Apple has imposed on macOS developers to comply with many modern security practices. Here's an idea for the next logical step.
The weight of the particle dispensation from the week comes from our own Andrew Orr.
Apple releases Mac Update to remove Zoom Web Server
The fact that Apple had to (quietly) remove an app component that has been shown to be vulnerable to malicious software is only part of the bigger problem. Name, Zoom used the ambiguity of the app installation process to put a hidden web server in place. I'm sure if users were properly informed about this app's web service and offered a way to manage it – or completely delete Zoom and its support components when they finished their app users, would have done so.
But existence was a secret.
Now, Zoom is a nice app. But when developers exploit an unclear installation process to avoid complete disclosure to the customer, trust has been lost. Abuse of trust, in any human effort, ultimately leads to prohibitions or restrictions.
In this case, it makes sense to think about the possibility that macOS will take control of some GUI apps installed in / Applications or / Users // Applications
There are grounds and precedents for macOS monitoring installations. More security practices have previously been introduced by Apple over the years. MacOS developers have been required to:
A new MacOS installation process
How it works.
MacOS 10.16 gets new functionality. Only macOS can install GUI apps. (More about UNIX apps below.) Developers need to set up a package of components detailing how and where each component goes. Only macOS has the rights to install the files. During the installation, a log window opens, and as each file is installed, the name, location, version and file type are the echo of the log window. A full copy of the log is also stored in a text file in a folder / directory named InstallerLogs
At any time, any user can inspect (but not delete) this log file for any app that has been installed.
As a page, this would not apply to UNIX apps that enter, say / usr. Probably the experienced UNIX user can inspect the .tar file and look at the component files for themselves.
Now this is a very conceptual concept. I have not thought of anything in any way. But the point of all is to eliminate hidden installations of dubious files for macOS so that the user does not get complete information. It will also act as a roadmap for complete deletion of the app and its components if the developer does not provide an uninstall option. (Which would probably be necessary in any case.)
Something that must happen. The days of secretly installed, questionable, MacOS files must come to an end. What do you say?
More news Debris
In the room I have left, I will point to this brilliant MacWorld article by Dan Moren. "Has Apple's simplified Mac set up a hole in it?" Recently, on the TMO Daily Observations podcast, we discussed the same topic. After two years of hard work, beginning with iMac Pro, Apple has been linked to a relatively up-to-date Mac lineup.
There may be several reasons for this. Here are some.
- Outbreaks and defects of technical and creative Pros.
- The need to compensate for falling iPhone revenue.
- Understanding that the ultimate, productive mobility is best left in the hands of iPadOS and not the (now interrupted) MacBook.
In addition, the context and currency of the Mac lineup may have something to do with the falling influence of Jony Ive, it's just a theory, but I'm not the only one thinking about that opportunity.
Dan Moren also makes an exciting argument.
But that doesn't mean there's no room for an ultra-light MacBook in the mix. I have turned on the ARM-based MacBook drum for a while now, hoping that I will eventually be the stopped watch that fits right twice a day. Such a device can theoretically provide much better energy efficiency in a lighter and smaller package than a MacBook Air and may have more acceptable deviations. And if a newer device is in the works, it potentially explains why Apple can choose to cancel the 12-inch MacBook now, instead of just updating it later.
I'm not completely sold, but the best way to have a good idea is to have many ideas. Dan has them all.
Particle Debris is a blend of John Martellaro's observations and opinions on a standout event or article of the week followed by a discussion of articles that did not TMO headlines, the technical news debris. The column is published most every Friday except for the holiday week.