All that software would been available at the Mac AppStore, IF Apple wouldn’t allow the SideLoad!
I don’t understand why the makeup of the password would affect how often you’d be prompted to enter it. A password is a password is a password.
This doesn’t sound right to me.
@snptrs’s suggestion (below) sounds promising to me. I’m hoping that turning on the iCloud Password and Keychain setting on both my Mac and my iPhone will do the trick. (I probably should never have turned that setting off.) Now, to wait and see if I’m no longer prompted for my new passcode.
Agreed, look at BBEdit - that wasn’t available in the app store for a long time because of the restrictions.
App store is also limited, no upgrade pricing, 30% tax… it would I think do a lot of damage to the mac if they did that.
Not that they would, the outcry would be massive.
3 Likes
Apple had simply no need, to approve such things via the AppStore, because they are allowing SideLoading on the Mac.
The Outcry is the same, now that the SideLoading is used for Attacks!
And Apple is allowing it starting on iOS17 also for the Mobile Devices…
That wasn’t the flow if I remember correctly.
It wasn’t just that they didn’t need to let certain apps in - there were apps that WERE in the App Store, and Apple decided to kick them out as they tightened down their policies. Basically, Apple tightened down security and forced users with a number of pretty-common use cases (general-purpose text editors) to find software outside the App Store.
There are a number of apps that will NEVER be approved for sale through the App Store, at least not with anything even remotely close to Apple’s current policies.
The thing is, downloading THOSE apps isn’t “sideloading” IMHO. Sideloading implies that there’s something “unofficial” about the process, and as far as I can tell Apple still recognizes any Apple Developer Program member as an “official” Apple developer - no matter how they distribute their software.
2 Likes
You could become a “official” Apple developer just by paying the fee (99$) for it. Nothing more, nothing less.
That’s my whole point. Apple officially recognizes developers and software that don’t go through the App Store. It’s not some weird “gray” distribution channel - it’s an officially-recognized, valid way to distribute Mac software. Which, IMHO, makes the term “sideloading” not apply.
4 Likes
Sorry, I did not know, that there is a legal definition of the term “side loading”!?
I only know the technical definition, that it is a download from an other source than the official App Store!
And you could see very nicely with the discussed malware, that recognizing as a developer, and signing of software does not prevent Malware, if the download is not from the official App-Store!
So, this recognition has no value at all for the customer…!
Signing of software minimizes and usually prevents malware IF the dev signs their application. This allows the “Allow applications from App Store and identified developers” setting to do its job. It’s when you charge forward and override that security setting that you usually wind up getting into trouble.
This is why that setting exists - to allow software from identified Apple developers to be installed. A user can lock it down to just the App Store, but Apple’s default - their intent - is for software from identified developers to be trusted as well.
4 Likes
True, but any software that is notarised through the developer programme is checked for malicious software by Apple, so it has a security purpose too, unlike Twitter’s blue tick.
If a signed app is found to be malicious, Apple can revoke the certificate remotely and prevent the app running.
That approach is pretty similar to the App Store, except other compliance rules don’t apply (like being forced to use Apple Pay for digital transactions.)
2 Likes
Agreed, sounds like it’s the change of password rather than the makeup of the password which is the problem.
We have learned from the iPhone thefts that Apple goes to great lengths to make things easy for users that forget their passcode, etc.
Since users are more likely to forget a long/complex password could it be that having them enter it from time to time is an effort to help them remember?
1 Like
I have wondered about that.
I believe that the odds are much higher that users will get used to the system asking them for their password at seemingly-random times (I know they’re not random - but all that matters is that it appears random to the user), and just keying it in without thinking about it.
That means that when they get a nefarious popup impersonating Apple, their defenses aren’t up because they’ve been functionally desensitized.
1 Like
For what it’s worth, I use a very long alphanumeric passcode and don’t experience this.
Agreed. Installing software from a variety of sources is expected and default behaviour for general purpose computers. It’s not sideloading; it’s just installing. =
4 Likes
I’ve had a lot of this in the past, but not recently.
One of my pet peeves is having dialog boxes pop up asking for information without identifying themselves. Of course, the identifying information could be faked, but if it were an app in active use, that would give some reassurance. Maybe Apple could figure out some way to prevent a fake system request. It seems almost arrogant that these requests assume that you know their origin.
I see that others are expressing similar concerns.
2 Likes