Mountain Lion's Gatekeeper

John Gruber writes:

The default for this setting is, I say, exactly right: the one in the middle, disallowing only unsigned apps. This default setting benefits users by increasing practical security, and also benefits developers, preserving the freedom to ship whatever software they want for the Mac, with no approval process.

Call me nuts, but that's one feature I hope will someday go in the other direction — from OS X to iOS.

My thoughts exactly. The iOS defaults make perfect sense for most users: the App Store is open enough that the vast majority of apps can get into it, it is dead simple to use and most users have no business trying to figure out if third party sources are “safe.” But, it would be nice if power users could flip a switch to override that generally wise restriction and install third party signed apps (or maybe even unsigned apps).

In this respect Gatekeeper on the Mac is really ideal. Given the differing expectations for a computer over a cell phone, it defaults to allowing Mac App Store and third party signed applications. I probably wouldn't recommend that as a default on an iOS device, but it makes sense on a full fledged computer. Most users probably should stick to the App Store, but quite a few users will want apps like Adobe Creative Suite or Microsoft Office, that (I suspect) will remain outside the App Store. By allowing third party apps, but requiring them to be signed, Apple avoids loosing (or severely limiting) these all-important packages while ensuring that any third party creating malicious software can still be blacklisted as soon as a threat appears.

Finally, and critically, Gatekeeper's restrictions can be completely overridden if advanced users want to run unsigned code. Giving the choice is good. For the most part, I suspect that users who are advanced enough to not be intimidated by switching off what sounds like (and is) an important security setting will also be knowledgable enough to safely judge what unsigned code is OK to run.