This is How Notarization Will Work for iOS Apps Distributed Through Alternative App Stores
Apps that are distributed through alternative app stores in EU countries will need to submit to a notarization process that's similar to the notarization process for Mac apps. According to Apple, Notarization applies to all apps, and it is a process focused on privacy, security, and maintaining device integrity.
Apple is aiming to ensure that apps do not have viruses, malware, or other security threats, and that they function as promised without exposing users to "egregious fraud."
Notarization will check for the following:
- Accuracy - Apps are required to accurately represent the developer, capabilities, and costs to users.
- Functionality - Binaries must be reviewable, free of serious bugs or crashes, and compatible with the current version of iOS. Software or hardware cannot be manipulated in ways that negatively impact the user experience.
- Safety - Apps cannot promote physical harm of the user or public.
- Security - Apps cannot enable distribution of malware, or suspicious or unwanted software. They also cannot download executable code, read outside of the container, or direct users to lower the security on their system or device. Apps also must provide transparency and allow user consent to enable access to the system or device, or to reconfigure the system or other software.
- Privacy - Apps cannot collect or transmit private, sensitive data without a user's knowledge or in a manner contrary to the stated purpose of the software.
The malware and virus portion of the notarization process will be automatic, but there will also be a human review to make sure that apps are functioning as advertised.
Apple plans to encrypt and sign all iOS apps intended for alternative distribution to ensure that users are getting apps from known parties and to protect developers' intellectual property.
Notarized apps will be double checked during installation to ensure that they have not been tampered with and that installation was initiated through an authorized web browser. An iOS app that is found to have known malware after it's been installed will be prevented from launching on a user's device and new installations will be revoked.
Compared to the App Store review process, Notarization will not check apps for quality or content. Apple's App Store rules do not allow for content that is "offensive, insensitive, upsetting, intended to disgust, in exceptionally poor taste, or just plain creepy," and this content guideline will not apply to apps installed through alternative stores.
Information from Notarization will be used for app installation sheets that will be presented to end users. Apple will offer at-a-glance information about apps and their functionality that users can review before deciding to install an app through an alternate app store.
According to Apple, the Notarization system is aimed at providing "basic protections" that will reduce "some of the new risks" that are created by alternative app distribution. Apple says that it will not set the "same high bar for privacy and security" as the App Store review process.