Additional thoughts on M1 devices

Following my thoughts on the M1 i written here and in my previous website (italian) i wanted to write a quick one on the biggest caveat with the new Apple devices: these are not personal computers anymore, but much more similar to an iPhone on steroids. As much as they are convenient and powerful, they are taking away more and more control from the owner.

The HW side on Macs has been going in that direction for a long time, with the soldered-down storage introduced in 2016 and the security t1 and then t2 chips preventing most HW repair and modification. On the SW side, macOs has been getting stronger protection on system files since El Capitan introduced SIP and later Catalina moved the whole OS to a read-only partition.  The recent OCSP debacle also shed some light in how Apple manages the permission for apps to run. This always had a great benefit of protection from malware for the average user, but also created a barrier of entry for any independent devolped apps and modifications. These settings were still quite easy to disable with recovery mode ” csrutil disable ” and then “sudo spctl –master-disable ” .

Now with M1 and Big Sur, with a much stronger tie between HW and SW, the new security enclave and the report of new API that prevent traffic monitoring by third-party firewalls, it is not clear wether this walled garden will ever be open again. With such a strong control, it is possible for developers to create apps that are impossible to crack using the security enclave as a built-in iLock . It is just a metter of when, not if, apple will make it impossible to install apps outside the App Store on these new machines. The industry as whole is moving towards the “service” business model and Apple is using the incredible value presented by the M1 devices in the notebook market, a very easy target for its super-efficient mobile chips, as its trojan horse.