App security changes coming in Ventura

Contrary to repeated rumours, macOS Ventura isn’t going to lock down third-party apps to those from the App Store “like iOS”. Indeed, it brings further improvements in notarization, the app security feature supporting direct and alternative software distribution.

Apple’s Notary service

For developers, there are new and improved tools in the next major release of Xcode, which are being phased in over the coming 15 months. Xcode 13, its predecessors, and their older notarization command tool altool continue to be supported until the release of macOS 14 in the autumn/fall of 2023, when they will be replaced by support in Xcode 14 and the newer notarytool command.

In the interim, old and new methods are supported, although Apple is already giving priority to notarizations made using Xcode 14 and notarytool. If you want to continue using an older version of Xcode, you can apparently copy notarytool and stapler from Xcode 14 to use with those. For those who prefer, Apple has now added a REST API to its Notary service, documented in depth here.

Gatekeeper and notarized software

Ventura brings changes to Gatekeeper which will affect both users and developers. In the past, Gatekeeper has primarily been concerned with checking apps and other executable code which have been put in quarantine; once an app has passed those first run checks and its quarantine flag has been cleared, its notarization and signing haven’t been checked again in the same way. Apple has announced that’s changing in Ventura, where Gatekeeper will check that all notarized apps are correctly signed whenever they’re run. This will ensure that no unauthorised modifications can be made to them, without these checks imposing noticeable delays in launching.

In general, this is excellent news as it will block exploits which try to modify code within other apps, even when the malicious code is itself signed, as it has to be to run on Apple silicon Macs.

Where this could affect both developers and users is in self-modifying mechanisms for updating apps, such as the popular Sparkle. Provided the updated executable components are correctly signed by the same developer as the rest of the app, this will continue to work without any problems. Where it could catch users out is with updates signed by a different team or developer altogether, which should be unusual. Developers can then allow others to do this by specifying their team and signing identifiers in the app’s info.plist.

Diving deeper

Gatekeeper is a sub-system within macOS, rather than a single tool. One of its most important components is AMFI, Apple Mobile File Integrity, which is responsible for calling trust evaluations including certificate checks on executable code, as I explained here.

Security researchers have already been looking at how Ventura changes app security in AMFI. @theevilbit has documented what are known as Launch Constraints used by AMFI in Ventura to block system apps from being run from unexpected locations.

He has demonstrated this by copying Ventura’s from inside the signed and sealed System volume (SSV) to his Home folder, which turns out to be quite a challenge, at least in the Finder. While copying any of the apps on Monterey’s SSV is just a matter of holding the Option key while dragging them to a destination, every attempt in Ventura, regardless of modifier keys, results in the creation of an alias to the app, never a copy of the app. However, you can still copy third-party apps without difficulty, so long as you remember to use the Option key.

I expect that we’ll be hearing more about AMFI in the coming months.

And there’s more

Further changes coming in Ventura’s security include new controls over helper apps, launch agents and daemons, Accessory Security, and passkeys. I’ll be covering them in future articles.