Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple amping up requirements for app notarization starting in macOS 10.14.5

Last updated

All new apps developed using a fresh Developer ID must be notarized to pass through Gatekeeper from macOS 10.14.5 onwards, Apple has advised, with the extra security process requirement landing ahead of an expansion to all macOS software in a future update.

Initially announced at WWDC 2018, Notarized Apps is an extension to the Developer ID program where developers submit their apps to Apple for review. While the security measure has been optional so far ahead of a later implementation, Apple has started the process of making notarization mandatory.

An update to the notarization support documentation advises "Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run." While the process is changing to force new developers to notarize, the notice also points out everyone else developing macOS software will have to do so eventually, as "In a future version of macOS, notarization will be required by default for all software."

Notarizing an app involves sending the software to Apple's system for an automated scan of malicious content, as well as checking for code-signing issues. The process is just for apps distributed separately from the Mac App Store, which undergoes more rigorous checks before being made available.

If successful, the process generates a ticket developers can apply to their software, as well as publishing the ticket so macOS Gatekeeper, a security feature for enforcing code signing and verifying downloaded applications, can separately confirm the app.

At the time of installation or running the software for the first time, the ticket's presence in the app or online informs Gatekeeper that it has been notarized by Apple, and allows the process to install the app to continue. While effectively invisible to end users, notarization offers a level of assurance to users that the software has undergone some safety checks by Apple itself.

To developers, the notarization process adds extra steps to the development process, as well as for creating updates for apps, but does provide an audit trail for signed software, allowing unauthorized versions to be disabled. With the full-scale usage of notarization, it may help cut down the number of pirated or malware releases of legitimate apps, which in turn could help increase developer revenues.

While it will still be possible to install apps in macOS that have not gone through the notarization process, it will generally be a harder process for users to go through compared with one that uses Gatekeeper. From a usability perspective, developers certainly have an interest in using notarization.



29 Comments

jdw 1457 comments · 18 Years

The last paragraph made be breath a sigh of relief.  "Harder process" or no, there had better be a way for us to install apps not sanctioned by Apple!

greg uvan 86 comments · 11 Years

I know this is for the security of the platform, and that it's more or less transparent to the end user. But, it feels like something else is dying in the process. I can't quite put my finger on it. 

kruegdude 340 comments · 13 Years

jdw said:
The last paragraph made be breath a sigh of relief.  "Harder process" or no, there had better be a way for us to install apps not sanctioned by Apple!

Microsoft has something similar. It’s called Virus scanning software where the files and code are “sanctioned” by the various virus scan software companies, including Microsoft. 

acejax805 109 comments · 10 Years

greg uvan said:
I know this is for the security of the platform, and that it's more or less transparent to the end user. But, it feels like something else is dying in the process. I can't quite put my finger on it. 

It's really ironic that the greatest threat to security is the end-user. Finding a balance between end-user choice and security is a tough one. It's what keeps the world turning.

acejax805 109 comments · 10 Years

jdw said:
The last paragraph made be breath a sigh of relief.  "Harder process" or no, there had better be a way for us to install apps not sanctioned by Apple!

Can't offer solutions without creating problems, amirite!