Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
As far as I can tell, there was NEVER a requirement for notarization for MacOS 10.14.5 Mojave. We distribute outside the app store, and have tons of Mojave clients, and we've never had to make any adjustments to our distribution. Of course, it IS signed with our Developer ID and our installer ID, and we've been developers since 1985, so perhaps that has something to do with it. As far as I could see, the requirement for notarization only applied to running on Catalina.
 
Awesome, more hoops to jump through for developers and users! All the more reason to switch to a Thinkpad in 2020. This constantly increasing patronization by Apple is intolerable.
 
  • Like
Reactions: zaphon
WTF? Is it even possible to dual boot without some hackery?
No hackery. Just partition your HD or SSD before installing Catalina. Install Catalina in the new partition, but leave Mojave in the old. You can also reinstall the OS your Mac shipped with to start over clean.
The archive includes all the source code.
You can inspect your archives (in ~/Library/Developer/Xcode). No source code is included. So Apple doesn’t get any (unless you send it with a bug report, etc.)
[automerge]1577147932[/automerge]
Remember that MacOS is a development operating system; ...
Which means you can install any kind of app you want by building from source using Xcode.
 
H
Dual Boot (Mojave + Catalina) systems will soon become the norm !

Every Mac User I know has either already implemented it, OR working towards it.

NOBODY I know, including me, trusts Apple to do the right thing !
Hahaha. So funny. Read all the comments by informed responders it should help clarify the situation for you. Not everything has to be a tin foil hat event
[automerge]1577148664[/automerge]
Awesome, more hoops to jump through for developers and users! All the more reason to switch to a Thinkpad in 2020. This constantly increasing patronization by Apple is intolerable.
Yah, bring on the malware and viruses! Actually there are quite a few comments by informed responders that should help
[automerge]1577148912[/automerge]
No
 
Last edited:
The original behavior was double-clicking unsigned apps would pop up a dialog box with an option to continue. As of Sierra, the double-click dialog box has the option to continue removed.

The way to get the option to continue is right-clicking and selecting open. The user is then presented with the same dialog box, but with the added option to continue.

Even before Sierra, you could not get past Gatekeeper by double-clicking if you disallowed unsigned apps. You had to use the right-click option or go to System Preferences. Sierra only removed the GUI toggle to allow unsigned apps from System Preferences, but it did not change this workflow.

This is what happened when you double-clicked on an unsigned app (you can tell that this is Mountain Lion or Mavericks):
1577155984747.png
 
  • Like
Reactions: DeepIn2U
Apple this afternoon announced that developers who create Mac apps outside of the Mac App Store will need to submit them for the notarization process starting on February 3, 2020.

Wonder how this will work? Gotta say, most of the apps on my computer that have been distributed outside the app store are either:
- Things I've coded.
- Things I've compiled from (often heavily dated but extremely simple sourcecode).
- Old Windows apps that I'm running using Crossover.

For simple me, the sandboxed approach gets quite annoying and frankly, the odds of me running some kind of a virus are extremely low (coz either... I've coded it, it's from the main tree of a highly trusted open source project or it's gonna be a 1990's Windows virus that does jack all).

I wish I could just turn this off and be like 'totally aware of the risks!!! I choose to use this all at my own risk...'

Sure it's reckless with all the garbage out there today. However, I reckon if there was a Mac virus, it would find its way around all this anyway.
[automerge]1577164005[/automerge]
You can only protect users so much.

I mean, if someone deliberately opens the gun safe using their combination, loads a round into the shotgun, aims it at their foot, and pulls the trigger, you can't blame the maker of the safe for being "insecure".

I reckon you're on the money there and that's what this kinda thing does. It forces you to make a conscious decision to allow various apps to run.

For example I compiled Mednafen with just the Sega Saturn emulation component (to save space). I then made a BASH file that scans a few folders for Sega Saturn games and throws them at me in a numbered list so I can choose which one to play (there's also an options 'menu' to setup a few prefs). There's no way I'll ever distribute this and anybody downloading a BASH script from the web that scans your HD and launches a random terminal-based binary (by entering various stuff into a shell) should know exactly what it does before launching it. Coz like it might play Sega Saturn games... or might... do something else to your HD.

Still... I have lotsa shonky solutions like this and it's annoying having to enable them all + give them all access to specific areas of my HD. I always wonder how I'll cope with this + passwords when I'm a bit older and/or have accessibility issues.
 
Last edited:
Before people start to panic, remember this only affects being able to double-click an app to open it by default. You can still go out of your way to run a non-notarized app by right-clicking and clicking open. That then whitelists the app to run in the future normally.

This is more about stopping users from accidentally executing malicious code than a strongarmed attempt to lock down the platform.

Remember that MacOS is a development operating system; they can't lock it down like iOS without crippling the ability to develop software on it.
Glad you posted that. I was about to be pissed if it meant they could just decide overnight they’re not going to allow things like torrent apps or whatever app I feel like. If I wanna put malicious crap on my computer that’s my choice. Not apples. It’s bad enough there’s no side loading ability, even for very experienced users, on iOS (without jailbreaking obviously)
 
It’s bad enough there’s no side loading ability, even for very experienced users, on iOS (without jailbreaking obviously)

Side loading on iOS is possible for anybody who has source code, Xcode, and their Apple ID on the iOS device and Mac (or better yet, an Apple Developer enrollment.)
 
No, the app archive bundle does not include source code. Open it and look for yourself.

Just one example among many explanations:


“An archive is a bundle that includes your product along with symbol information.”

The symbols are a map of the source code used for debugging purposes. This is what I meant by the source code being included. Apple doesn’t have to reverse engineer anything because the code is fully mapped through the debug symbols in every app archive.
 
  • Disagree
Reactions: NetMage
You can only protect users so much.

I mean, if someone deliberately opens the gun safe using their combination, loads a round into the shotgun, aims it at their foot, and pulls the trigger, you can't blame the maker of the safe for being "insecure".

Yup. The point is to protect unsophisticated users. Someone who knows enough to left click, etc. and still falls for this, is beyond help. :)
 
This reminds me of the time when I visited the biology lab in my institute to discuss something with a colleague: she was happily running GNOME on her Linux workstation as root...
 
This statement is wrong and is getting everybody upset. A critical part of Apple's statement was deleted:



Very simply put, signed apps must now be notarized. Unsigned apps are unchanged.

Dont you know that most modern journalism struggles to understand that clickbait isn't necessary and that withholding key information for the sake of inciting drama and being scummy is the way to go?
 
Just one example among many explanations:


“An archive is a bundle that includes your product along with symbol information.”

The symbols are a map of the source code used for debugging purposes. This is what I meant by the source code being included. Apple doesn’t have to reverse engineer anything because the code is fully mapped through the debug symbols in every app archive.
The symbols are not the source code. I’m not sure what you are trying to say, but even with the symbol map one has too reverse engineer to get meaningful human-readable code from an archive.
 
  • Like
Reactions: NetMage
The symbols are a map of the source code used for debugging purposes. This is what I meant by the source code being included. Apple doesn’t have to reverse engineer anything because the code is fully mapped through the debug symbols in every app archive.

Uploading the debug symbols is optional for App Store apps. This has nothing to do with notarisation anyway, as you are not uploading a product archive to Apple’s notary service, but a compiled app bundle. The idea behind it is that you send Apple a copy of what you will be distributing to users. They will examine it and send you a receipt (“ticket”) that you can attach (“staple”) to your copy before you pass it around.
 
  • Like
Reactions: NetMage
I assume they can refuse to authorize the more interesting apps like fan control etc.
Nope, for the time being they will auth everything, then once they are firmly in control and most apps are authorized then they will crack down. Of course, by then its too late for any resistance.
 
  • Like
Reactions: MvdM



Apple this afternoon announced that developers who create Mac apps outside of the Mac App Store will need to submit them for the notarization process starting on February 3, 2020.

Apple temporarily relaxed the notarization requirements for non Mac App Store apps in September after the launch of macOS Catalina, and at the time, said developers would have until January 2020 to get used to the new rules.

apple_mac_notarized.jpg

The January 2020 deadline has been extended to February 2020, but at that time, developers will need to adhere to Apple's requirements.

Apple suggests that developers upload their software and review the developer log for warnings, as these warnings will become errors starting on February 3. Apple says that all errors will need to be fixed by that date for software to be notarized.Apple has been requiring new software distributed with a Developer ID outside of the ?Mac App Store? to be notarized in order to run since macOS Mojave 10.14.5, with the notarization process designed to protect Mac users from malicious and harmful apps.

For the notarization process, Apple provides trusted non ?Mac App Store? developers with Developer IDs that are required to allow the Gatekeeper function on macOS to install non ?Mac App Store? apps.

Notarization is not required for apps that are distributed through the ?Mac App Store?. More information on notarization can be found on Apple's developer site.

Article Link: Apple Requiring Notarization for Non Mac App Store Apps Starting February 2020

Paranoia galore!
Looking for excuses to control the choice of apps. Akin to the customs working full-blown paranoid post- 09-11.
You can't even use internet banking anymore without having a smartphone handy every single time you want to check your bank balance on the computer. None of this stuff is accidental.
 
  • Angry
Reactions: NetMage
"You can still go out of your way to run a non-notarized app by right-clicking and clicking open.".......... for now.
 
Just another way for Apple to nickel and dime their users. Now in order to distribute apps on what used to be an open platform you effectively need a license. And worse yet if they want they can revoke your license at any time for political and ideological reasons. Sad state of affairs and will give me pause next time I'm ready to upgrade my hardware.
 
Just another way for Apple to nickel and dime their users. Now in order to distribute apps on what used to be an open platform you effectively need a license. And worse yet if they want they can revoke your license at any time for political and ideological reasons. Sad state of affairs and will give me pause next time I'm ready to upgrade my hardware.

actually, this is a way to make sure users don’t unintentionally open sketchy software that isn’t from the source they think it’s from, without first having to take extra steps to do it.

people who want to be free to run unsigned software or who want to run signed but not notarized software can still do so. It takesan extra step (just like unsigned software already took), but if you’re smart enough to think you know what you’re doing, you should be smart enough to right click and open the app.
[automerge]1577371010[/automerge]
Paranoia galore!
Looking for excuses to control the choice of apps. Akin to the customs working full-blown paranoid post- 09-11.
You can't even use internet banking anymore without having a smartphone handy every single time you want to check your bank balance on the computer. None of this stuff is accidental.

not sure how this is related in your mind to two-factor, which seems to be what you are referring to, but anyone who has had their identity stolen or been hacked will tell you that “having your smartphone handy” is a welcome precaution.
 
actually, this is a way to make sure users don’t unintentionally open sketchy software that isn’t from the source they think it’s from, without first having to take extra steps to do it.

people who want to be free to run unsigned software or who want to run signed but not notarized software can still do so. It takesan extra step (just like unsigned software already took), but if you’re smart enough to think you know what you’re doing, you should be smart enough to right click and open the app.
[automerge]1577371010[/automerge]


not sure how this is related in your mind to two-factor, which seems to be what you are referring to, but anyone who has had their identity stolen or been hacked will tell you that “having your smartphone handy” is a welcome precaution.
You can spin it any way you want, but I'm not going to continue spending $2-3k on Apple hardware when they are clearly trying to get MacOS as close to a walled garden as possible. And who is to say they won't completely lock it down? They are already making developers pay for it which seems like a bad faith practice.
 
  • Like
Reactions: zaphon
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.