14

To keep things simple, I'd like to only install apps from the official AppStore. But, I'm frequently finding that the apps that I need are not on the AppStore such as Gradle, Carbon Copy Cloner, and Android Studio. It is what it is, and I install them, but what's the deal?

Can somebody explain to me why some applications are distributed outside of the store and how I as a user can still install them safely?

nohillside
  • 100,768
rppkgai
  • 359
  • 1
  • 2
  • 9
  • 3
    What makes you consider the latter to be unsafe? If you download from a trusted source such as the vendor's website then what's the issue? – MonkeyZeus Sep 25 '20 at 18:19
  • @MonkeyZeus Uninstall scripts are my first concern, then peace of mind and no checksum validation. AppStore (I assume) requires a script that deletes all resources an app installed if I decide later I don't want i. Apps outside the AppStore don't have uninstall scripts. My MySql db doesn't boot after the Catalina migration. I'd like to nuke it, re-install, re-load the dbs, and be on my way. But, I don't know how to obliterate the MySQL install that didn't survive the migration. For now, I'm using a db. on a different machine and will sort-out a new macbook db later. – rppkgai Sep 25 '20 at 23:46
  • 1
    You could ask a new question regarding your MySql problems :-) – nohillside Sep 26 '20 at 05:55
  • 5
    "AppStore (I assume) requires a script that deletes all resources an app installed if I decide later I don't want it." - Your assumption is wrong. The official way to uninstall App Store apps is either via Launchpad or simply via Finder. Neither of these remove any data associated with the application that was placed outside of the application bundle. – Siguza Sep 26 '20 at 17:06
  • If you're on Catalina and above, this is pretty much handled for you. Any .app you open from the GUI is checked for notarization by Gatekeeper (unless you disable SIP which isn't recommended). Unless you override the safety dialog that macOS gives you, this does a brilliant job at ensuring all apps you click on are safe – Downgoat Sep 27 '20 at 07:25
  • In addition to the above, by default macOS enforces code-signing on multiple levels which cryptographically ensures the code is untampered – Downgoat Sep 27 '20 at 07:25

4 Answers4

30

There can be many reasons for app developers to stay away from the App Store. For example:

  • Wanting to avoid paying fees/percentages to Apple
  • App has functionality not possible in the App Store due to its sandboxing requirement or Apple's review guidelines
  • Not wanting to spend time on getting in the App Store (usually for programs that have been on the market long before the App Store was a thing)

Checksums is definitely a very common way of validating downloaded files. Combined with a cryptographically secure certificate of authenticity for the checksum, and you can have a certain degree of trust in that the downloaded file originates from the app developer and is not tampered with by third parties.

jksoegaard
  • 77,783
  • 9
    Note that this only works if you obtain the checksum and the certificate via a different, secure channel. If you download the checksum and the certificate via the same means as the app, and you assume that the app may have been tampered with, then the checksum and certificate may have been tampered with in the same way. In my university, for example, checksums and certificate fingerprints were available from IT staff at the physical IT Helpdesk on campus as printouts. – Jörg W Mittag Sep 25 '20 at 13:58
  • 5
    A fourth common reason is that the app has functionality not permitted by the App Store terms of service. For example, the ToS has strict requirements around applications running code that wasn't submitted to the App Store, and most software development environments violate that. (The only reason Xcode is permitted on the App Store is that Apple is free to ignore its own ToS.) – Mark Sep 25 '20 at 22:28
  • 2
    An additional reason: Apple doesn't allow free software in the App Store. By distributing a program through the App Store, a developer is subjecting their users to legal action from Apple if they violate any of Apple's Usage rules. A developer who wants their users to be able to (for example) share the program with a friend without fear of Apple's legal team would be unable to distribute their program via the App Store. So, for many developers it is an ethical decision, rather than a practical one. – Finn Sep 27 '20 at 14:13
  • 1
    That's definitely not the whole story I think. For "outsiders" I should clarify that by "free" you do not mean free as in "no monetary cost" - that's fully allowed. The circumstances described in the article you linked is someone taking an open-source program distributed under the GPL, and adding that to the App Store. I.e. they're taking a program not developed by themselves and putting it on the App Store. The FSF complained to Apple, and the app was then removed from the App Store. This does not mean that all free software is prohibited from the ... – jksoegaard Sep 28 '20 at 07:55
  • App Store. If you yourself develop an an app and release that as free software, you can definitely also put it on the App Store. So if you're the actual developer of the software, you can create an App Store release while simultaneously distributing the source freely on github for example. But you cannot just go onto github and take any source code and expect to have the right to put that on the App Store. – jksoegaard Sep 28 '20 at 07:56
11

If developers pay Apple $99 a year, they can cryptographically sign their applications, so that the OS will recognise their apps as being from trusted, identified developers.

The Security pane in System Preferences has a setting to allow apps from either the App Store only, or "App Store and identified developers". (There used to be a third option: "Any".)

On first launch, the app will be verified, and any 'modification' by malware should be picked up at this stage. Apple can revoke certificates from existing developers.

It should therefore be 'safe' to allow apps from identified developers to launch, even if not from the App Store.

However, some developers may baulk at having to pay Apple just to write some code. Products that are multi-platform, particularly those that originate on Linux or generic Unix products (e.g. open-source software) may not see any point or benefit from using the App Store, and may even be philosophically opposed to it.

Non-app software is also not eligible for the App Store, e.g. languages like Python, which is just an installed framework, accessed on the command line.

benwiggy
  • 35,635
4

There are some types of apps that are not allowed in the App Store but are still useful or actually needed to get a job done. The accepted answer lists some of the reasons. Sometimes, we app developers need access to certain APIs to provide the intended functionality, but Apple does not allow apps in the App Store which access those. As a specific example, my company provides a VPN client and we need to access low-level APIs to be able to make VPN connections. But access to these APIs is forbidden for apps in the App Store.

Apple has recognized that there are apps which simply cannot be distributed via the App Store, for various reasons, and has provided an alternative to ensure at least some safety for users: Developers can (and now sometimes must) notarize apps. For example, we must notarize when distributing Kernel Extensions or System Extensions. As a user, you actually need to actively disable System Integrity Protection to allow un-notarized apps with Kernel or System Extensions on macOS 10.15 Catalina and 11.0 Big Sur.

What Notarization means is that we developers build an app, then pass it to Apple which scans it and if Apple thinks the app is free of malware, a "ticket" is saved with Apple that macOS can query. (Developers can then "staple" the ticket to the app so macOS doesn't need to query it via the Internet. It's cryptographically signed by Apple so you can't fake it.) The app is not reviewed like for the App Store, it's just an automated malware check and that's basically it.

When you start such a notarized app, you get a dialog that warns you that the app was provided by a third-party developer, but also informs you that Apple has scanned it and deemed it safe for execution:

Image

When you see this dialog (wording may change, but will contain a phrase that Apple has checked it), it's reasonably safe for you as a user to start that third-party notarized app. The notarization ensures the app has not been tampered with (or else the cryptographic sign would break and macOS would refuse to start it). Apple vouches that it checked the app for "malicious content".

This does not guarantee that the app does not contain malicious content (developers can hide stuff from Apple if they really want to). Only that Apple wasn't able to find any. However, the notarization process allows Apple to retro-actively revoke a ticket if the app turned out to be malicious, thus preventing the app from running on your Mac. Apple was somewhat able to do so before with signed apps, but only by revoking the certificate of the developer, thus blocking all apps of said developer. Notarization allows Apple to block on a per-app-and-version level. So Apple is able to specifically block version 1.2.3 of Foo.app but allow version 1.2.4 to run.

DarkDust
  • 3,186
2

Sometimes there just isn’t a specific reason. A lot of software and developers have been around for decades and the AppStore isn’t really something that comes to mind as a high priority.

Generally things are on that store if:

  1. Developers want the UX
  2. Developers need some of the functionality provided by the store

If those conditions don’t come in to play the work required to add it on a store doesn’t make sense if that work could also be used for new features, fixes or just going on vacation for a bit instead.

John Keates
  • 2,700
  • 11
  • 15