logo

macOS Sequoia brings better Gatekeeper, stalkerware protections

Apple warning

Apple's macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats.

Gatekeeper is a security feature that checks all apps downloaded from the Internet to see if they're developer-signed (approved by Apple) and notarized by checking an extended attribute named com.apple.quarantine that is automatically assigned by web browsers to all downloaded files (similar to the Windows' Mark of the Web' label).

While it asks the user to confirm before launching or issues an alert that the app cannot be trusted, until now, macOS users could bypass these warnings by holding down CTRL-clicking on the file or app they wanted to open and choosing 'Open' from the resulting contextual menu.

"In macOS Sequoia, users will no longer be able to Control-click to override Gatekeeper when opening software that isn't signed correctly or notarized. They'll need to visit System Settings > Privacy & Security to review security information for software before allowing it to run," Apple announced.

"If you distribute software outside of the Mac App Store, we recommend that you submit your software to be notarized. The Apple notary service automatically scans your Developer ID-signed software and performs security checks. When your software is ready for distribution, it's assigned a ticket to let Gatekeeper know it's been notarized so customers can run it with confidence."

After upgrading to macOS 15 Sequoia this fall, users will receive weekly system warnings prompting them to extend some apps' permissions to access and record the screen and audio content from other running apps, as 9to5mac first reported.

macOS Sequoia stalkerware system warning
macOS Sequoia stalkerware system warning (9to5mac)

"[APP] can access this computer's screen and audio. Do you want to continue to allow access? This application may be able to collect information from any open applications on your desktop while the app is running," the users will be prompted.

These warnings will give them the option to continue allowing the apps to run with the same extended permissions or block them from System Settings.

The company has yet to explain why it added these alerts, and many have already complained that they might be very annoying long-term because they appear for all apps that require screen recording, like screenshot tools and screen or audio recording apps.

However, these alerts could also be a huge step forward in warning potential victims of stalkerware that their activities may be monitored.

Sadly, it is not uncommon for abusive people to secretly install stalkerware or spyware on their spouse's or partner's devices, allowing them to track their online activities remotely.

With these additional alerts, people will be notified when an installed software or malware is configured to record their screen or audio, allowing them to take action and remove it.

An Apple spokesperson was not available to provide more information on these warnings when contacted by BleepingComputer earlier today.


Free security scan for your website