Additional thoughts on M1 devices

Following my thoughts on the M1 i written here and in my previous website (italian) i wanted to write a quick one on the biggest caveat with the new Apple devices: these are not personal computers anymore, but much more similar to an iPhone on steroids. As much as they are convenient and powerful, they are taking away more and more control from the owner.

The HW side on Macs has been going in that direction for a long time, with the soldered-down storage introduced in 2016 and the security t1 and then t2 chips preventing any kind of HW repair and modification. On the SW side, macOs has been getting stronger protection on system files since El Capitan introduced SIP and later Catalina made it a read-only partition.  The recent OCSP debacle also shed some light in how Apple manages the permission for apps to run. This always had a great benefit of protection from malware for the average user, but also created a barrier of entry for any independent devolped apps and modifications. These settings were still quite easy to disable with recovery mode ” csrutil disable ” and then “sudo spctl –master-disable ” .

Now with M1 and Big Su, with a much stronger tie between HW and SW, the new security enclave and the report of new API that prevent traffic monitoring by third-party firewalls, it is not clear wether this walled garden will ever be open again. With such a strong control, it is possible for developers to create apps that are impossible to crack just like the system has a built-in iLock in the form of the security enclave. It is just a metter of when, not if, apple will make it impossible to side-load apps from outside the App Store on these new machines. The industry as whole is moving towards the “service” business model and Apple is using the incredible value presented by the M1 devices in the notebook market, a very easy target for its super-efficient mobile chips, as its trojan horse.