What the Apple Notarization Program for macOS Apps Means for You

Apple is now asking developers to submit their Mac-ready apps for notarization. This allows developers who distribute apps outside the Mac App Store to let users know Apple has signed off on the security of their app.

Curious what this all means for you? We’ll break it down.

Red (The Bad Stuff)

  • Developers will have to pay Apple’s $100 developer account fee to have apps notarized.
  • The $100 fee recurs annually, and is not a one-time payment.
  • It’s unclear if untouched apps lose their notarized status should developers not renew their Apple Developer Program membership later on.
  • Notarization is for Gatekeeper, which is designed to allow only trusted software to run on macOS. This program can change at any time.
  • Notarization is voluntary, but it’s not clear if this will change later.
  • Gatekeeper can (and does) suggest apps be removed by the user if it’s not satisfied those apps are secure.
  • All submissions for notarization must go through Xcode. If you don’t use (or like) Xcode, there’s no recourse.
  • Unique pop-up language (more on that in a minute) only shows in macOS Mojave.

WWDC 2018 Apple Data Privacy Security

Green (The Good Stuff)

  • Notarization is available for apps, plug-ins, and installer packages.
  • By default, Gatekeeper is set to allow apps from the Mac App Store and “identified” developers.
  • You can still distribute your apps (notarized or not) outside the Mac App Store.
  • Users who download notarized apps will see a more “streamlined” dialogue the first time they open them. It says: “Apple checked [the app] for malicious software and none was detected.”
  • To access features such as the file system, camera, or microphone, code in notarized apps must explicitly request entitlement to it, and users will be prompted to allow an app to access those features.
  • ’Notarization’ scans for malware.

Apple WWDC 2018 iOS Developer Jobs Dice

Refactor (Our Take)

Apple is casting a wider net for macOS, which could mean several things; but most likely it wants to rein in casual developers before tightening the leash.

$100 isn’t a king’s ransom, but it’s an affront to developers who just want to distribute a cool plug-in or menu bar app. It may seem customary, because iOS developers and those who choose to publish apps in the iOS and Mac App Stores must pay, but asking the desktop developer community at large to fork over $100 per year to have their apps scanned is an interesting ploy.

We’ll also note the language in the pop-up notifications for notarized and un-notarized apps is not terribly unique. Non-notarized apps say, “Safari downloaded this file (the app) today at [time],” then provide a link to where it was downloaded from. Apps that haven’t been scanned by Apple also get a button taking users to the webpage the app was downloaded from. To us, this isn’t quite enough; we’d rather see a stylized popup window to make users far more comfortable with a notarized app, or at least some designation beyond a few pithy words to let users know Apple has done its due diligence.

Gatekeeper works well, but it can change at any time. It’s the backbone for all security on the Mac, and helped Apple identify and block 32-bit apps when it upgraded macOS. Here, developers will be directly subject to Apple’s decisions on security and performance, and it’s a large reason developers choose not to publish to the Mac App Store.

Notarization isn’t problematic, per se, but it also suggests where Apple is headed. Notarized apps aren’t listed in the Mac App Store, but that could be a stopgap to encourage developers to take the plunge. By filtering apps through Xcode and into Apple’s algorithmic scanning system, Apple is setting up the app ecosystem for a proper App Store review. We’ve highlighted how weak the Mac App Store is, and the dearth of apps is a massive issue Apple needs to solve; the Mac App Store is a huge opportunity, but Apple is having trouble figuring out how to capitalize on it.

Someday, Apple will likely launch a program encouraging developers with notarized apps to submit to the App Store. They’re already paying the fee, so why not, right? And we have to consider that many think Apple will soon release a Mac with its own bespoke chipset, like the A-series SoCs for the iPhone and iPad. Corralling developers before you make a massive move is necessary. We’re also seeing a shift to bilateral apps for macOS and iOS; with macOS Mojave, Apple published its News, Home, Voice Memos, and Stocks apps for the desktop – and they’re essentially iPad apps on your Mac.

Also notable: Apple seems to be hedging its bets. The uninspired popup language we mentioned earlier is a soft touch; anything more rigid would offend developers, possibly pushing the already tenuous macOS developer segment away.

For now, app notarization is a security measure, but it seems to be much more. Whatever Apple does next with the macOS platform, this may be the first step to a more controlled desktop environment.

Related