Notarization of apps hasn’t been one of Mojave’s headline features, perhaps because it’s currently voluntary, and its virtues are subtle rather than blatant. It’s also something very positive which Apple is doing for those developers who don’t or can’t distribute their products through the App Store, which goes against the popular story of Apple wanting to close the macOS app market in order to boost its income from its own store.
A notarized app comes with no guarantee that it’s flawless and perfectly functional. There are though two important steps which it must complete, which should give users high confidence that it is neither malware, nor trying to rob you of your personal data.
First, before the app can even be submitted for notarization by Apple, it must be hardened. This limits what the app can do; for example, if it wants to access protected data, hardware, or services, it must declare that in the form of an entitlement, in a similar system to that used for the App Store. With Mojave’s new privacy system, any attempt to use such an entitlement correctly will still result in you being asked to give your consent.
Then, having been restricted by those declared entitlements, the app is submitted to Apple to be checked to determine whether it contains any malware. If Apple is happy that it looks clean, then that specific version of that specific app is given an additional signature ‘stapled’ into it, and has been officially notarized.
Given that, at least for the next year, notarization is only voluntary, what effect does it have on you the user, and how can you tell whether an app is notarised, as a developer might claim?
If you want to check formally, my free app Taccy from Downloads above will now tell you whether any macOS app has been notarized. If you prefer to do this yourself at the command line, use something like
spctl -a -v /pathto/appname.app
where /pathto/appname.app specifies the location and name of the app bundle. Both Taccy and
spctl need to be run in Mojave in order to know about notarization, though.
But you don’t have to go out of your way: the chances are that you will have downloaded the app, and its quarantine flag will be set, forcing it to undergo full Gatekeeper checks when it is run for the first time.
Normally, you’d then see this type of dialog, in which the Security & Privacy pane icon is defaced by a yellow caution sign. That app hasn’t been notarized, merely signed using a regular Developer ID.
If the app has been notarized, there are subtle but important differences in the dialog shown. There’s no defacement by the yellow caution sign, and the information text bears the additional words:
Apple checked it for malicious software and none was detected.
This only occurs in Mojave, though.
When you have previously opened that app and its quarantine check has already been performed, there is nothing obviously different about a notarized app. But Taccy and
spctl can still find out for you, if you wish.
Apple doesn’t charge developers for this service: it is completely free, and both rapid and very efficient. It only applies to apps which are distributed outside the App Store, those for which Apple gets no direct financial return. Unlike the App Store’s restrictive rules, hardening very seldom gets in the way of anything that a legitimate macOS app might want to do, so it doesn’t impose any significant constraints on the great majority of third-party products.
Best of all, deceptive exfiltration of browser histories as performed by some former App Store apps is simply not possible in a notarized app running in Mojave. That has got to be yet another good reason for upgrading.