Sorry, you seem to have deviated into an unrelated axe you're grinding. Try again, this time with the axe you were originally grinding, which I'll help with:

> [Online signature check] is also a move to protect certain streams of Apple services revenue, in addition to protecting users from malware, and it always has been.

To restate and avoid drifting into another non sequitur, this ascribes intent; that is, it suggests that part of the reason online signature check was added, and part of how it has been evolved, is to protect certain streams of Apple services revenue. That would be your argument, which has no evidence to support it, but you suggest is backed by “facts”[1], which appear to be nowhere to be found.

Are these facts somewhere to be found? Or are you stating hypotheses as facts?

[1] https://news.ycombinator.com/item?id=25210475

I have no axe to grind with Apple. I'm a happy Apple customer and have been for most of 30 years.

The same code that keeps malware from running on a mac (or iphone) keeps non-app-store apps from running on an iphone, or prompts you to move non-notarized apps to the trash on a mac.

It's not some separate thing: the exact same code path that protects the consumer store revenue and developer notarization service revenue also protects users against malware.

EDIT, for clarity: I am speaking of Apple-developed, Apple-owned platform security code, where root keys are not held by anyone other than Apple, not generic crypto primitives or the concept of code signing in general (where we have a P-as-in-public PKI).

Which is the same code that keeps unsigned bootloaders from running on PCs which is the same code that keeps unsigned packages from being installed on Linux systems which is the same code that keeps unsigned browser extensions from running on Firefox which is the same code that shows the scary warning on Windows.

Everyone seems to like code signing.