Notarization is an optional step in the app development process, but macOS’s Gatekeeper will soon require that any signed apps distributed outside Mac App Store be notarized by Apple.
What is Developer ID?
In today’s post inviting developers to get their Mac software notarized for Mojave’s Gatekeeper, Apple said that Gatekeeper in “an upcoming release of macOS” will require all Mac apps signed with Developer ID to be notarized by the company.
Gatekeeper settings in macOS
Developer ID was added in Mountain Lion to permit properly signed apps distributed outside Mac App Store to run on Macs with the default Gatekeeper security level enabled. More recent versions of Developer ID have also offered iCloud services to apps released outside App Store.
Gatekeeper warning: Mojave vs. High Sierra
Before Mojave, opening an app from an unidentified developer threw a scary warning saying it was downloaded from the Internet, asking if you’d really like to open it. The wording and the design of the dialog made it sound like you were about to launch a piece of malware.
You can easily override this warning without changing your Gatekeeper security level.
The somewhat scary Gatekeeper dialog in older macOS editions
Simply right-click an app’s icon, then choose Open from the popup menu. On Mojave, Gatekeeper warnings for notarized apps are less alarming. When you first open a notarized app, installer package or disk image on Mojave, you’ll see a more streamlined Gatekeeper dialog that should give you confidence that you’re not trying to open known malware.
The user-friendlier Gatekeeper dialog in Mojave
Apple describes a notarized app as a macOS app uploaded to them for processing before it’s distributed in a non-Mac App Store environment, like the developer’s official website.
App notarization gives the user more confidence that they’re not using malware or an app that will steal their identity or hijack personal data. Apple’s Notary Service automatically scans Developer ID-signed software and performs security checks.
From ArsTechnica’s review of macOS Mojave:
Apple’s Notary Service will examine signed, ready-to-distribute app packages submitted by developers to make sure they don’t contain malware, that all executables are signed correctly and that the apps use the new SIP enhanced runtime.
And this is Apple’s description of app notarization:
A notarized app is a macOS app that was uploaded to Apple for processing before it was distributed. When you export a notarized app from Xcode, it code signs the app with a Developer ID certificate and staples a ticket from Apple to the app. The ticket confirms that you previously uploaded the app to Apple.
macOS Mojave 10.14 does not prevent you from launching notarized apps when Gatekeeper is enabled. When you first launch a notarized app on Mojave, Gatekeeper simply looks for the app’s ticket online as a proof that the code hasn’t been tampered with.
If the user is offline, Gatekeeper looks for the ticket that was stapled to the app.
When a future macOS version moves app notarization from optional to required, Apple will probably change the current “App Store and identified developers” Gatekeeper level to require notarization. Or, as ArsTechnica speculated, there could be a fourth Gatekeeper security level at some point in between “App Store and identified developers” and “App Store only.”