Any user who does not like Gatekeeper can turn it off on their machine in ten seconds by running this in a Terminal:
sudo spctl —-master-disable
People will say, no, that’s too big a hammer, it’s not safe… but then, like, what do you actually want? Either you keep Gatekeeper because you like the friction it introduces, or you don’t like that friction and you should go turn it off. Pick one, you obviously can’t have both!
Of course, you as the developer can’t make this choice for your users… but isn’t that as it should be? The user decides what code is allowed to run on their machines. And the default setting is restrictive because anyone who knows what they’re doing can easily change it.
P.S. Meanwhile, on iOS there’s no way to install unsigned software at all, and on Android (starting soon) the process takes 24 hours instead of ten seconds. That is actually ridiculous because it’s taking away user choice.
P.P.S. To be clear, modern macOS has plenty of other restrictions which can’t really be turned off and which I find super annoying. Gatekeeper just isn’t one of them.
Edit: I’ve just learned that as of Sequoia, you have to also tick a box in Settings after running the Terminal command. So maybe it takes 30 seconds instead of ten seconds. That’s mildly more annoying, but still doesn’t really seem like a big deal to me.
Give me the ability to choose what I trust. “You can either trust Apple and nobody else, even yourself, or you can trust literally everybody” is obviously not a good faith implementation of this. Apple excels at steering the narrative with false conflation and false dichotomy, I’d also remind you of the came-and-went secure boot debate, which Apple successfully steered into Apple owns the encryption keys vs no encryption, and people just kind of forgot to ask, wait, why can’t I have the keys to my device?
Rather than just having the options "Done" and "Move to Bin", give me an option to actually run it without having to manually go into System Settings each and every time without disabling security features?
The added friction feels more like a way to force developers to pay Apple an annual fee for distributing rather than for my safety. Not saying it doesn't help with safety, just that it's more weighed to the former.
I also have things I want to change in gatekeeper, but that feature is not one of them. Just gut feeling but I would say 110% of all users, would just click ”start” on every unsigned app if it was that easy.
they could do it like they do it for accessibility settings. you have to opt in for an app and you need to know damn well if it is a reputable app before giving those controls over. there's enough friction in that that it is not done by many apps but not hard enough that it's a huge ask to whitelist the app.
Just make it a semi-hidden multistep option like browsers when you visit a site with a bad cert, just annoying to leave what you are doing go to system settings and fiddle.
>give me an option to actually run it without having to manually go into System Settings
I've run several PiHoles for several years, primarily on latest versions (up to v5; current is v6.4.x) – recently updating to v6 has been extremely frustrating [0], e.g: realizing that even when you tell the pi's/en0 ("internet") interface to use a specific DNS server (in GUI/network settings), it still uses the DNS-server recommended by your local DHCP server [1].
[0] I am aware that this is a joint-issue between RaspbianOS and Pi-Hole teams
[1] which requires TWO sudo nmcli which newbs have no business configuring – what happened to -simple- ?
----
If you ever want to consider how crazy DNS-capture is getting, realize that Firefox/&c are all dark-patterning the abilities to turn off "secure"-DNS. The latest Raspian/Pi-Hole defaults are terrifying... [2]
[2] another example: why doesn't v6 enable HTTPS localhost web-access, by default (like all previous versions?!)? Do the developers really expect us commoners to know how to generate localhost certificates – this is obviously behavior due to how the pihole useraccount behaves differently then the previously-root-blessed v5-behavior
----
Thankfully, I've kept a local copy of my favorite distro of Pihole v5, and it is readily-cloneable.
When I attempted to pass a --version tag during a freshinstall (requesting v5 from remote installer), it went ahead and installed latest v6 (so why even.?!).
With Gatekeeper turned off, you’ll still get a warning on first launch which you can easily click through. (Unless Apple changed something in the last few versions—let me know if that’s the case—but it would be out of character for them to remove a warning...)
The “security feature” you don’t want to disable is precisely the thing you are complaining about, so I don’t understand why you’d keep it around.
> The added friction feels more like a way to force developers to pay Apple an annual fee for distributing rather than for my safety.
I don’t imagine Apple makes a substantial amount of money from $99/year developer subscriptions. The App Store is another story of course.
Posit it saves a decent number of folks who are unable to follow the scammer’s necessary instructions:
“Press command space, no no hold down the command key - gosh it’s in the bottom left - okay, now type “privacy”, now scroll, no you scrolled too far …”
10 seconds or 30 seconds, it's just too much friction to ask end users to do. I actually develop on a Mac, but I've written off Apple as a target system for hobby/open source projects. Between quarantine, code signing, and notarizing (which requires $99 a year), it's just not worth it. Good for Apple users if they like this shit--I'm just not going to bother with distributing to the platform anymore.
macOS is slowly getting like Windows, where, on a fresh install you have to go through and turn off all sorts of unwanted software just to have a sane environment where you, the user, are actually controlling your computer.
Signing on Windows is a pain in the arse and gets more expensive every year. I dread having to renew my certificate. Also they keep reducing the maximum certificate length, so you can't just do it once every 5 years, like you used to be able to.
I can't remember how difficult it was to set up my initial Apple developer account (trauma related memory loss, perhaps) but it is dead simple to renew. Just pay the $99. I did it yesterday. Took about a minute.
Well, you can still run unsigned software (by clicking through to a bit of a hidden option in the popup dialog), and they also even remove that through "reputation" if enough people approve said binary (exact bitwise binary, so every new version released will go through the same issue).
Yes, Windows is terrible, too. The entire desktop software world has lost its collective mind and the platforms are turning themselves into locked down game consoles just so that grandma doesn't accidentally install malware.
They might be trying to appease Google who now won't let you pass a recaptcha on windows because windows isn't locked down enough, and force you to scan a code with your Google phone instead.
> just so that grandma doesn't accidentally install malware
That's the stated reason. The actual reason is that they are salivating at the sight of how much money the app store and play store are making. They just don't want to move too quickly for fear of customers revolting.
> The user decides what code is allowed to run on their machines.
Apparently Apple disagrees, Apple decides. Typical users aren’t going to find their hidden 5 step process to enable non-blessed apps and obviously they know that. Gatekeeper is an appropriate name considering the user themselves are on the outside of the gate. It’s the culimination of everything Stallman and the FSF warned everyone about for decades. By its logic we should install police officers in our living rooms for safety.
This is not the developer choosing what software can run on their computer, this is Apple choosing for you and then you having to go disable protections (with what implications?) to then be able to choose what software you run.
This has more to do with putting up a scary dialog for normies than it does protecting anyone. A non-technical user isn't going to go bypass this in the terminal, they're going to run back to the App Store where Apple can collect that sweet 30% and analytics.
I have been developing software for Macs and PCs as an Indie for 20 years now. I sympathize with the author of the post. You get the feeling that Apple thinks you should be grateful that they allow you to develop apps for their platform.
The author didn't mention Apple's contempt for backward compatibility. Apple like to regularly nuke their entire developer system from orbit. Try running an app developed 10 years ago on the latest version of macOS. It probably won't run.
Microsoft are much better at backward compatibility and they don't force you to join a developer program. But you get totally reamed every time you have to update your authenticode digital certificate for Windows. Just the digital certificate will cost you more than $99 per year. It is a total racket.
This is absolutely correct. Instead of maintaining any sort of ABI and API stability, Apple offloads a constant burden of maintenance updates across thousands of developers, just to keep existing apps from breaking every year with a new iOS version. This takes time which could be spent in more productive ways such as fixing bugs, adding features, or developing new apps. It seems like the wrong trade-off, since stability would offer huge, multiplicative benefits across the whole ecosystem. Apple does seem to want apps to die to mitigate the glut of shovelware in the app store, but there has to be a better way (human curation still seems like the only reliable approach for app surfacing and discovery.)
Most iOS apps are games, but in contrast to developing for other game platforms, iOS developers have to continuously update each game yearly simply to keep it working. (Not to mention Apple was happy to kill off 32-bit games on both iOS and macOS, and many games were never converted to 64-bit.) Compare to other handheld game platforms such as the Nintendo DS/DSi/3DS where games mostly kept working across major and minor hardware revisions along with dozens of firmware revisions from 2004-2020, or the Switch where games have generally worked from across Switch 1 and 2 from 2017 onward.
I shared the author's frustration when figuring out how to ship such binaries to end users so I wrote a guide [0] detailing exactly how to do it. Apple's documentation is surprisingly poor and I couldn't find any blog posts so I ended up reverse engineering what works via trial and error as well as popular OSS projects on GitHub.
Author here, just pushed a quick update to the article.
To be fair, compared to the prices of Certum and other providers if you ever want to sign something for Windows, perhaps Apple isn't uniquely overpriced (they all seem to be that way): https://www.certum.eu/en/code-signing-certificates/
Looking more into the Windows side of things, I also found Azure Artifact Signing which is supposedly affordable at 8.54 EUR per month, but unfortunately they don't actually support individual users in the EU (only in US & Canada, meanwhile EU only gets support for organizations). I'd probably have to set up a SIA (equivalent of Ltd.) here first - it was in the plans for later, but this is a bit of a roadblock for using Azure too: https://azure.microsoft.com/en-us/products/artifact-signing
My tone might have been frustrated, but I will absolutely say that the code signing industry needs to have a Let's Encrypt moment of some description - at least commoditize it like Azure Artifact Signing was trying to do, but also for individual developers, across all platforms! Sadly, that doesn't seem to be possible when the platforms are intentionally walled gardens. I don't hate the idea of code signing, though - if done right, it's a good idea, same as TLS for (many) websites.
To avoid having your application blocked by Windows SmartScreen, you need to pay extra for an extended validation code signing certificate. A normal code signing certificate is not sufficient.
Here's an eight year old Stack Overflow discussion of the issue:
> A guaranteed way to immediately and permanently get rid of the Microsoft SmartScreen warnings is to buy an "Extended Validation" (EV) code signing certificate from one of the Microsoft-approved certificate authorities (CA's), and to sign your app with that EV certificate.
Such an EV certificate will typically cost you somewhere between 300 and 700 USD per year (you better compare prices), and will only be issued to registered businesses. If you're a single developer, you must be a sole proprietor and have an active business license.
I have an OV cert for Windows, which is expensive enough. I just make sure to do a snapshot release using the new certificate to existing customers (through my newsletter and forum) a while before using it for new customers. That way there is time for the scary warnings to go away before any new customers see them.
Digital certificates providers are basically checking your id (mostly automted) and multiplying 2 prime numbers together. Then charging you several hundred dollars. A 1 year Sectigo certificate EV with USB key is $431.99. Nice work if you can get it.
Don't be fair. I finally signed up for an Apple Developer Account and it took weeks and I think it took weeks because I finally decided the system wasn't accepting my Driver's License uploads on my (Apple) phone because the camera's light was hitting the hologram which was reflecting back so I moved my application process to my (Apple) laptop and tried there and that's where I fell into a gully, as best I can tell: I somehow, in spite of using the same document throughout with my literal government-supplied ID on it that doesn't change, wound up in two competing applications. One of them seemed to succeed, the other one seemed to fail. On the plus side, they took my cash. On the downside, they did not give me what I bought and it took a couple weeks of re-uploading my PII, which in no way will ever bite me in the ass, to sort it out. All so I could get some vibe-coded slop I created onto my phone.
So, Linux gets a free pass for requiring chmod +x to run his tool, but needing to run xattr on MacOS is somehow worthy of an entire blog post to complain about it?
Serious question - Is it really true that Windows 11 will run an untrusted .exe without a warning?
The main difference is that on Linux you can do it on gui. It's much easier to explain and convice the user to click "allow executing file as program" checkbox than a xatttr obscure cli command.
By default Windows 11 will not run an untrusted .exe/PE file - it's governed by Microsoft Defender SmartScreen that will present a pop-up scaring people away and it actually isn't intuitive to click-through to run the program unless you've done it before.
But after enough people run it, that disappears. They implement crowdsourced trust, because it isn't a rent extraction exercise but actual concern about malware.
You can configure it in a way that it won't allow you to run it at all, but out of the box, you will receive a message which forces you through three clicks. Enough to scare off people with no deep knowledge.
It's interesting that sanctioned Russian banks still find the ways to push their apps into Apple repository by disguising them as a different app. They get removed several months later, but I assume it is done only because someone complains.
Sometimes I wonder why we don't just treat an installation script like curl https://alx.sh | sh as a universal option for distributing applications. The provenance is there via the HTTPS certificate, and if you're already about to trust an application that can compromise your system, why not trust the installation script as well?
The most important argument is phishing. People aren’t good at recognizing when a web site is legitimate. One reason that app certification is a shitshow is that recognizing bad players while minimizing false negatives and false positives is a difficult problem. Domain names fundamentally don’t solve that problem.
As a user I actually like Gatekeeper. 95% of the time it's not a problem. the other 5% of the time I have to click a button in my settings to allow unsigned code. But at least it gives me pause to think about the source and if I really trust it (which is mostly offloaded to Apple the other 95% of the time).
Free business idea: get an Apple developer account and then agree to sign code for other people in exchange for a small piece of their income. I'm surprised that doesn't exist yet (or does it?).
If that isn't already a violation of the developer account ToS, it would be in short order. The dialog is about keeping normal non-technical users (Apple's primary market) from straying away from the App Store where they can collect 30% and analytics. They're not protecting you, they're herding you.
My favorite is when someone discovers they haven't yet granted Zoom screensharing permission, and that they need to exit the call to re-launch the application with the permission granted.
Author is from Latvia (and so am I). You do actually get carded for energy drinks if you look under 30.
However, more relevant to the post, is that when you're ordering groceries online, you need to verify your age at checkout if you're buying stuff like alcohol (or energy drinks). It's trivial, and for a lot of people it uses the same authentication service that they already use to access their bank.
There's some official documentation for this process: https://support.apple.com/en-gb/guide/mac-help/mh40616/mac (and this works ok for terminal stuff too! Though it looks like the process will always fail to run the very first time, meaning you can't obviously pre-approve its first launch)
I don't get the part about Homebrew. If you're using Homebrew, it doesn't make a ton of sense to use Itch.io. Just use Homebrew. Seems like a more appropriate place to distribute a dev tool anyway. You could set up a patreon and print a link to it when appropriate. That's basically what Vim does.
Okay, but then the argument that Apple is charging them to certify their software and that is excluding hobbyists falls away doesn’t it? Now you’re not a hobbyist.
homebrew voluntarily applies the quarantine flag on casks (ex: apps) so you still need to pay the apple dev tax to distribute your mini app that way, itch.io does not so you don't get the lying scarewall
It has been like this forever and periodically someone complains, but then they just go out and buy another mac and keep producing software for macOS. If you want this to change, stop providing financial support.
Maybe I'm too dumb, but I haven't figured out a good way to sign just a binary (or a tar/zip containing a few binaries). I zipped up the binaries, sent them off to Apple, Apple comes back and says "yup, notarized!", and they still trigger the popup. I'm probably missing a step. I guess I'm not currently stapling the ticket to the binary, but supposedly you don't have to if you are running with a network connection.
I am not entirely against the whole notarization thing.
If it is good for the end-user, it is usually also good for the ecosystem a a whole, trust is valuable.
But ffs, they are rich enough to make this a lot less painful and hostile for developers.
And this is not a new thing, I used to develop games for iOS, from the very beginning, and while the process somewhat simplified over time, it was a huge cortisol inducing process, not to mention the regular forced OS+SDK updates where the procedures changes almost every time and could fail in not-so-evident ways.
Making it take some pain for developers is precisely what makes it valuable. If you could automate signing up for a developer account and didn’t have to put up some cash it would lose all value as a trust signal.
The cash part is not even the worst, even if this is obviously ridiculous for free/open source projects.
The bad UX is really what irks me. Enough that I may entirely opt-out of the Apple ecosystem forever, and I don't think I am the only one feeling that way.
I love when my Mac declares random PDFs malware and deletes them when I try to open them.
On two occasions I've been completely dumbstruck when the software I was using was deleted out from under me. I'm not a fan of the overuse of "gaslight", but it sure felt like that when I had to restart Docker and the OS was like "what do you mean, Docker? You've never had Docker installed! What are you talking about? Are you feeling ok?"
In ten years of using Macs, I have never encountered this behaviour. I've never heard this from anyone else either. Is this new in Tahoe? I haven't upgraded yet, but your link seems to be from before Tahoe was released.
I went through this recently. Got as far as verifying my identity, which Apple happily accepted as verified from my UK driving license. Unfortunately, they then automatically set my first and last name from that identity verification step, and some how managed to use a section of my driving license number as my surname - a string of random uppercase letters and numbers - and it's impossible to edit it. So fuck them, that's $99 they've lost.
Apple's ID verification failed for me and I am now banned for life. There is no opportunity to appeal this or to ever participate in the Developer Program for me. Which sucks because I am now permanently locked out of developing seriously for any of the Apple ecosystem, ever.
Of course, you as the developer can’t make this choice for your users… but isn’t that as it should be? The user decides what code is allowed to run on their machines. And the default setting is restrictive because anyone who knows what they’re doing can easily change it.
P.S. Meanwhile, on iOS there’s no way to install unsigned software at all, and on Android (starting soon) the process takes 24 hours instead of ten seconds. That is actually ridiculous because it’s taking away user choice.
P.P.S. To be clear, modern macOS has plenty of other restrictions which can’t really be turned off and which I find super annoying. Gatekeeper just isn’t one of them.
Edit: I’ve just learned that as of Sequoia, you have to also tick a box in Settings after running the Terminal command. So maybe it takes 30 seconds instead of ten seconds. That’s mildly more annoying, but still doesn’t really seem like a big deal to me.
Give me the ability to choose what I trust. “You can either trust Apple and nobody else, even yourself, or you can trust literally everybody” is obviously not a good faith implementation of this. Apple excels at steering the narrative with false conflation and false dichotomy, I’d also remind you of the came-and-went secure boot debate, which Apple successfully steered into Apple owns the encryption keys vs no encryption, and people just kind of forgot to ask, wait, why can’t I have the keys to my device?
The added friction feels more like a way to force developers to pay Apple an annual fee for distributing rather than for my safety. Not saying it doesn't help with safety, just that it's more weighed to the former.
I am the king of knowing immediately when I have fucked up.
“Undo” has made us far too comfortable with mistakes.
People reflexively hit yes to these things.
I've run several PiHoles for several years, primarily on latest versions (up to v5; current is v6.4.x) – recently updating to v6 has been extremely frustrating [0], e.g: realizing that even when you tell the pi's/en0 ("internet") interface to use a specific DNS server (in GUI/network settings), it still uses the DNS-server recommended by your local DHCP server [1].
[0] I am aware that this is a joint-issue between RaspbianOS and Pi-Hole teams
[1] which requires TWO sudo nmcli which newbs have no business configuring – what happened to -simple- ?
----
If you ever want to consider how crazy DNS-capture is getting, realize that Firefox/&c are all dark-patterning the abilities to turn off "secure"-DNS. The latest Raspian/Pi-Hole defaults are terrifying... [2]
[2] another example: why doesn't v6 enable HTTPS localhost web-access, by default (like all previous versions?!)? Do the developers really expect us commoners to know how to generate localhost certificates – this is obviously behavior due to how the pihole useraccount behaves differently then the previously-root-blessed v5-behavior
----
Thankfully, I've kept a local copy of my favorite distro of Pihole v5, and it is readily-cloneable.
When I attempted to pass a --version tag during a freshinstall (requesting v5 from remote installer), it went ahead and installed latest v6 (so why even.?!).
With Gatekeeper turned off, you’ll still get a warning on first launch which you can easily click through. (Unless Apple changed something in the last few versions—let me know if that’s the case—but it would be out of character for them to remove a warning...)
The “security feature” you don’t want to disable is precisely the thing you are complaining about, so I don’t understand why you’d keep it around.
> The added friction feels more like a way to force developers to pay Apple an annual fee for distributing rather than for my safety.
I don’t imagine Apple makes a substantial amount of money from $99/year developer subscriptions. The App Store is another story of course.
“Press command space, no no hold down the command key - gosh it’s in the bottom left - okay, now type “privacy”, now scroll, no you scrolled too far …”
macOS is slowly getting like Windows, where, on a fresh install you have to go through and turn off all sorts of unwanted software just to have a sane environment where you, the user, are actually controlling your computer.
https://stackoverflow.com/questions/48946680/how-to-avoid-th...
I can't remember how difficult it was to set up my initial Apple developer account (trauma related memory loss, perhaps) but it is dead simple to renew. Just pay the $99. I did it yesterday. Took about a minute.
That's the stated reason. The actual reason is that they are salivating at the sight of how much money the app store and play store are making. They just don't want to move too quickly for fear of customers revolting.
Apparently Apple disagrees, Apple decides. Typical users aren’t going to find their hidden 5 step process to enable non-blessed apps and obviously they know that. Gatekeeper is an appropriate name considering the user themselves are on the outside of the gate. It’s the culimination of everything Stallman and the FSF warned everyone about for decades. By its logic we should install police officers in our living rooms for safety.
This has more to do with putting up a scary dialog for normies than it does protecting anyone. A non-technical user isn't going to go bypass this in the terminal, they're going to run back to the App Store where Apple can collect that sweet 30% and analytics.
The author didn't mention Apple's contempt for backward compatibility. Apple like to regularly nuke their entire developer system from orbit. Try running an app developed 10 years ago on the latest version of macOS. It probably won't run.
Microsoft are much better at backward compatibility and they don't force you to join a developer program. But you get totally reamed every time you have to update your authenticode digital certificate for Windows. Just the digital certificate will cost you more than $99 per year. It is a total racket.
This is absolutely correct. Instead of maintaining any sort of ABI and API stability, Apple offloads a constant burden of maintenance updates across thousands of developers, just to keep existing apps from breaking every year with a new iOS version. This takes time which could be spent in more productive ways such as fixing bugs, adding features, or developing new apps. It seems like the wrong trade-off, since stability would offer huge, multiplicative benefits across the whole ecosystem. Apple does seem to want apps to die to mitigate the glut of shovelware in the app store, but there has to be a better way (human curation still seems like the only reliable approach for app surfacing and discovery.)
Most iOS apps are games, but in contrast to developing for other game platforms, iOS developers have to continuously update each game yearly simply to keep it working. (Not to mention Apple was happy to kill off 32-bit games on both iOS and macOS, and many games were never converted to 64-bit.) Compare to other handheld game platforms such as the Nintendo DS/DSi/3DS where games mostly kept working across major and minor hardware revisions along with dozens of firmware revisions from 2004-2020, or the Switch where games have generally worked from across Switch 1 and 2 from 2017 onward.
[0]: https://ofek.dev/words/guides/2025-05-13-distributing-comman...
https://successfulsoftware.net/2018/11/16/how-to-notarize-yo...
https://successfulsoftware.net/2023/04/28/moving-from-altool...
To be fair, compared to the prices of Certum and other providers if you ever want to sign something for Windows, perhaps Apple isn't uniquely overpriced (they all seem to be that way): https://www.certum.eu/en/code-signing-certificates/
Looking more into the Windows side of things, I also found Azure Artifact Signing which is supposedly affordable at 8.54 EUR per month, but unfortunately they don't actually support individual users in the EU (only in US & Canada, meanwhile EU only gets support for organizations). I'd probably have to set up a SIA (equivalent of Ltd.) here first - it was in the plans for later, but this is a bit of a roadblock for using Azure too: https://azure.microsoft.com/en-us/products/artifact-signing
My tone might have been frustrated, but I will absolutely say that the code signing industry needs to have a Let's Encrypt moment of some description - at least commoditize it like Azure Artifact Signing was trying to do, but also for individual developers, across all platforms! Sadly, that doesn't seem to be possible when the platforms are intentionally walled gardens. I don't hate the idea of code signing, though - if done right, it's a good idea, same as TLS for (many) websites.
Here's an eight year old Stack Overflow discussion of the issue:
> A guaranteed way to immediately and permanently get rid of the Microsoft SmartScreen warnings is to buy an "Extended Validation" (EV) code signing certificate from one of the Microsoft-approved certificate authorities (CA's), and to sign your app with that EV certificate.
Such an EV certificate will typically cost you somewhere between 300 and 700 USD per year (you better compare prices), and will only be issued to registered businesses. If you're a single developer, you must be a sole proprietor and have an active business license.
https://stackoverflow.com/questions/48946680/how-to-avoid-th...
Digital certificates providers are basically checking your id (mostly automted) and multiplying 2 prime numbers together. Then charging you several hundred dollars. A 1 year Sectigo certificate EV with USB key is $431.99. Nice work if you can get it.
I wrote this back in 2008:
https://successfulsoftware.net/2008/02/27/the-great-digital-...
But it has got much worse since then.
I genuinely don't understand why so many developers are willing to compromise so much for a thin laptop.
Serious question - Is it really true that Windows 11 will run an untrusted .exe without a warning?
But also most malware delivery now doesn't trigger it because malware developers have gotten craftier. If you're unscrupulous, it's not a concern.
And yes, you can turn all of that off.
App certification doesn't solve that problem either.
Free business idea: get an Apple developer account and then agree to sign code for other people in exchange for a small piece of their income. I'm surprised that doesn't exist yet (or does it?).
Where do you have to show ID for that??
However, more relevant to the post, is that when you're ordering groceries online, you need to verify your age at checkout if you're buying stuff like alcohol (or energy drinks). It's trivial, and for a lot of people it uses the same authentication service that they already use to access their bank.
https://en.wikipedia.org/wiki/Age_restrictions_on_energy_dri...
Edit: currently a voluntary but widespread scheme by retailers, proposed to be law. TIL
Annoying, but if you’re delivering your app to semi-technical users, not really a problem.
I agree that Apple is dumb of course.
2. The expected income is way less than the developer fee, much less the expensive hardware required.
If it is good for the end-user, it is usually also good for the ecosystem a a whole, trust is valuable.
But ffs, they are rich enough to make this a lot less painful and hostile for developers.
And this is not a new thing, I used to develop games for iOS, from the very beginning, and while the process somewhat simplified over time, it was a huge cortisol inducing process, not to mention the regular forced OS+SDK updates where the procedures changes almost every time and could fail in not-so-evident ways.
The bad UX is really what irks me. Enough that I may entirely opt-out of the Apple ecosystem forever, and I don't think I am the only one feeling that way.
laughs in Bundesdruckerei
On two occasions I've been completely dumbstruck when the software I was using was deleted out from under me. I'm not a fan of the overuse of "gaslight", but it sure felt like that when I had to restart Docker and the OS was like "what do you mean, Docker? You've never had Docker installed! What are you talking about? Are you feeling ok?"
https://news.ycombinator.com/item?id=42649790