In an updated developer documentation released yesterday, Apple has announced its plans to make notarization a default requirement for all software in the future. Now, starting from macOS 10.14.5, all new software distributed with a new Developer ID must be notarized in order to run.
“Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. In a future version of macOS, notarization will be required by default for all software.” writes Apple in a blog post.
What is notarization?
First introduced in macOS Mojave for apps distributed outside of the Mac App Store, Apple’s notary service is an automated system that scans software for malicious content and checks for code-signing issues. Based on these checks, notarization generates a ticket and publishes that ticket online where Gatekeeper (Apple’s flagship security feature) can find it and deem it as notarized. The Gatekeeper then places descriptive information in the initial launch dialog to help the user make an informed choice about whether to launch the app.
macOS 10.14.5 requires new developers to notarize
Apple has encouraged Mac app developers to submit their apps to Apple to be notarized. The Gatekeeper dialog has also been streamlined to reassure users that an app is not known malware. For non-Mac App Store developers, Apple provides a Developer ID that is required to allow the Gatekeeper function on macOS to install non-Mac App Store apps without extra warnings. However, from macOS 10.14.5 onwards, all new software distributed with a new Developer ID will need to go through the notarization process for their apps to work on the Mac.
Apple notes that some preexisting software might not run properly after being successfully notarized. For example, “Gatekeeper might find code signing issues that a relaxed notarization process didn’t enforce.” They recommend developers to always review the notary log for any warnings, and test the software before distribution.
Developers will not need to rebuild or re-sign their software before submitting it for notarization, but they must use Xcode 10 to perform the notarization steps. More information on notarization can be found on Apple’s developer site.
Some Hacker News users were unsure of what Apple means by “by default”.
“kind of makes it sound like all software will have to be notarized, which implies that you have to be an Apple Developer to distribute at all. But saying “by default” makes it seems like there’s some kind of option given to the user, so maybe it just means that software that’s distributed by a registered Apple Developer but isn’t notarized just moves down into the third tier of software that has to be explicitly allowed to run by the user.”
“I interpret the “by default” as meaning the exact same thing as “Developer ID is required by default for Mac apps” today. Or in other words, I would assume that getting around a non-notarized app in the future would have the exact same sequence of steps as getting around a non-Developer ID-signed app today.”
“I’d read the ‘by default’ as it being turned on system-wide and up to the user to override on a per case basis. Of course, Apple’s ideal model is that they want everything going through them. They’re going to enable it ‘by default’ and if customers don’t scream too much, they’ll likely make it mandatory a release or two later.”