Apple Request Developers to get macOS apps notarized
The introduction of macOS Mojave, Apple has introduced notarization for Mac applications that are offered outside of the Mac App Store. The component is intended to shield Mac user’s malicious apps.
Apple is sending messages to developers, urging them to present their applications to Apple to be notarized.
macOS Mojave gives Mac users significant trust in the app distributed outside the Mac App Store by submitting it to Apple to be notarized. At the point when users on macOS Mojave first open a notarized app, installer, or picture, they’ll see a more streamlined Gatekeeper discourse and can be assured that it is not some malware.
The new process closes a gap in macOS Gatekeeper protections, which previously checked whether an app outside the Mac App Store was signed with a legitimate Apple developer ID certificate, but the check didn’t extend to each app itself.
Apple says the most secure option for users is to only install apps published on the Mac App Store, which it vets, while Gatekeeper is employed when users configure security setting to allow apps to be downloaded from the “App Store and identified developers”.
Gatekeeper relies on Apple-issued developer ID certificates to minimize the risk of malicious macOS apps downloaded from the internet.
Apps that are notarized by Apple indicate that the developer ID app was also uploaded to Apple and passed a security check before it was distributed on the internet. This should help reduce the risk of apps from a known developer ID being tampered with and then distributed to users.
There were a few instances in recent years when attackers used legitimate Apple developer IDs and then released tampered versions of legitimate macOS apps to infect users with malware. These apps weren’t blocked by Gatekeeper until Apple revoked the developer’s signing certificate.
With Mojave, the first time users launch an app from an identified developer outside the App Store, the Gatekeeper dialog will say, ‘Example app’ was downloaded from the internet and then ask whether you’re sure you want to open it. It also states the time Safari download the app and that “Apple checked it for malicious software and none was detected”.
If an app hasn’t been notarized, the dialog will show a yellow warning triangle with an exclamation mark with no message that Apple has checked it for malware.
“When users on macOS Mojave first open a notarized app, installer package, or disk image, they’ll see a more streamlined Gatekeeper dialog and have confidence that it is not known malware,” Apple notes in a developer update.
As the Apple support page elucidates further how users can still download apps that have neither a developer ID linked to it or has been notarized by Apple. These apps will generate a Gatekeeper security alert before installing, but users can override Mac security settings.
While it’s not necessary today for makers of developer-ID signed apps to have them notarized, Apple notes that in a future release of macOS, Gatekeeper will require this software to be notarized.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.