Hacker News new | ask | show | jobs
by cageface 721 days ago
I could sort of see the justification for requiring notarization giving Apple a kill switch to shutdown malware. But if it's just turning into another kind of app review then we can't really say the Mac is still an open platform.
1 comments
idle_zealot 721 days ago
Notarization is not a reasonable implemetation of a malware kill switch. All you'd need for that is an Apple-published list of known-bad app ids that the OS could check itself against periodically. No, notarization is a control mechanism to impede the creation and distribution of any non-Apple-approved apps.
link
rekoil 721 days ago
App IDs don't really work for this purpose if Apple aren't in control of generating them, nothing is stopping a malware vendor from literally never reusing app IDs. Notarization is a reasonable implementation, and it can even require some form of developer identification, it just can't be very deep identification, an e-mail address is enough (along with IP and other metadata gathered during the process). That way they can disable all apps signed by one developer, and can more quickly react to malicious actors, without it becoming a problem for normal users.
link
Someone 721 days ago
> nothing is stopping a malware vendor from literally never reusing app IDs.

Or form using the ID of another vendor.

> and it can even require some form of developer identification, it just can't be very deep identification, an e-mail address is enough (along with IP and other metadata gathered during the process).

I expect the typical malware writer will easily find a way to have a unique “e-mail address (along with IP and other metadata gathered during the process)”.

Because of that, “That way they can disable all apps signed by one developer” will not be possible.

link
rekoil 721 days ago
Yes, but all attempts at circumventing the system will give Apple more information about their behaviour. If 1000 different users are requesting to sign the same (or only slightly differing) IPA within a short period of time, from different IPs and different emails, it's a good indicator that something fishy is going on.
link
cageface 721 days ago
The requirement for a hardened runtime certainly supports this point of view.
link