Apple will enforce app notarization for macOS Catalina in February
Apple has warned developers it will be reinstating the app notarization requirements it set out for macOS Catalina, with the transition period affecting macOS software distributed outside the Mac App Store ending at the start of February 2020.
New app notarization policies meant for macOS Catalina was announced in June at the Worldwide Developers Conference, with an intention to ensure the security of end users. To ensure the rollout of macOS Catalina was smooth, the full enforcement of the requirements was delayed, but an announcement by Apple reveals that time will end in early 2020.
In a post to the Apple Developer site, Apple confirms "all submitted software must meet the original notarization prerequisites" starting from February 3, 2020.
The new policies require developers to submit their apps to Apple to go through a notarizing security process, or they won't run in macOS Catalina. An extension to the existing Gatekeeper process that previously allowed notarization as an option, the requirement is designed to ensure downloaded software is from the source users believe it is from.
Notarized apps are scanned automatically by Apple for security issues and malicious code. While the Mac App Store apps undergo stringent checks before being made available, Notarization aims to provide a similar level of safety and security to users downloading apps from third-party servers, such as those owned and managed by an app's developer.
Under interim terms that commenced in September, Apple notarizes apps that do not have the Hardened Runtime capability enabled, include components not signed by a Developer ID, do not include a secure timestamp with a developer's code-signing signature, was built using an older SDK, or include a "get-task-allow" security entitlement.
The period allowed developers to complete the notarization process, as well as protecting users using older versions of third-party software on Catalina.
Apple warns developers who have yet to upload their software to the notary service to do so and to review developer log warnings. The warnings will become errors from February 3, and will need to be fixed in order for the software to become notarized.
New app notarization policies meant for macOS Catalina was announced in June at the Worldwide Developers Conference, with an intention to ensure the security of end users. To ensure the rollout of macOS Catalina was smooth, the full enforcement of the requirements was delayed, but an announcement by Apple reveals that time will end in early 2020.
In a post to the Apple Developer site, Apple confirms "all submitted software must meet the original notarization prerequisites" starting from February 3, 2020.
The new policies require developers to submit their apps to Apple to go through a notarizing security process, or they won't run in macOS Catalina. An extension to the existing Gatekeeper process that previously allowed notarization as an option, the requirement is designed to ensure downloaded software is from the source users believe it is from.
Notarized apps are scanned automatically by Apple for security issues and malicious code. While the Mac App Store apps undergo stringent checks before being made available, Notarization aims to provide a similar level of safety and security to users downloading apps from third-party servers, such as those owned and managed by an app's developer.
Under interim terms that commenced in September, Apple notarizes apps that do not have the Hardened Runtime capability enabled, include components not signed by a Developer ID, do not include a secure timestamp with a developer's code-signing signature, was built using an older SDK, or include a "get-task-allow" security entitlement.
The period allowed developers to complete the notarization process, as well as protecting users using older versions of third-party software on Catalina.
Apple warns developers who have yet to upload their software to the notary service to do so and to review developer log warnings. The warnings will become errors from February 3, and will need to be fixed in order for the software to become notarized.
Comments
Our company's operation depends on in-house software.
the server-side rules have changed, absolutely nothing on the client side is changing.
I so dislike the implementation.
I hope the above still works.
These dialogs are annoying enough as they are now let alone with more in Catalina - I want Gatekeeper to be silent unless it detects a malicious binary; not pestering me each time I run something unsigned that's new or updated. The commonality of the "do you give permission to open" dialogs is such that they're probably at a level that people automatically click OK every time they see them anyway without considering their message. I fear these dialogs will end up similarly meaningless to the Windows Vista (and 7 to some extent) UAC authentication dialogs.
Really? I use maybe 30 pro apps for design/development, and haven't seen anything "miserably broken" in Catalina.
But maybe I'm actually imagining all that, and in reality I'm writing poems in pages.
Yeh, that's a legitimate concern -- and it echos the ongoing battle between control versus free-wheeling that has been ongoing in the computer industry since the 90's:
2b) Cost to develop and maintain
On the flip side of that were hot-shot power users with a PC who's claim to fame was being able to develop an "Application" in days or weeks rather than months and years and at a small fraction of the cost -- and they could! They weren't lying.
But, the part they missed was the #1 requirement for mainframe based systems: Absolute, uncompromising integrity of both software and data. And that meant it was always 100% accurate and never, ever failed. (Can you imagine telling 4,000 steel workers that they wouldn't get paid because the computer had died? Or, the programmer/operator was sick with the flu?). As such, the mainframe systems incorporated multiple, expensive and complex layers to insure that they never failed. Ever.
I do plenty of automated testing on the software I write, and it all works fine in Catalina.
Shame be upon you Apple for losing your way under this guise or facade you've set forth. Mojave might be our OS of choice for the next 5 years or so until we figure out another option.
They won't stop that. Ninnies are running around screaming 'The sky is falling! for no fucking reason. It's one thing to ponder possibilities, but being little wussies about it is just silly at best.
Get a grip. Run the sudo if you want. I won't, and Apple would be smart to block it. They have three hurdles you can jump at your own peril. If you want to side load an app that bad, it's on you, and that's ok. They know there's good software outside of the garden walls their users need and they won't deny that.