Notarization Required for Mac Apps Created With New Developer IDs Starting in macOS 10.14.5

[Spock]

Almost all of my Mac software has come from the AppStore, I like the convenience of easy updates and easy purchasing of new apps. With that being said, this worries me a little when it comes to the future of the Mac. Like I said, most of my software comes from the AppStore but I also have a few video game emulators like Dolphin that I like to use and I have torrent software that I like to use and going by the terms of the iOS AppStore, those apps will no longer be allowed on my Mac. What if Apple decides they don’t like a Chrome update and refuse to sign it? I think this could very quickly turn into a antitrust issue.

 

[dannys1]

They got rid of the “open anywhere” option in Sierra. Apps from unidentified developers can only be opened through System Preferences. The dialog that appears when you open unidentified software doesnt give you an option to open it from the dialog anymore

Just disable Gatekeeper.

sudo spctl --master-disable

In terminal, done, sorted in a second, open anything you want. They have restricted anything for people who know what they’re doing, the problem is, it sounds like you don’t.

 

[Internet Enzyme]

By walled garden I’m referring to the iOS style walled garden.

I don’t really consider ‘private api’ to come under the umbrella of a ‘walled garden’

One unified store: and the owner gets to choose the acceptance criteria - ala MAS store ( which had all kinds of issues ).

One unified store as you suggest isn’t a great way to go and is unnecessary. Its open to all kinds of crap. Let developers sell their software how they wish, as is the case at the moment.

I think having a system controlled store and auto updating scheme results in a more organized, clean user experience—we know this from iOS. However, there are a lot of problems with it, such as long ass app review, splitting revenue, discoverability, and generally just some bad business hegemony trash that stifles creativity. I think there is a middle ground, and whether we have reached that currently im not sure of. I dont like downloading and updating apps through the web, and i dont think most ppl do either. The more stuff people download, the more cluttered their finder gets. Thats just a consequence of using a computer, but i think if an app store is implemented “properly” then it shouldnt be too painful a change

 

[ravenstar]

Just disable Gatekeeper.

sudo spctl --master-disable

In terminal, done, sorted in a second, open anything you want. They have restricted anything for people who know what they’re doing, the problem is, it sounds like you don’t.

I'd add that a mere 5 seconds on Google turns up all this information. It's not like it's a state secret, just search for Mac GateKeeper. But this kind of system isn't specific to Apple. Variations on this kind of security are popping up in the Linux and Windows worlds. It's a dangerous world out there and OS defenses need to continue to evolve. Apple's on the right track for the majority of its users, but if you want to live dangerously, go ahead.

 

[Eorlas]

It's not about "policing". It's about basic checks for malware. Also, not everyone knows how to "figure out what's good to install/not" like you.

Great, how's about a:

"we can provide an additional security step before installing applications to warn you about potential threats, would you like this?"

so then I can toggle this nonsense on/off, instead having to use it, like you.

 

[dannys1]

I'd add that a mere 5 seconds on Google turns up all this information. It's not like it's a state secret, just search for Mac GateKeeper. But this kind of system isn't specific to Apple. Variations on this kind of security are popping up in the Linux and Windows worlds. It's a dangerous world out there and OS defenses need to continue to evolve. Apple's on the right track for the majority of its users, but if you want to live dangerously, go ahead.

Exactly - people go on like they're making macOS less for professionals. Not a single feature has been removed at any point since we first had it - it's just been made more secure for the 98% of people who use it who don't know what to do, shouldn't be accidentally tinkering in the system folders and would be best kept to using software that is signed properly by developers.
[doublepost=1555152748][/doublepost]

Great, how's about a:

"we can provide an additional security step before installing applications to warn you about potential threats, would you like this?"

so then I can toggle this nonsense on/off, instead having to use it, like you.

See the post literally one step above you - a 5 second Terminal command.

 

[mrex]

I like this move by Apple.

i hate it. i have absolutely nothing bought/downloaded from mac appstore. developers which software i use has refused to put them in appstore due to the limitation needed to be able to put the software to the appstore and hence the software wouldnt work as it was developed and needed.

apple is only going to milk more money from customers (users/developers) - nothing more, nothing less.

hopefully developers have enough courage to remove everything from appstore.

 

[SoyCapitanSoyCapitan]

If you going to use an unsigned software or even worse you use torrented stuff you asking for trouble these days if you do anything financial on your computer. Don't underestimate what is going on out there. Even if I download from Github I read the source code and compile myself. Rambly conspiracy theories about Apple being strict is silly. If your data or money are stolen you will see users ask why didn't Apple or Microsoft make the system and apps safer.

 

[mrex]

installing software outside mac appstore doesnt mean that you are going to install crap software.

e.g. Blackmagic design has its revolutional davinci resolve studio in appstore (but missing features!) and downloadable from their webpage. because of sandboxing there are lots of limitation with the version bought from mac appstore.

downloading, buying and installing software outside from mac appstore doesnt mean that they are illegal, torrented or any other way bad.

 

[HiRez]

If you're just making apps for yourself, I found a way to get around this.

1. Build with Archive setting as usual.
2. In the Organizer window, right-click on your archive build and select Show In Finder.
3. In Finder, on the .xcarchive file you were taken to, right-click and select Show Package Contents.
4. Navigate to Products > Applications and your app should be there, just copy it.

I was able to put this file on other machines (one running 10.14 and one running 10.13) and run it.

 

[Shirasaki]

Exactly - people go on like they're making macOS less for professionals. Not a single feature has been removed at any point since we first had it - it's just been made more secure for the 98% of people who use it who don't know what to do, shouldn't be accidentally tinkering in the system folders and would be best kept to using software that is signed properly by developers.
[doublepost=1555152748][/doublepost]

See the post literally one step above you - a 5 second Terminal command.

iTunes ability to manage iOS apps and tones are gone in iTunes 12.7. And Apple removes features from time to time. You are right that Apple focuses on the mass, not the professionals. They believe users should never be bothered about tech and specifications, only usage and experience. Its their company after all.

 

[MagnusVonMagnum]

So what if Apple doesn't like MakeMKV or Subler or KODI or a C64 emulator, even. They can just refuse to "notarize" them at some point. The fact they would even LOOK at them means they will eventually say these are being used for nefarious purposes (like buying Blu-Rays and dumping them to the hard drive to avoid Apple's DRM and low-bitrate quality crap). I was just thinking of getting a newer 6-core Mac Mini, but it sounds like unless I buy it immediately I could be stuck with this "notarization" garbage that could easily deny me the right to run the software I want to run. Even then, I'd have to NEVER update the operating system again or there I'm stuck with it. Even if I did THAT, developers could start fleeing left and right from the Mac platform depending on just how Draconian Apple is willing to become.

So my choices are:

1> Stick with Apple that seems to want to protect my privacy on one hand, but wants to play Nanny sitter on the other.
2> Go to Microsoft who seems to want to force upgrades (even if the new update allows a delay, it will eventually force one anyway) and is a much larger target for Malware
3> Go Linux whom no commercial developer wants to support period.

Three strikes and they're out. All three SUCK now. God, it's a sad day for computers.

Yeah, I know the fanboys will think I'm exaggerating, but we predicted this exact scenario like 5 years ago and hell if it's not coming to fruition one OS upgrade at a time. It might be doable in Mojave, but what about the next OS? It's only going to get worse and it's slowly been getting worse.

 

[Ritsuka]

So what if Apple doesn't like MakeMKV or Subler or KODI or a C64 emulator, even. They can just refuse to "notarize" them at some point.

Notarization is an automated process, there is no manual review on the app. Subler has been notarised for almost a year. Anyway, unsigned apps can still be run.

 

[MagnusVonMagnum]

Notarization is an automated process, there is no manual review on the app. Subler has been notarised for almost a year. Anyway, unsigned apps can still be run.

You're telling me Apple couldn't set the Notarization to recognize decryption software (like MakeMKV) and recognize them as malware (as in doing something they deem illegal in the US like remove DRM) and refuse to grant it notarization? I think they could quite easily if they wanted to and given their past refusal with iOS to allow things like emulator software, I'm saying you can't TRUST Apple to play nice in the future. Yes, unsigned apps can still be run NOW, but Apple has said in a future version of macOS coming soon ALL APPS *must* be notarized. Any time you put up a mandatory GATE, you always run the risk of it being used in new and creative ways. Will Notarization mean future developers must pay Apple to get a developer ID or they can't make software? A lot of open source authors will just stop bothering with the Mac if that is the case. You don't work for free and then expect to be charged a fee on top of that....

In short, if this feature has ANY negative effect on the amount or quality of available software for a Mac, it's a bad thing, IMO. The OS should never put itself above the user when it comes to how things are run. It's one of my great problems with iOS. Lack of control. I can't run what I want when I want. You have to BEG Apple to let you do things. They can take it away any time they want to (and have) and have also not allowed software in the past that "competed" with their own. Apple is a very bad player when they want to be and I don't trust them as far as I can spit. I'd feel the same way about Microsoft. These companies are too big and the CEO has too much control over too many people's lives.

 

[Tech198]

This looks good and falls in line with what regular users are presented with. Why should developers get exempted...

The other thing would be there must be an increasing amount of malware to prove to Apple that this is starting get bad..

They wouldn't introduce this to developers just to annoy them.

 

[MagnusVonMagnum]

Yeah right.

The long run is Apple wants a closed system where they get 30% of all software sales for every single Mac, iPhone, iPad, iWach and AppleTV app there is. FREE BILLIONS on top of the hardware for doing NOTHING. Money for Nothing and your chicks for free... --Dire Straits

I can tell you this much. Developers are getting sick of this 30% horse crap. 1/3 of their profits go to Apple for doing NOTHING? My god what a RACKET (as in Racketeering). Pay us this money or else you can't sell/distribute your goods. Sounds like a racket to me....

 

[gnasher729]

Right-click is barely existent for most users Apple tries to shun the context menu as best it can by default. That’s pretty inscrutable, that right click–open bypasses GateKeeper while standard double click does not. But this is noted

Users who don't know about context menu (right-click for mouse users, for many MacBook users it's a two-finger tap) should really not use apps that Gatekeeper doesn't like them to use.
[doublepost=1558982211][/doublepost]

Looks to me like another step to force developers to the mac app store. Does this cost the developers any more money then if they didn't have to do this?

It's free, and it doesn't force you on the AppStore. Basically, when you download a notarized app from the app developer, Apple tells you "we know who this developer is". It doesn't _technically_ prevent malware, but spreading malware when Apple knows who you are is not such a good idea.
[doublepost=1558982529][/doublepost]

Depends if any decent VMs were allowed on MAS. Parallels, VMWare, VirtualBox are currently not.

Are they not allowed, or do the developers just not sell through the app store? VMs are the kind of software where I expect the prospective customers to find it, even if it's not on the app store. So they don't have much reason to sell it through the app store and give money to Apple.
[doublepost=1558983095][/doublepost]

Someone who would want to open unverified apps would likely know more about their Mac than the average user, wouldn't they?

Or they would know less than the average user But in that case, if they can't open unverified apps its probably better that way.

 

[gnasher729]

Of course it's about policing. This process allows them to approve or reject non-Apple software, hosted on non-Apple web sites. It will be interesting to see if Apple will notarize compliant software that they would not otherwise host on their app store.

The whole point of notarization is that the app is not on the AppStore. Apps will be notarised if Apple can identify the developer. If has nothing to do with approval. It has to do with knowing what you are installing.

 

[MagnusVonMagnum]

If has nothing to do with approval

Naive at best. It's putting into place a tool that can later be used to cut off all non-approved software.

Let me put it this way. Just because a leader doesn't start a World War for 6 years after coming into power doesn't mean he's not planning on starting one eventually.... Tim Cook loves control. He knows if he moves too soon to turn the Mac into an iPhone he'll face a backlash. But after years of telling you there's a danger and they're just trying to prevent an attack and little by little you don't notice all your Macintosh freedoms slowly evaporating until one day you realize the Mac is now a big freaking iPhone and Apple's taking 30% and telling you that MakeMKV is pirate software and thus not allowed and your Commodore 64 emulator is pirate software and thus not allowed and your CuBase software competes with Apple's Logic Pro so it's not allowed....

 

[L Caputo]

They got rid of the “open anywhere” option in Sierra. Apps from unidentified developers can only be opened through System Preferences. The dialog that appears when you open unidentified software doesnt give you an option to open it from the dialog anymore

No you don't have yto go into System Preferences, just locate the app in the Applications folder and Control-click on it and you will get another dialogue where you can select to Open the app.