Apple takes plenty of public heat for its so-called walled garden; that curated residence where most Apple customers live. The App Store. You can’t install an iPhone or iPad app that hasn’t been pre-approved by Apple without jumping through a few hoops. The walled garden works. Among mobile devices, Google’s Android OS is the toxic hell stew of malware. Apple’s iPhone and iPad are clean places to live and play. Disneyesque, even.
What about the Mac App Store? It’s mostly the same except that most of the really good and useful apps for Mac users don’t come to us via the Mac App Store. We get them on the open market. Or, if you prefer Apple’s perspective, the black market. Photoshop and Creative Cloud, Microsoft Office, and many other well-known and highly prized Mac apps don’t have a place on the App Store, thanks to Apple’s app restrictions.
Comparatively speaking, buying Mac apps is like living in the wild west.
Microsoft has a similar situation with Windows. It’s the wild west so you never know for sure how a particular app you download and install on a Windows PC will operate. It could work. It could destroy. Microsoft issued a warning to app developers after some malicious malware was found on… insert your own drumroll here… on an updater. That allowed the updater to carry a payload of malware into some high-profile financial and technology companies.
You know about updaters, right? The Mac App Store updates Mac apps automatically, and we have reason to believe that Apple’s own due diligence keeps them secure. But what about third party application updaters? Who checks those for the presence of malware?
Third party Mac app developers can roll their own updater components to check for updates and then download and install updates. Many, many Mac app developers use a software update framework for MacOS applications called Sparkle. There’s no easy way to know how many third party apps on your Mac use Sparkle in the background to check for, download, and install app updates, but there are thousands.
There are a few other ways to check on apps that need to be updated, including MacUpdate’s popular desktop utility (comes with a subscription price tag, though; I’ve used it, like it, but can’t afford it).
Here’s the concern with third party apps and methods to download and install upgrades. Who checks to make sure they’re not compromised or downloading malware? The app developer? The framework developer (like Sparkle)? Apple?
I don’t have much to complain about the App Store for iPhone and iPad. With over 2-million app titles available, it’s unlikely you won’t find an app to do what you want. The Mac App Store is different because many popular applications just aren’t available for sale there. You have to find them on the black market or from verified vendors. The problem is in the updates, and especially those Mac apps which roll their own or use a third party component. It wouldn’t take much effort to get malware installed on many millions of Macs.
It happens on Windows, too.
I hate to say it, and there are notable gaps, but there also are benefits to buying apps on the Mac App Store.