Apple IT Security Feature: Gatekeeper

Apple IT Security Features – Part 1: Gatekeeper

In this 3-part series, we are exploring some of the built-in security features that come standard with today’s Apple computer and mobile device models. These features have a positive impact on an organization’s data security requirements and act as additional layers of protection against threats.

What is Gatekeeper?

Gatekeeper is a Mac Operating System security tool that verifies application authenticity immediately after being downloaded, which prevents apps from being run without the end-user’s consent. Gatekeeper reduces the likelihood of using malicious software or apps on a Mac.

Why is Gatekeeper Needed?

Macs are not limited to apps only available within the App Store, which can be found from other sources all over the Internet. Apple does not verify the authenticity of apps that do not come from Apple’s App Store. Gatekeeper checks if an app is coming from a developer who has been registered with Apple.

How Does Gatekeeper Work?

When a user downloads an app, Gatekeeper checks the code to authenticate it has been ‘code-signed’ by Apple. Code-signed is a process that verifies whether the software/app comes from the developer it claims to and hasn’t been tampered with. If the code has not been code-signed, the app will not open without the user providing direct consent. Once an app is modified outside of the developer, the certificate becomes invalid. Each time an app is compiled, it has to have the certificate reissued.

Does Gatekeeper Always Keep Out Malware?

No, not always, but certainly the vast majority of the time. Gatekeeper may not block apps that are not signed by Apple. Gatekeeper’s setting may ensure that only apps downloaded from the App Store or signed with a Developer ID can run on a Mac. Malware targeted towards Macs does exist.

On February 22, 2019, Filippo Cavallarin, a cybersecurity researcher, informed Apple that he found a vulnerability with Gatekeeper, which allowed malware to slip past the security feature undetected. Apple did not address the issue within 90 days, so Cavallarin publicized this information along with a full description and proof of concept code on May 24, 2019. The problem is that Gatekeeper doesn’t treat all files equally, considering apps from external drives or shared over a network safe.

With macOS Catalina, Gatekeeper checks all apps for known security issues. Apps are now required to gain permission from the user before accessing documents. At Parachute, we educate our clients about the benefit of layers when it comes to IT security. Gatekeeper is one of the many layers to implement across all Apple devices, especially all company-owned Macs, iPads, and iPhones within an Apple Ecosystem. Following best-practices, Gatekeeper should be activated across all company-owned devices as part of an over-arching IT Security and Mobile Device Management (MDM) policy for the business. MDM enables your Apple IT service provider to manage Gatekeeper settings. Most MDMs have a setting to only allow Gatekeeper approved apps that the user wouldn’t be able to bypass. This keeps company data and devices more secure.

If you would like to learn more about how Apple’s IT security features can have a positive impact on your business, give Parachute a call today. We are Apple IT Service specialists with a focus on Apple Ecosystem Administration for companies throughout the San Francisco Bay Area and the Sacramento Valley. Our team is happy to answer your questions and discuss your unique Apple support needs.