Launch Services quarantine UI should show app identity, not interrupt user

Originator:iamleeg
Number:rdar://7694166 Date Originated:26/02/2010
Status:Open Resolved:
Product:Mac OS X Product Version:Any 10.5+
Classification:UI/Usability Reproducible:Not Applicable
 
Summary: the two problems with the current download quarantine feature are:

1. it interrupts the user with an alert she needs to dismiss before the app will open. The alert asks (paraphrasing) "do you want to open this application?". Because she has just done some action to open the application, we can assume that she does want to open it and will not consider the purpose or authenticity of the app in any more detail.

2. for users who do want to be assured of the authenticity of any applications they run, the quarantine dialog does not provide much helpful information. Signed applications carry information about the integrity of the app and the identity of the provider, but this is not used in the quarantine UI.

Steps to reproduce:
1. download an application from the web.
2. open that application.
3. inspect the dialog presented.

Expected results: if I care about the identity of the downloaded application, I can inspect it. If I do not care, I am not interrupted.

Actual results: I am interrupted in any situation, and do not get any information about the integrity or authenticity of the application. I'm only told where I downloaded it from and in which application, which I already know.

Notes: I would suggest a non-modal interface similar to the attached project. Ignoring the obvious race condition in its filesystem use, it extracts the certificate chain from a signed app and presents the leaf certificate to the user, just as the Installer.app can when processing a signed package. Users who care can inspect the identity behind any application (not just the first time they run it), everybody else can ignore it.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!