Gatekeeper will enforce app notarization in an upcoming macOS release

Notarization is an optional pace inwards the app evolution process, but macOS’s Gatekeeper volition presently require that whatever signed apps distributed exterior Mac App Store hold out notarized past times Apple.

What is Developer ID?

In today’s ship service inviting developers to become their Mac software notarized for Mojave’s Gatekeeper, Apple said that Gatekeeper inwards “an upcoming liberate of macOS” volition require all Mac apps signed alongside Developer ID to hold out notarized past times the company.

Gatekeeper settings inwards macOS

Developer ID was added inwards Mountain Lion to let properly signed apps distributed exterior Mac App Store to come about Macs alongside the default Gatekeeper safety degree enabled. More recent versions of Developer ID convey besides offered iCloud services to apps released exterior App Store.

Gatekeeper warning: Mojave vs. High Sierra

Before Mojave, opening an app from an unidentified developer threw a scary warning proverb it was downloaded from the Internet, bespeak if you’d actually similar to opened upwards it. The wording in addition to the pattern of the dialog made it audio similar y'all were most to launch a slice of malware.

You tin give notice easily override this warning without changing your Gatekeeper safety level.

The somewhat scary Gatekeeper dialog inwards older macOS editions

Simply right-click an app’s icon, hence conduct Open from the popup menu. On Mojave, Gatekeeper warnings for notarized apps are less alarming. When y'all begin opened upwards a notarized app, installer bundle or disk picture on Mojave, you’ll run into a to a greater extent than streamlined Gatekeeper dialog that should give y'all confidence that you’re non trying to opened upwards known malware.

The user-friendlier Gatekeeper dialog inwards Mojave

App notarization

Apple describes a notarized app every bit a macOS app uploaded to them for processing earlier it’s distributed inwards a non-Mac App Store environment, similar the developer’s official website.

TUTORIAL: How to bypass the “This is an application downloaded from the Internet” warning

App notarization gives the user to a greater extent than confidence that they’re non using malware or an app that volition bag their identity or hijack personal data. Apple’s Notary Service automatically scans Developer ID-signed software in addition to performs safety checks.

From ArsTechnica’s review of macOS Mojave:

Apple’s Notary Service volition examine signed, ready-to-distribute app packages submitted past times developers to brand certain they don’t comprise malware, that all executables are signed correctly in addition to that the apps purpose the novel SIP enhanced runtime.

And this is Apple’s description of app notarization:

A notarized app is a macOS app that was uploaded to Apple for processing earlier it was distributed. When y'all export a notarized app from Xcode, it code signs the app alongside a Developer ID certificate in addition to staples a ticket from Apple to the app. The ticket confirms that y'all previously uploaded the app to Apple.

macOS Mojave 10.14 does not foreclose y'all from launching notarized apps when Gatekeeper is enabled. When y'all begin launch a notarized app on Mojave, Gatekeeper only looks for the app’s ticket online every bit a proof that the code hasn’t been tampered with.

If the user is offline, Gatekeeper looks for the ticket that was stapled to the app.

When a time to come macOS version moves app notarization from optional to required, Apple volition in all probability alter the electrical current “App Store in addition to identified developers” Gatekeeper degree to require notarization. Or, every bit ArsTechnica speculated, at that topographic point could hold out a 4th Gatekeeper safety degree at exactly about betoken inwards betwixt “App Store in addition to identified developers” in addition to “App Store only.”

Thoughts?

Share this post