After announcing Notarized apps at a security-focused session at the 2018 Worldwide Developers Conference, Apple is today telling developers to submit their apps for notarization — a currently optional but soon to be mandatory step for non-App Store software from known developers, designed to protect both users and developers from malware.
As of now, Apple’s Gatekeeper serves as a barrier to app installation, presenting users with a dialog box that flags each app as potentially untrustworthy before allowing users to manually install it. Apps from developers with Apple developer ID certificates are considered more trustworthy by Gatekeeper, but the next stage is app-specific trust verification.
Notarization is exclusive to the recently released macOS Mojave, and provides an assurance that the specific download — not just the developer — has been checked for malware. Developers submit their apps to Apple for notarization, and each specific app release gets notarized to indicate that it’s malware-free. When users first try to open notarized apps, Apple notes that “they’ll see a more streamlined Gatekeeper dialog and have confidence that it is not known malware.”
Developers also get another advantage: If a problem is found in a specific app build, Apple can simply pull that build’s notarization rather than yanking the developer’s trust certificate altogether. Apple has said that the notarization process is solely a security check and not an app review, which hopefully means that developers won’t encounter unreasonable delays.
For now, non-App Store apps don’t require notarization, but that’s going to change. “In an upcoming release of macOS,” Apple says, “Gatekeeper will require Developer ID signed software to be notarized by Apple.” In other words, while this won’t stop unknown developers from trying to slip malware into apps, it will increase the likelihood that non-App Store apps from trusted developers will be safe, and may push more developers to distribute through the App Store instead.