• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

AppleToolBox

Tools and Fixes for Mac, iPad, iPhone & iWatch

Search posts

  • About
  • Contact

CONNECT WITH US

CATEGORIES

  • iPhone
  • iPad
  • iPod
  • Apple Watch
  • Mac/MacBook
  • AirPods
  • Apple TV
  • News
  • Apple Services
  • HomePod
  • Reviews

SITE

  • Home
  • About Us
  • Contact
  • Advertise

Search posts

You are here: Home / Mac / Everything you need to know about app notarization in macOS Catalina

Everything you need to know about app notarization in macOS Catalina

By Mike Peterson 7 comments Last updated September 10, 2019

Apple is going to require an additional certification step for apps distributed outside of the Mac App Store. But before you panic about the openness of the Mac ecosystem, know that the situation is bit more complicated than it seems.

Related:

  • PSA: macOS Catalina will kill your 32-bit apps — here’s what you should know
  • App Store not working in macOS Catalina, How-To Fix
  • Need to run 32-bit apps on macOS Catalina? Use a Mojave virtual machine

That additional step is called app notarization — and Apple actually debuted it back in macOS Mojave. While the mechanism isn’t brand new, the company is implementing a new app notarization requirement in macOS Catalina.

Here’s what you need to know.

Contents

  • What is App Notarization?
  • What’s changing in macOS Catalina?
  • What this means for users & developers
  • When will this take place?
  • What are the implications of app notarization?

What is App Notarization?

App Notarization Header
App notarization isn’t new, but Apple is making a big change to the process starting in macOS Catalina.

In the most basic terms possible, app notarization is essentially a way for Apple to vet or check applications and software distributed outside of the App Store.

Through the notarization process, Apple scans software for malicious content and code-signing issues. App notarization is automated, however. That’s a big difference from the App Store’s review process.

As far as the actual process, there won’t be much change for users. Developers, on the other hand, will need to notarize their app. That will require a Developer ID certificate and actually submitting an app to Apple’s notarization system.

Notarization is meant to be a process to protect users from malware, code injection and other malicious threats. It is not a way for Apple to approve or ban any app from a Mac based on its content. Notarization attaches a ticket to signed apps. Gatekeeper will check for notarization on all non-Mac Store Apps beginning in macOS Catalina.

Putting it another way, Apple isn’t checking for what an app does. Unlike the Mac or iOS App Store, there won’t be any restrictions on what kinds of apps you can download. It’s only checking the app for malicious content and code-signing issues.

What’s changing in macOS Catalina?

In macOS Catalina, Apple is requiring apps distributed outside of the App Store to be notarized before Gatekeeper will give them the green light.

More specifically, Apple says that “all new or updated kernel extensions and all software from developers new to distribution with Developer ID must be notarized in order to run.”

Apple also says that “beginning in macOS 10.15, notarization is required by default for all software.” It’s a bit more complex than that, however.

The changes only specifically apply to newly signed apps and executable code built after June 1, 2019. More than that, software built before April 7, 2019 shouldn’t require notarization in macOS Catalina (at least in theory).

What this means for users & developers

App Notarization
An example of the Gatekeeper dialog box that will pop up when you run a piece of software that has been notarized. Notice the note about Apple checking it for malware.

To be clear, the app notarization requirement will not completely break your apps in macOS Catalina. There has been quite a lot of confusion in the Apple blogosphere over this matter.

Apple will continue to let you run any software that you want on its Mac platform (which differs from its philosophy on iOS). Some media outlets have reported that macOS Catalina won’t run unsigned apps. That isn’t true. At best, it’s misleading.

In other words, you will still be able to run non-notarized and even unsigned apps in macOS Catalina. But there may be additional steps and the process will be overall a bit more complicated.

You won’t be able to “disable” the feature, but you will be able to ignore it in a “run away” capacity. According to some developers, running software from the command line or alt-clicking an app will also bypass Gatekeeper.

What that looks like in practical terms is explicitly ignoring a Gatekeeper popup and perhaps some additional steps not present in past versions of macOS.

On the other hand, Apple has hinted that the situation may even be more complex in a future version of macOS. You may not be able to run non-notarized or unsigned apps at all in an upcoming update.

When will this take place?

Technically, Apple will start requiring that developers notarize their apps in macOS Catalina. By all accounts, macOS Catalina should drop some time this month, possibly during the week of Sept. 16.

Of course, unless you download macOS Catalina, the restrictions won’t apply to you. Despite the new requirements, we still recommend users download the latest Mac updates to mitigate bugs and security threats.

However, Apple recently relaxed some of the notarization requirements to help ease both users and developers through the transition.

For developers, that includes being able to notarize apps that don’t have Hardened Runtime enabled; have not been signed with a Developer ID; or apps that were built with an older SDK than Apple’s more recent toolkits.

These prerequisites apply until January 2020, according to Apple’s documentation on the matter.

What are the implications of app notarization?

Notarized Apps
As we mentioned, app notarization isn’t new. Apple debuted notarization alongside other security measures back at WWDC ’18.

Some developers and users are concerned about the implications of the app notarization requirements in macOS Catalina (and beyond). And at face value, it looks like they could have reason to worry.

Apple could ban any non-notarized software in a future version of macOS. Based on the direction that it’s heading, the process could be as simple as “flipping a switch,” so to speak.

For users who appreciate the fact that macOS is an open operating system — as opposed to something like iOS — the app notarization requirements look like a warning sign. On the other hand, that does appear to be the quickest way to lose the support of enterprising developers and professional Mac users.

But Apple could simply be using app notarization to add a bit of extra security (or security theater) to the Mac without forcing all apps to go through the Mac App Store, as it does for iOS.

In our opinion, and the opinions of many developers, this seems like the most likely scenario. But, of course, it’s hard to predict what Apple is going to do so take this forecast with a grain of salt.

mike - apple
Mike Peterson

Mike is a freelance journalist from San Diego, California.

While he primarily covers Apple and consumer technology, he has past experience writing about public safety, local government, and education for a variety of publications.

He’s worn quite a few hats in the journalism field, including writer, editor, and news designer.

Related Posts:

  • Need to run 32-bit apps on macOS Catalina? Use a Mojave virtual machine
    Need to run 32-bit apps on macOS Catalina? Use a Mojave…
  • The Best Apple Ecosystem Features
    The Best Apple Ecosystem Features
  • Transfer your Time Machine backups to a new drive with this guide
    Transfer your Time Machine backups to a new drive with this…
  • iOS 13 or iPadOS problems and how to fix them - Troubleshooting Guide
    iOS 13 or iPadOS problems and how to fix them -…
  • How To Run Linux On Mac: A Step-by-Step Guide
    How To Run Linux On Mac: A Step-by-Step Guide
  • Mac Tips For New Users In 2023
    Mac Tips For New Users In 2023
  • How to Install Windows 11 on Mac
    How to Install Windows 11 on Mac
  • How To Downgrade From macOS Mojave to macOS High Sierra
    How To Downgrade From macOS Mojave to macOS High Sierra
  • The Best iPhone And Mac Shortcuts For Beginners
    The Best iPhone And Mac Shortcuts For Beginners

Reader Interactions

Write a Comment Cancel reply

Show 7 Comments

  1. Alan says

    February 16, 2021 at 3:10 PM

    Can notarizing an ipa be done on a PC or do I NEED to use a virtual MAC? We create an app for each project so this would be done probably 50 times a year, would the notarization need to happen for each app? We use Flash Builder on PC to create the ipa files currently

    Reply
  2. Harold says

    November 26, 2019 at 8:38 AM

    You can use a third-party to generate an installer for your macOS software that can be quickly code signed and notarized with Apple

    Reply
  3. Duane says

    September 30, 2019 at 3:14 PM

    This effectively excludes multiplat development systems that accurately produce Mac builds from other platforms, unless those developers all purchase a Mac. It will be far easier for Unity3D devs to just stop supporting Macs than concern themselves with notarization especially if Apple can revoke it without explanation or appeal. I know Apple promised that people will be able to get around Gatekeeper if they really really want to, but that places a burden on the user.

    Unless Apple walks this back, the FOSS community and independent game developers will give up on MacOS.

    Reply
    • Brice says

      October 4, 2019 at 6:19 PM

      As a game developer myself too I’m pretty sure it’s gonna be the other way around: game developers just hate diversity and having a notarized approach is – we like it or not – a way to limit this diversity one way or another…

      Reply
    • Brian says

      November 12, 2019 at 12:15 AM

      Unity devs cant build for Mac/iOS without those devices anyway.

      Reply
      • stéphane Martin says

        November 15, 2019 at 12:50 AM

        Brian said: “Unity devs cant build for Mac/iOS without those devices anyway.”
        How ?

        Reply
        • stéphane Martin says

          November 15, 2019 at 1:41 AM

          Sorry I’ve read too fast.

          Reply

Primary Sidebar

Recent Posts

  • iPad Screen Missing Some Touches: How to Fix
  • How to Reset HomePod or HomePod Mini
  • Icons Showing Above Keyboard When Texting on iPhone: How to Close Them
  • How to Use Face ID With Incognito Tabs in Chrome on iPhone
  • Best Mastodon Apps for iPhone, iPad, and Mac
  • How to Remove or Reschedule an Event in Apple Calendar

Connect with us

Footer

ABOUT

  • About Us
  • Contact us
  • Advertise
  • Privacy
  • Terms of Use

GUIDES

  • iOS 13 & iPadOS
  • Apple ID
  • iCloud
  • App Store
  • iTunes
  • FaceTime
  • iMessage
  • Siri
  • Books and iBooks
  • Game Center
  • AirPlay

CONNECT

  • Facebook
  • Twitter
  • FeedBurner
  • YouTube

© Copyright 2010-2023 Guiding Tech Media · All Rights Reserved

This site and its content are in no way affiliated or endorsed by Apple, Inc. · Reproduction without explicit permission is prohibited