Apple eases app notarization conditions ahead of macOS Catalina release

Posted:
in macOS edited September 3
Apple on Tuesday adjusted app notarization requirements for macOS Catalina ahead of the operating system's launch this fall, saying it will temporarily ease a stringent set of prerequisites as developers work to bring their apps in compliance with the new guidelines.

Gatekeeper


Outlined in a post to Apple's official developer website, the changes are designed to help developers transition to macOS Catalina's new app notarization policies, while at the same time maintaining a high level of security for end users.

Announced at the Worldwide Developers Conference in June, Catalina will be Apple's first Mac operating system to require app notarization. The stipulation impacts apps distributed outside of the Mac App Store, which must now be vetted by Apple before they are allowed to run on user machines.

In today's post, Apple reminded developers of the pending requirements, but said it will temporarily adjust notarization guidelines in a bid to help developers working to complete what appears to be an onerous task. The relaxation will also protect users who continue to use older versions of third-party software on Catalina, Apple said.

Under the interim terms, Apple will notarize apps that do not have the Hardened Runtime capability enabled, include components not signed by a Developer ID, do not include a secure timestamp with a developer's code-signing signature, was built using an older SDK, or include a "get-task-allow" security entitlement.

The provisional notarization guidelines will remain in effect until January 2020.

Apple's next-generation Mac operating system is anticipated for release this fall, likely after a special media event set for Sept. 10.

Comments

  • Reply 1 of 11
    ...here we go again...
    I've been voting no with my wallet.
    'digital fatigue'...? Hmmm...
    edited September 3
  • Reply 2 of 11
    lkrupplkrupp Posts: 7,311member
    ...here we go again...
    I've been voting no with my wallet.
    'digital fatigue'...? Hmmm...
    And what, exactly, is your problem with Apple hardening its requirements for safety and security? In my opinion it will serve to root out half-assed developers who cobble together some crummy code and try to sell it to unsuspecting Mac users, like the Hallmark Card Studio apps that are little more than Windows ports. And for those developers who don’t play by the rules and won’t participate in any of the programs Apple offers, well, to hell with them. I’d like to see a list of all the developers who have abandoned their software and either won’t or can’t make their code compatible with Catalina. It’s going to be a slaughterhouse for the users who unknowingly update to Catalina only to find that the wonder-app they’ve been using won't work anymore.
    edited September 3 Soli
  • Reply 3 of 11
    It’s going to be a slaughterhouse for the users who unknowingly update to Catalina only to find that the wonder-app they’ve been using won't work anymore.
    Is that in the end actually the point...?

    dysamoria
  • Reply 4 of 11
    It’s going to be a slaughterhouse for the users who unknowingly update to Catalina only to find that the wonder-app they’ve been using won't work anymore.
    Is that in the end actually the point...?

    You're both wrong. This was discussed in the thread on the new Gatekeeper requirements. You can still bypass Gatekeeper, or disable it altogether if you need to. This is unrelated to 64bit requirements, however.

    From WWDC 2019, session 701:

    edited September 3 CloudTalkin
  • Reply 5 of 11
    lkrupp said:
    ...here we go again...
    I've been voting no with my wallet.
    'digital fatigue'...? Hmmm...
    And what, exactly, is your problem with Apple hardening its requirements for safety and security? In my opinion it will serve to root out half-assed developers who cobble together some crummy code and try to sell it to unsuspecting Mac users, like the Hallmark Card Studio apps that are little more than Windows ports. And for those developers who don’t play by the rules and won’t participate in any of the programs Apple offers, well, to hell with them. I’d like to see a list of all the developers who have abandoned their software and either won’t or can’t make their code compatible with Catalina. It’s going to be a slaughterhouse for the users who unknowingly update to Catalina only to find that the wonder-app they’ve been using won't work anymore.
    Well actually {pushes up glasses} that's not true.  They won't find that their wonder-app won't work because it will work.  What they will be getting is pop up dialog boxes basically asking them to be sure this is what they want to do.  More of an annoyance like Microsoft's UAC pop up.  It was explained in the security talk from WWDC.  It's approximately 10 minutes into the video. https://developer.apple.com/videos/play/wwdc2019/701/

    People on both sides of the debate seem way too ill-informed.  Detractors and supporter seem to be equally lacking in factual information.

    edited September 3 mobirdracerhomie3fastasleepgatorguy
  • Reply 6 of 11
    croprcropr Posts: 961member
    lkrupp said:
    ...here we go again...
    I've been voting no with my wallet.
    'digital fatigue'...? Hmmm...
    And what, exactly, is your problem with Apple hardening its requirements for safety and security? In my opinion it will serve to root out half-assed developers who cobble together some crummy code and try to sell it to unsuspecting Mac users, like the Hallmark Card Studio apps that are little more than Windows ports. And for those developers who don’t play by the rules and won’t participate in any of the programs Apple offers, well, to hell with them. I’d like to see a list of all the developers who have abandoned their software and either won’t or can’t make their code compatible with Catalina. It’s going to be a slaughterhouse for the users who unknowingly update to Catalina only to find that the wonder-app they’ve been using won't work anymore.
    You are clearly not a developer, completely underestimating the loss of productivity for developers releasing their software.   I am developing software on iOS, Android, Windows, Linux and macOS.  On iOS it takes 2 days to put a new version of an app in production, on the other open platforms 30 minutes.  For critical bug fixes, the damages on technical on commercial level during these 2 days can be huge.

    Signing an app does improve the integrity of the download, not allowing any hacker to change the content of the app package. So as a user you are certain that the app behaves as the developer intended.  

    But signing does not increase the security if the app, because macOS is an open platform, where the developer has basically 100% freedom to do what he wants.  Apple cannot put technical limitations on the features of apps on macOS: half of the apps would just stop functioning or would not make sense anymore.  So in terms of safety and security the user will always have to trust the developer.

    My feelings are that Apple is not really honest about its intentions.  Time will tell, but the hidden agenda might be that Apple wants to get more control  and eventually force the app developers to the iPhone model, guaranteeing a 30% cut for basically doing nothing. 

    edited September 4 gatorguy
  • Reply 7 of 11
    bwillbwill Posts: 1unconfirmed, member
    This relaxation can only come from Microsoft or Adobe. Apple doesn't care about the small developers at all. So this must come from the large players. My software is already notarized, thanks the Gods. And what an annoyance that is.
  • Reply 8 of 11
    cropr said:
    lkrupp said:
    ...here we go again...
    I've been voting no with my wallet.
    'digital fatigue'...? Hmmm...
    And what, exactly, is your problem with Apple hardening its requirements for safety and security? In my opinion it will serve to root out half-assed developers who cobble together some crummy code and try to sell it to unsuspecting Mac users, like the Hallmark Card Studio apps that are little more than Windows ports. And for those developers who don’t play by the rules and won’t participate in any of the programs Apple offers, well, to hell with them. I’d like to see a list of all the developers who have abandoned their software and either won’t or can’t make their code compatible with Catalina. It’s going to be a slaughterhouse for the users who unknowingly update to Catalina only to find that the wonder-app they’ve been using won't work anymore.
    You are clearly not a developer, completely underestimating the loss of productivity for developers releasing their software.   I am developing software on iOS, Android, Windows, Linux and macOS.  On iOS it takes 2 days to put a new version of an app in production, on the other open platforms 30 minutes.  For critical bug fixes, the damages on technical on commercial level during these 2 days can be huge.

    Signing an app does improve the integrity of the download, not allowing any hacker to change the content of the app package. So as a user you are certain that the app behaves as the developer intended.  

    But signing does not increase the security if the app, because macOS is an open platform, where the developer has basically 100% freedom to do what he wants.  Apple cannot put technical limitations on the features of apps on macOS: half of the apps would just stop functioning or would not make sense anymore.  So in terms of safety and security the user will always have to trust the developer.

    My feelings are that Apple is not really honest about its intentions.  Time will tell, but the hidden agenda might be that Apple wants to get more control  and eventually force the app developers to the iPhone model, guaranteeing a 30% cut for basically doing nothing. 

    The 30% cut that funds the Distribution in the App store and associated promotions. And all that detailed financial reporting? And the direct deposit of the 70% into your bank account? 2 days to review an app is only when the app has changes. Quick bug fixes are often ‘reviewed’ in under 24 hours in my experience.  The 30% Apple takes is a bargain for what they provide.
  • Reply 9 of 11
    "The stipulation impacts apps distributed outside of the Mac App Store, which must now be vetted by Apple before they are allowed to run on user machines. " Incorrect. Gatekeeper prompts can still be bypassed. Please update the article to reflect this.
  • Reply 10 of 11
    lkrupplkrupp Posts: 7,311member
    lkrupp said:
    ...here we go again...
    I've been voting no with my wallet.
    'digital fatigue'...? Hmmm...
    And what, exactly, is your problem with Apple hardening its requirements for safety and security? In my opinion it will serve to root out half-assed developers who cobble together some crummy code and try to sell it to unsuspecting Mac users, like the Hallmark Card Studio apps that are little more than Windows ports. And for those developers who don’t play by the rules and won’t participate in any of the programs Apple offers, well, to hell with them. I’d like to see a list of all the developers who have abandoned their software and either won’t or can’t make their code compatible with Catalina. It’s going to be a slaughterhouse for the users who unknowingly update to Catalina only to find that the wonder-app they’ve been using won't work anymore.
    Well actually {pushes up glasses} that's not true.  They won't find that their wonder-app won't work because it will work.  What they will be getting is pop up dialog boxes basically asking them to be sure this is what they want to do.  More of an annoyance like Microsoft's UAC pop up.  It was explained in the security talk from WWDC.  It's approximately 10 minutes into the video. https://developer.apple.com/videos/play/wwdc2019/701/

    People on both sides of the debate seem way too ill-informed.  Detractors and supporter seem to be equally lacking in factual information.

    Well I guess I’m talking about something off topic and that’s my fault. When I say slaughterhouse I’m talking about all the 32 bit apps out there that people still use. Are you saying that 32 bit apps will still run on Catalina? Apologies for the misunderstanding.
  • Reply 11 of 11
    lkrupp said:
    lkrupp said:
    ...here we go again...
    I've been voting no with my wallet.
    'digital fatigue'...? Hmmm...
    And what, exactly, is your problem with Apple hardening its requirements for safety and security? In my opinion it will serve to root out half-assed developers who cobble together some crummy code and try to sell it to unsuspecting Mac users, like the Hallmark Card Studio apps that are little more than Windows ports. And for those developers who don’t play by the rules and won’t participate in any of the programs Apple offers, well, to hell with them. I’d like to see a list of all the developers who have abandoned their software and either won’t or can’t make their code compatible with Catalina. It’s going to be a slaughterhouse for the users who unknowingly update to Catalina only to find that the wonder-app they’ve been using won't work anymore.
    Well actually {pushes up glasses} that's not true.  They won't find that their wonder-app won't work because it will work.  What they will be getting is pop up dialog boxes basically asking them to be sure this is what they want to do.  More of an annoyance like Microsoft's UAC pop up.  It was explained in the security talk from WWDC.  It's approximately 10 minutes into the video. https://developer.apple.com/videos/play/wwdc2019/701/

    People on both sides of the debate seem way too ill-informed.  Detractors and supporter seem to be equally lacking in factual information.

    Well I guess I’m talking about something off topic and that’s my fault. When I say slaughterhouse I’m talking about all the 32 bit apps out there that people still use. Are you saying that 32 bit apps will still run on Catalina? Apologies for the misunderstanding.
    Oh no, 32 bit apps won't be invited to the Catalina party.  They're dead.  Won't run at all on Catalina.  As you've already figured out, that ain't related to this particular subject.  It's all good.  We all err from time to time.  
    gatorguy
Sign In or Register to comment.