Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Temporarily Relaxes Notarization Requirements in macOS Catalina for Non Mac App Store Apps
- Thread starter MacRumors
- Start date
- Sort by reaction score
2019 is not 1990. Ransomware and other sh*t are everywhere.
Last edited:
I can agree this to average users only, which may comprises 90% of users using Mac I think.
I am not comfortable with Apple or any other vendor being the gatekeeper for what will run or not run on my Mac. Period. And I will not support that. It is one thing to protect the user from malware, another to completely shut out third party development. I bought into the concept of a personal computer and I've never given up on that lofty goal.
First, Apple is not preventing any software developer from having applications notarized other than malware:
This is an automated process, and it is designed to ensure that one can be sure that the software one is going to run is actually the software one wants to run (i.e. has not be hacked).
Second, one can always choose to run non-signed applications if one wishes. However, other than for things one compiles oneself, it seems like a bad idea to run unsigned/unnotarized code. The process is quite simple and it ensure it is the genuine article.
What about open source software? VLC, HandBrake, even commercial ones like TextExpander and Carbon Copy Cloner are not on the Mac App Store
What about it? The entity that provides pre-compiled versions for macOS can have them signed and notarized. There is no cost and the process is automated. Applications one compiles oneself would not need to be signed/notarized.
This issue has nothing to do with the Mac App Store. This is all about applications not distributed through the Mac App Store.
And yet we’ve managed to get by without it for the last seventy years.
[doublepost=1567774419][/doublepost]
The difference between being notarised and being approved is so thin that I wouldn’t like to bet on the outcome if a case went to court for whatever reason.
Signed software has been around for years, and is a response to viruses and malware. However, if you would prefer to run unsigned/unnotarized, you are able to do so. What Apple is doing here is making things better for most users, by making the restriction the default.
What is it that scares you about this process?
[doublepost=1567774419][/doublepost]
The difference between being notarised and being approved is so thin that I wouldn’t like to bet on the outcome if a case went to court for whatever reason.[/QUOTE]
What kind of court case would adjudicate the difference between those two words? The notarization process is completely automated and does not have any requirements about the types of apps that are allowed to be notarized, only about their code requirements. One submits one’s app and the system processes it. The requirements are very clear and very simple:
Notarize Your App Automatically as Part of the Distribution Process
Before distributing your app directly to customers, your Account Holder must sign the app with your Developer ID. Xcode’s Organizer window includes a workflow for generating a distributable version of your app. In Xcode 10 and later, this workflow includes an option to notarize your app automatically. To notarize your app using this workflow, do the following:
- Open your Xcode project.
- Create an archive of your app.
- Open Xcode's Organizer window.
- In the Archives tab, select the archive you created.
- Click Distribute App to view the distribution options.
- Choose Developer ID for your method of distribution.
- Click Next.
- Choose Upload to send your archive to the Apple notary service.
- Click Next.
When you click Next, Xcode uploads your archive to the notary service. When the upload is complete, the notary service begins the scanning process, which usually takes less than an hour. While the notary service scans your software, you can continue to prepare your archive for distribution. For example, you can export the archive and perform any final testing that you require prior to making your software available to customers.
When the notarization process finishes, Xcode downloads the ticket and staples it to your archive. At that point, export your archive again to receive a distributable version of your software that includes the notary ticket.
For more information about how to use the Xcode UI to upload your software, see Upload a macOS app to be notarized.
Again, I am not sure about what you are actually worried.
Scared? Nothing in my post suggests I'm scared. I'm merely annoyed that Apple has decided to go down the scaremongering route of displaying spurious warnings if I have the temerity to install software that they haven't approved of first.
You're arguing against anti-virus and generally anti-malware right now, you know that, yeah?
It's not a process of content approval. It's an automatic process akin to what an anti-malware program performs, but centralised so it can do more computationally intense things just once, and sign it off for good. As a computer scientist with a focus on security, I applaud it.
Well, very good for you.
This is important for grandma who you force to use FaceBook because you won't call her and one of the fake FaceBook ads displays a pop up to her that there is something wrong with her computer and she needs to download this special software to fix it.
No, I'm not. I'm arguing against Apple suggesting that all software not approved by them should come with a dire warnings.
But as I've said, it's not about whether they approve or not. It's an automated process that runs heuristics on the app's safety level to try and catch malware.