Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,007
13,629



Apple this afternoon reminded developers about upcoming notarization requirements for Mac apps created outside of the Mac App Store.

Apps that are distributed outside of the Mac App Store must be notarized by Apple in order to run on the macOS Catalina operating system set to be released this fall.

apple_mac_notarized.jpg

Apple says that to make the transition easier on both developers and Mac users, notarization prerequisites have been adjusted until January 2020.

Developers can now have apps notarized that do not meet certain previous requirements, such as an app that uses an older SDK or the inclusion of components not signed by a developer ID.

Apple has a full list of allowances on its developer website:
You can now notarize Mac software that:
- Doesn't have the Hardened Runtime capability enabled.
- Has components not signed with your Developer ID.
- Doesn't include a secure timestamp with your code-signing signature.
- Was built with an older SDK.
- Includes the com.apple.security.get-task-allow entitlement with the value set to any variation of true.
Apple has been requiring new software distributed with a Developer ID outside of the Mac App Store to be notarized in order to run since macOS Mojave 10.14.5.

Apple introduced notarization in macOS Mojave as a way to further protect Mac users from malicious and harmful apps.

For the notarization process, Apple provides trusted non Mac App Store developers with Developer IDs that are required to allow the Gatekeeper function on macOS to install non Mac App Store apps.

Notarization is not required for apps that are distributed through the Mac App Store. More information on notarization can be found on Apple's developer site.

Article Link: Apple Temporarily Relaxes Notarization Requirements in macOS Catalina for Non Mac App Store Apps
 

RumorConsumer

macrumors 65816
Jun 16, 2016
1,250
697
I’m not a fan. Maybe the world has changed but as a kid running some random program from the web was a rare pleasure. Yeah as I’m thinking about it there is a ton of crap out there. I’m sure they thought about it. We’ll see the effects. What about apps that aren’t being developed anymore?
 
Comment

casperes1996

macrumors 603
Jan 26, 2014
5,979
3,849
Horsens, Denmark
I assume we'll be able to disable this since it's a Mac?

I’m not a fan. Maybe the world has changed but as a kid running some random program from the web was a rare pleasure. Yeah as I’m thinking about it there is a ton of crap out there. I’m sure they thought about it. We’ll see the effects. What about apps that aren’t being developed anymore?

Is there a way to turn this off in Catalina?

Like SIP there are times when this is not desired and to not be able to turn it off is a major reason not to use Apple hardware.

If there isn’t an option to disable this bs that’s the ultimate rubicon for any real desktop OS.

Hey. I am a software developer, with a Catalina install.

"Disabling it" is a phrasing that I'd have to say, no you cannot to.
But you can ignore it. "Run anyway" so to speak. It's not that it blocks you, it just warns you and makes it more steps to run potentially harmful software. Anything executed from command line will execute like normal, and I believe also if you alt-click and select open.
Furthermore, it's not an app review process. To get notarised doesn't mean Apple needs to approve of what you do. It's an automated process that just checks for security, not content. And it only affects signed software; Thought I'd say software should be signed if intended for release these days.
 
Comment

JoeCassara

macrumors member
Aug 16, 2018
48
220
>Apps that are distributed outside of the Mac App Store must be notarized by Apple
>in order to run on the macOS Catalina operating system set to be released this fall.

That's not true.

The situation is nuanced. Apple has stated that you will always be able to run any software of your choosing on macOS -- though you'll encounter some friction in Catalina and, speculatively, in future releases of the OS, requiring you to be explicit in your intentions. Notarization is required for apps signed with a Developer ID certificate, and there are caveats to this requirement depending on several cases.

Without getting mired in developer-speak: relax. This is not Apple cordoning off all unsigned, non-notarized software from macOS.

For the curious, check out these resources:
 
Comment

im_to_hyper

macrumors 65816
Aug 25, 2004
1,246
266
Pasadena, California, USA
So for those of us who just use a Mac and want to run old software (64-bit, clearly) we can?

For those of us considered “users” all this means is we just click “allow” to allow something to run, as is the case in previous versions?

The overall wording makes it seem like Apple is only allowing “officially approved software” and that anything you bought in the past will not run.

>Apps that are distributed outside of the Mac App Store must be notarized by Apple
>in order to run on the macOS Catalina operating system set to be released this fall.

That's not true.

The situation is nuanced. Apple has stated that you will always be able to run any software of your choosing on macOS -- though you'll encounter some friction in Catalina and, speculatively, in future releases of the OS, requiring you to be explicit in your intentions. Notarization is required for apps signed with a Developer ID certificate, and there are caveats to this requirement depending on several cases.

Without getting mired in developer-speak: relax. This is not Apple cordoning off all unsigned, non-notarized software from macOS.

For the curious, check out these resources:
 
  • Like
Reactions: nerdherdster
Comment

xbjllb

macrumors 65816
Jan 4, 2008
1,157
109
One day, not so far off, Mac Users are going to have their "Network" moment, and it won't be quiet.
 
Comment

Appleman3546

macrumors 6502
May 13, 2019
298
560
It is no coincidence that Apple is implementing this with the ability to port iOS apps to the Mac App Store. It used to be that Apple would allow downloads of Apps from browsers without Apple oversight in order to compete with Windows, but it appears that allowing Mac browser downloads of apps without some sort of Apple control was contrary to Apple’s valuable iPhone App Store monopoly excuse of security concerns. My my how valuable that App Store monopoly has become that Apple is willing to give Windows an easy dunk
 
Comment

casperes1996

macrumors 603
Jan 26, 2014
5,979
3,849
Horsens, Denmark
So for those of us who just use a Mac and want to run old software (64-bit, clearly) we can?

For those of us considered “users” all this means is we just click “allow” to allow something to run, as is the case in previous versions?

The overall wording makes it seem like Apple is only allowing “officially approved software” and that anything you bought in the past will not run.


You can run anything you want to. Old software won't even give you the increased friction. Signed software is timestamped with when it was signed, and the extra warnings and steps to run un-notarized software only apply to software signed past a certain date. Old software will work the same as it always has.
 
Comment

casperes1996

macrumors 603
Jan 26, 2014
5,979
3,849
Horsens, Denmark
I guess you haven't run into the Catalina message "App can't be opened because Apple cannot check it for malicious software."

Not even an old app. It was installed Aug 19.


For one of the tech talks at WWDC when notarisation was announced, Apple explicitly said that before a certain date of signing notarisation wouldn't be necessary, but only apps signed after that threshold, at which point they knew to sign it and get it notarised. If you run software that hasn't been updated for years, it won't show that message, but it hasn't been notarised, obviously since it's years old. The software you're referring to must clearly be new enough that they had the chance to get it notarised. But you can still get around this by using the Open menu, opening through Terminal, or maybe through System Preferences.
 
Comment

jonblatho

macrumors 68000
Jan 20, 2014
1,968
4,947
Missouri
I assume we'll be able to disable this since it's a Mac?

Is there a way to turn this off in Catalina?

Like SIP there are times when this is not desired and to not be able to turn it off is a major reason not to use Apple hardware.

You can bypass it using the same method used for unsigned apps (right click > Open), which presents the same prompt but with a button that allows you to open the app. It’s not perfect, though, and it’s probably why Apple’s temporarily delayed this change.

An example: Firefox was completely broken on macOS Catalina because it was unable to launch the separate Firefox Software Update app at launch and the user could not launch it themselves, not even with the workaround. Had to reinstall Firefox from another browser to fix it. This definitely needs more time when it’s a showstopper bug for a major browser and God knows what else.
 
Comment

casperes1996

macrumors 603
Jan 26, 2014
5,979
3,849
Horsens, Denmark
And the average user isn't going to know that.

They'll only know that their Mac isn't working right.

If you don't know how to open a non-notarised app, you probably shouldn't open it. A car that won't start if you don't wear your seatbelt, may have legit reasons for wanting to unbuckle your seatbelt after you've started it, but the average driver really shouldn't. All apps you'll need should be notarised by release of macOS Catalina
 
Comment

ignatius345

macrumors 68040
Aug 20, 2015
3,361
4,459
Signed software *must* be notarised. Unsigned software runs just like before.

Reading comprehension fails a bit too much in this thread.
Don’t get huffy at readers. The article says

Apps that are distributed outside of the Mac App Store must be notarized by Apple in order to run on the macOS Catalina operating system set to be released this fall.
which is apparently a bit misleading, or at least incomplete.
 
Comment

Jerry Fritschle

macrumors regular
Mar 30, 2004
128
179
Where in the article does it mention unsigned software not needing to be notarized?
Apple’s wording may be vague, but unsigned software may run as before by the normal method. “Signed” software (which itself is a prerequisite for notarization) must additionally be notarized.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.