If this precluded the ability to eg install a program via curl or brew, or even just a .dmg you download from your browser, you bet there is gonna be hell to pay.

> It's already pretty much the default for phones, and tablets.

It's unfortunate they made it that far with smartphones, but there is much less precendent for thinking of a phone as a "general purpose computer" in comparison to a laptop/desktop.

I'm sure the complaints will be loud, especially on this site. Will it be a large enough fraction of users to make apple care? Not so sure.

Increasing security/limitations now means that you can't install things in your /home any more (at least without root). I used to be able to install opensc for using a badge with ssh. Now I have to install cask ... which requires root/admin privs. Similarly if I say brew install iterm2, when I run it it just says "iTerm.app can't be opened because Apple cannot check it for malicious software"

Certainly seems like the screws are tightening.

In the case of Apple in particular, I think the bigger cry will be from tech companies shipping paid apps who see this as a first step towards expanding Apple's 30% cut in the app store to all native applications.

This would all be fine if there was a toggle to turn it off somewhere.

You might get lucky at first, while they're still slowly turning up the heat on the proverbial frog's bath. However, the way UI/UX design is moving, options of any sort are being eroded away. Just so things can be "easy".

Take media sharing / device discovery for example. It has gotten to the point that just about any consumer product either has to communicate with some external server to find devices in your home, or use one of the multitude of zeroconf / airplay / mDNS / etc type protocols. It's gotten to the point that you can't even build a home network with more than one subnet in it. If I want my (most like fully of security holes) IP cameras to not exist on the same VLAN as my servers, well, good luck getting to two to talk to each other. Same for printers, media players, speakers, TVs, receivers, etc. If it isn't on the same subnet, it might as well not exist. Could this be easily solved with an option of typing an IP address into a config page? Yes. Does any product offer this? None that I've seen.

Sorry for the ranty example; I've been fighting that issue recently.

That's a critical difference between MacOS and iOS. The former has a gatekeeper that prevents you from running software from unapproved sources; it can be turned off. The iOS gatekeeper can only be disabled by subterfuge (including paying Apple for a developer account).

> If this precluded the ability to eg install a program via curl or brew, or even just a .dmg you download from your browser

I expect that governments will offer a "compromise" which is that you can run these "unapproved" apps, but they must be signed by a developer key which is tied to a domain name, and that domain name must be checked (by the OS) against a blacklist of banned applications/developers/websites.

That should be enough to block any encrypted messaging apps without backdoors, or apps like Tor, or bittorrent clients.

There could be a cat-and-mouse game as developers try to rename their apps, generate new keys, and register new domains, but when governments notice that their ability to censor is at stake, they will spare no expense on whichever intelligence agency or defence contractor is tasked with keeping the blacklists updated faster than any banned applications can reach mass adoption.

In parallel to this, governments will require that ISPs only let devices access the internet if they pass a "secure boot" check, which confirms that the device is running an operating system which enforces this blacklist.

We're probably less than 5 years away from some G7/EU country mandating this system, with the timeline only limited by the rate of adoption of technology like Windows 11 and Pluton. Older devices (and those running "unapproved" OSes) will be limited to specific ports and IP ranges, for "cyber-security" reasons.

Depends on how they would do it. If Apple were to replace brew with an official package manager which just works, most people wouldn't bat an eye.

The way Apple could do it is by introducing the said package manager for iPadOS. iPadOS could soon grow to do everything what MacOS does but only with certain restrictions. If it's faster but cheaper, most people would then just buy it over a general purpose laptops.