Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple will enforce app notarization for macOS Catalina in February

Last updated

Apple has warned developers it will be reinstating the app notarization requirements it set out for macOS Catalina, with the transition period affecting macOS software distributed outside the Mac App Store ending at the start of February 2020.

New app notarization policies meant for macOS Catalina was announced in June at the Worldwide Developers Conference, with an intention to ensure the security of end users. To ensure the rollout of macOS Catalina was smooth, the full enforcement of the requirements was delayed, but an announcement by Apple reveals that time will end in early 2020.

In a post to the Apple Developer site, Apple confirms "all submitted software must meet the original notarization prerequisites" starting from February 3, 2020.

The new policies require developers to submit their apps to Apple to go through a notarizing security process, or they won't run in macOS Catalina. An extension to the existing Gatekeeper process that previously allowed notarization as an option, the requirement is designed to ensure downloaded software is from the source users believe it is from.

Notarized apps are scanned automatically by Apple for security issues and malicious code. While the Mac App Store apps undergo stringent checks before being made available, Notarization aims to provide a similar level of safety and security to users downloading apps from third-party servers, such as those owned and managed by an app's developer.

Under interim terms that commenced in September, Apple notarizes apps that do not have the Hardened Runtime capability enabled, include components not signed by a Developer ID, do not include a secure timestamp with a developer's code-signing signature, was built using an older SDK, or include a "get-task-allow" security entitlement.

The period allowed developers to complete the notarization process, as well as protecting users using older versions of third-party software on Catalina.

Apple warns developers who have yet to upload their software to the notary service to do so and to review developer log warnings. The warnings will become errors from February 3, and will need to be fixed in order for the software to become notarized.



31 Comments

razorpit 17 Years · 1793 comments

So does that mean this will no longer work?

sudo xattr -r -d com.apple.quarantine /Applications/[name_of_application_bundle_here].app


dysamoria 12 Years · 3430 comments

Will we the users still be able to run anything we like, so long as we go into System Preferences and choose “open anyway”?

tjwolf 12 Years · 423 comments

WTF?  What does this mean for all the open-source stuff developers depend on?  E.g. apache projects?  Will Apache go through through this signing process?  What about stuff installed via 'brew'?  Java VMs, etc., etc.....

macplusplus 9 Years · 2116 comments

tjwolf said:
WTF?  What does this mean for all the open-source stuff developers depend on?  E.g. apache projects?  Will Apache go through through this signing process?  What about stuff installed via 'brew'?  Java VMs, etc., etc.....

Not every binary, as I understand. Apache is a service already included in macOS distribution. Apple mentions apps, Plug-ins, installer packages and kernel extensions as to be notarized. This is nothing more than an Xcode bureaucracy, not a big deal that will cause you to hold your breath. 

indieshack 9 Years · 336 comments

Unless I misunderstand this, notarization is an automated, real-time process - correct? It is just one extra step before the developer distributes. I don't see the issue for either developers or end-users - this won't stop side-loading of apps on the Mac.