way built in where it doesn't do it for like a special list of apps. Apps I am thinking of would be like GIMP or VLC. Well known open source projects that have been around a long time.
Sounds like a racket. MSFT does the same with SmartScreen, regardless whether your executables are benign or not, unless you pay them (or a third party) for a signing cert.
It's 3 clicks if you know how to do it, which they go out of their way to not tell you in the error you get when you try to run it like any other program.
If they told you how to do it, then what would even be the point? The whole idea is to add a stumbling block in the path of malware authors getting users to run a trojan.
Anything the user learns to do by rote without first understanding the security implications provides zero security. Like the Windows Vista elevation prompt — users just learned to hit "Yes" and got infected anyway.
And what would be the point of doing that? You have to have some behavioral outcome you expect.
Do you expect people to react by not running the program? Why? If you find out that they are in fact still running the program just as much with the warning in place, because they aren't reading the warning... then have you actually "warned the user"?
Users don't know that, though. macOS treats the app that they want to use like they're radioactive and don't work, and doesn't give them the explicit option of running what they want anyway. They have to know some magic ritual to open it.
