Apple Temporarily Relaxes Notarization Requirements in macOS Catalina for Non Mac App Store Apps

Apple this afternoon reminded developers about upcoming notarization requirements for Mac apps created outside of the Mac App Store.

Apps that are distributed outside of the Mac App Store must be notarized by Apple in order to run on the macOS Catalina operating system set to be released this fall.

Apple says that to make the transition easier on both developers and Mac users, notarization prerequisites have been adjusted until January 2020.

Developers can now have apps notarized that do not meet certain previous requirements, such as an app that uses an older SDK or the inclusion of components not signed by a developer ID.

Apple has a full list of allowances on its developer website:

You can now notarize Mac software that:
- Doesn't have the Hardened Runtime capability enabled.
- Has components not signed with your Developer ID.
- Doesn't include a secure timestamp with your code-signing signature.
- Was built with an older SDK.
- Includes the com.apple.security.get-task-allow entitlement with the value set to any variation of true.

Apple has been requiring new software distributed with a Developer ID outside of the Mac App Store to be notarized in order to run since macOS Mojave 10.14.5.

Apple introduced notarization in macOS Mojave as a way to further protect Mac users from malicious and harmful apps.

For the notarization process, Apple provides trusted non Mac App Store developers with Developer IDs that are required to allow the Gatekeeper function on macOS to install non Mac App Store apps.

Notarization is not required for apps that are distributed through the Mac App Store. More information on notarization can be found on Apple's developer site.

Top Rated Comments

(View all)

JoeCassara

3 weeks ago

>Apps that are distributed outside of the Mac App Store must be notarized by Apple
>in order to run on the macOS Catalina ('https://www.macrumors.com/roundup/macos-10-15/') operating system set to be released this fall.

That's not true.

The situation is nuanced. Apple has stated that you will always be able to run any software of your choosing on macOS -- though you'll encounter some friction in Catalina and, speculatively, in future releases of the OS, requiring you to be explicit in your intentions. Notarization is required for apps signed with a Developer ID certificate, and there are caveats to this requirement depending on several cases.

Without getting mired in developer-speak: relax. This is not Apple cordoning off all unsigned, non-notarized software from macOS.

For the curious, check out these resources:

* https://developer.apple.com/videos/play/wwdc2019/703/
* https://eclecticlight.co/2019/06/07/notarization-in-mojave-and-catalina/

Rating: 19 Votes

casperes1996

3 weeks ago

I assume we'll be able to disable this since it's a Mac?

I’m not a fan. Maybe the world has changed but as a kid running some random program from the web was a rare pleasure. Yeah as I’m thinking about it there is a ton of crap out there. I’m sure they thought about it. We’ll see the effects. What about apps that aren’t being developed anymore?

Is there a way to turn this off in Catalina?

Like SIP there are times when this is not desired and to not be able to turn it off is a major reason not to use Apple hardware.

If there isn’t an option to disable this bs that’s the ultimate rubicon for any real desktop OS.

Hey. I am a software developer, with a Catalina install.

"Disabling it" is a phrasing that I'd have to say, no you cannot to.
But you can ignore it. "Run anyway" so to speak. It's not that it blocks you, it just warns you and makes it more steps to run potentially harmful software. Anything executed from command line will execute like normal, and I believe also if you alt-click and select open.
Furthermore, it's not an app review process. To get notarised doesn't mean Apple needs to approve of what you do. It's an automated process that just checks for security, not content. And it only affects signed software; Thought I'd say software should be signed if intended for release these days.

Rating: 17 Votes

nt5672

3 weeks ago

Is there a way to turn this off in Catalina?

Like SIP there are times when this is not desired and to not be able to turn it off is a major reason not to use Apple hardware.

Rating: 13 Votes

twistedpixel8

3 weeks ago

Signed software *must* be notarised. Unsigned software runs just like before.

Reading comprehension fails a bit too much in this thread.

Not everyone knows what that means. Also that’s not what the article says: it is worded as “all software distributed outside the Mac App Store”.

Rating: 12 Votes

vipergts2207

3 weeks ago

Signed software *must* be notarised. Unsigned software runs just like before.

Reading comprehension fails a bit too much in this thread.

Where in the article does it mention unsigned software not needing to be notarized?

Rating: 12 Votes

RumorConsumer

3 weeks ago

Rating: 11 Votes

ignatius345

3 weeks ago

Signed software *must* be notarised. Unsigned software runs just like before.

Reading comprehension fails a bit too much in this thread.

Don’t get huffy at readers. The article says

Apps that are distributed outside of the Mac App Store must be notarized by Apple in order to run on the macOS Catalina operating system set to be released this fall.

which is apparently a bit misleading, or at least incomplete.

Rating: 7 Votes

Ritsuka

3 weeks ago

Signed software *must* be notarised. Unsigned software runs just like before.

Reading comprehension fails a bit too much in this thread.

Rating: 7 Votes

Blkant

3 weeks ago

“As a reminder, Mac software distributed outside the Mac App Store must be notarized by Apple in order to run on macOS Catalina.“

If there isn’t an option to disable this bs that’s the ultimate rubicon for any real desktop OS.

Rating: 5 Votes