Hacker News new | past | comments | ask | show | jobs | submit login

Is there a way to disable the scanning that doesn't involve disabling SIP which prevents you from running iOS apps?

macOS really seems to try to frustrate power-users with these non-optional security features. I even had to make a separate note document with the commands/references to disable the various security features. I don't understand why they choose to frustrate this audience by making it so difficult.




You can run iOS apps with SIP disabled. You just cannot run encrypted apps.


Are most apps not encrypted?


Yes, but you can decrypt them and run them.


Yes.


What non-optional features are you referring to?

I don't recall having to do anything too onerous to run whatever software I've wanted to run on my M1.


Gatekeeper, AMFI, Quarantine, Library Validation and probably more (those are just the ones I have in my list of commands to disable).

I guess "non-optional" is inaccurate but every new macOS update I end up googling why some app can't open and discovering a new mechanism that I need to bypass (or a change to an existing one).


I’ve been using a Mac every day for work for for over a decade, plus my experience at home.

Other that having to affirm I did indeed want to open a piece of unsigned software a few times on first run, which I like, I’ve never had an issue.

What are you running into?


Yeah, hard same. I live and work on a Mac, and I have since just before the switch to OS X in 2001.

You definitely DO have to turn off the "app store only" default, but that's completely trivial (and is a sensible default for less technical users).

I haven't built anything from source in a long time, but I'd expect that works fine, too.


would you mind sharing some of that note you created? more insight and control over this part of the system is needed. I'll hunt for some apple docs, too.


Sure! It's not very well organized (and may be out of date) but here's what I have:

### Commands

- Disable GateKeeper: `sudo spctl --master-disable` - Disable Library Validation: `sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist DisableLibraryValidation -bool true` - Remove app from quarantine: `sudo xattr -rd com.apple.quarantine [path to the app]`

https://stackoverflow.com/questions/64842819/cant-run-app-be...

`sudo chmod -R 755`

`codesign --force --deep --sign - /Applications/$app.app`

The following commands must be executed from recovery mode:

- Disable SIP: `csrutil disable` - Disable Apple Mobile File Integrity: `nvram boot-args="amfi_get_out_of_my_way=1"`

### Articles

https://www.naut.ca/blog/2020/11/13/forbidden-commands-to-li...

https://tinyapps.org/blog/202010210700_whose_computer_is_it....

https://eclecticlight.co/2020/06/25/big-surs-signed-system-v...

https://twitter.com/EBADTWEET/status/1275834759759818752




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: