Apple has warned developers it will be reinstating the app notarization requirements it set out for macOS Catalina, with the transition period affecting macOS software distributed outside the Mac App Store ending at the start of February 2020.
New app notarization policies meant for macOS Catalina was announced in June at the Worldwide Developers Conference, with an intention to ensure the security of end users. To ensure the rollout of macOS Catalina was smooth, the full enforcement of the requirements was delayed, but an announcement by Apple reveals that time will end in early 2020.
In a post to the Apple Developer site, Apple confirms "all submitted software must meet the original notarization prerequisites" starting from February 3, 2020.
The new policies require developers to submit their apps to Apple to go through a notarizing security process, or they won't run in macOS Catalina. An extension to the existing Gatekeeper process that previously allowed notarization as an option, the requirement is designed to ensure downloaded software is from the source users believe it is from.
Notarized apps are scanned automatically by Apple for security issues and malicious code. While the Mac App Store apps undergo stringent checks before being made available, Notarization aims to provide a similar level of safety and security to users downloading apps from third-party servers, such as those owned and managed by an app's developer.
Under interim terms that commenced in September, Apple notarizes apps that do not have the Hardened Runtime capability enabled, include components not signed by a Developer ID, do not include a secure timestamp with a developer's code-signing signature, was built using an older SDK, or include a "get-task-allow" security entitlement.
The period allowed developers to complete the notarization process, as well as protecting users using older versions of third-party software on Catalina.
Apple warns developers who have yet to upload their software to the notary service to do so and to review developer log warnings. The warnings will become errors from February 3, and will need to be fixed in order for the software to become notarized.