hoakley December 15, 2019 Macs, Technology

Catalina 10.15.2 has changed Gatekeeper’s dialogs to confuse notarization status

If you’ve updated to macOS Catalina 10.15.2 and installed any notarized apps since, you might have noticed that something has gone missing. Do you remember that dialog shown by Gatekeeper when you first open a notarized app, telling you that “Apple checked it for malicious software and none was detected”? Well, that sentence has now vanished. Instead, that dialog now looks very similar to the pre-Catalina dialog for non-notarized apps.

The only significant difference is that the Gatekeeper icon isn’t here defaced by a yellow warning triangle.

If you then go and check that dialog against Apple’s support note explaining how Gatekeeper works in Catalina and earlier, you’ll see that this new dialog doesn’t appear to exist in Catalina. You could be forgiven for assuming that your system had been subverted by malware, or the app you were just trying to open wasn’t notarized at all.

Indeed, Apple’s words there indicate that without this statement about Apple’s check for malicious software, the dialog could itself be malicious: “An app that has been notarized by Apple indicates that Apple checked it for malicious software and none was detected”. Many users interpret this as meaning that those specific words are Gatekeeper’s recognition that the app you are trying to open has been notarized. Without those words, surely that app hasn’t been notarized?

Other Gatekeeper dialogs don’t appear to have changed, though. Trying to open a non-notarized app with its quarantine flag set still shows the normal refusal.

And trying to bypass that using the Finder’s Open command still shows the extended three-button variant.

Full marks to Apple to making an unannounced and undocumented change which the observant user will almost certainly misinterpret badly.

Of course, as this is the result of a third-party product they’re trying to open, they won’t contact Apple Support, but that for the app. I’ve a good mind to bill Apple for all the support that I’m providing to cover the fact that Apple makes arbitrary changes at its whim without informing developers or users, and leaves us all wondering what the hell is going on.

Postscript

On further checking, the Gatekeeper first run dialog has changed more than shown above. Although I don’t appear to have an image of it in the initial release of Catalina, here it is in Mojave 10.14.6 (fully patched):

Here it is in Catalina 10.15.1, which shows that Apple had already removed the statement about checking for malicious software before 10.15.2:

And here for the sake of comparison is 10.15.2:

Maybe Apple wants to distance itself from the reliability of its checks for malware now. If it is going to change such critical dialogs so capriciously, at least it could keep its documentation up to date so that users know what they are supposed to see.

Perhaps our biggest lesson should be that hardly anyone reads important security dialogs like these any more, perhaps because they’re bombarded by so many. Have security and privacy dialogs perhaps become so commonplace as to be worthless?

I am very grateful to @12nanometers, who first drew my attention to this change, when he was concerned that my notarized apps weren’t notarized after all.

14Comments

Add yours

1

M.A. on December 15, 2019 at 10:51 pm

Perhaps it belatedly occurred to someone in PR (or the legal department) that it might look rather bad to so prominently mention that Apple detected no malware – if it later turns out that they let something major slip through the net 🧐

LikeLiked by 1 person
- 2
  
  hoakley on December 16, 2019 at 12:06 am
  
  Thank you.
  But according to Apple, the main point of notarization is that Apple has checked the software for malware. If Apple is now going to pretend that it hasn’t, or that its checks aren’t reliable, then notarization has been a complete waste of time and effort. That would be a very serious admission to make.
  Howard.
  
  LikeLike
3

Apple-fun on December 16, 2019 at 12:45 am

I wish Apple would have a proper changelog for their operation systems. Sadly this has never been the case and that is very sad.

LikeLiked by 1 person
4

Wil van Antwerpen on December 16, 2019 at 1:00 pm

Looks like apple is trying to push harder to only release via the App Store.
I’m not sure that that is what will happen though.

What they end up with is having macOS look more like Windows and that’s not exactly a great thing. Less is more in this case.

LikeLiked by 1 person
- 5
  
  hoakley on December 16, 2019 at 5:55 pm
  
  I’m not sure. My recent experience with the Notary Service remains good. I just can’t understand why they keep tinkering with these dialogs, and never update the documentation for users or developers. No wonder no one seems to notice – people have learned to ignore the text content and just click OK.
  For a security dialog, that’s alarming, and defeats its whole purpose of giving the user an informed choice.
  Howard.
  
  LikeLike
  - 6
    
    Wil van Antwerpen on December 16, 2019 at 6:31 pm
    
    Yep, that is why I said “Less is more”.
    More popup dialogs to click away just means that people stop reading and just click whatevery option gets them past the popup.
    
    I have no problem with the notarization requirement and understand it can help. But if you get a popup anyways then developers might not bother taking that extra step.
    
    Let me put it this way, the extra popup is not helping. The user already knew they downloaded the app from the internet and it does look a lot like a warning, even without the yellow triangle.
    
    LikeLiked by 1 person
    - 7
      
      hoakley on December 16, 2019 at 10:08 pm
      
      Thank you.
      On the contrary, it is the dialog which is the developers’ ‘reward’ here, with Apple informing the user that the developer has put in the extra work to notarize that app. If Apple does that, then users should feel more confident that the app is sound and not malware.
      When the dialog doesn’t give them that information at all, then users rightly question whether the app is notarized properly, and then don’t want to run that app.
      If the app has a quarantine flag set and is put through Gatekeeper’s first run checks, there will always be a dialog – the important issue is what that dialog says about that app.
      Howard.
      
      LikeLike
  - 8
    
    Jean-Daniel on December 16, 2019 at 9:35 pm
    
    In this case, I don’t think it really gives the user an informed choice. The dialog only allow to open the application if it is considered safe. In other cases, you don’t even have the choice to open it.
    
    This is more an informational dialog than a choice dialog.
    
    LikeLiked by 1 person
    - 9
      
      hoakley on December 16, 2019 at 10:00 pm
      
      Thank you.
      I disagree. The user here makes a choice depending on the outcome of Gatekeeper’s checks, which returns one of a number of different dialogs. In the event that the app is both notarized and checks out in all other respects, Gatekeeper needs then to inform the user of that result, and where and when that app was obtained. The latter remains important information, and only when given all that can the user make a cogent decision as to whether to run that app, or click on the Cancel button.
      In Mojave, and early Catalina, that dialog included a sentence which stated that the app had been found to be free of malware when checked by Apple, which the user knows (and is told by Apple) means that it is notarized, and that notarization hasn’t been revoked. Given that, and recognition that they did in fact download it, they should have confidence in clicking the Open button.
      The user who first contacted me over this pointed to the absence of that sentence, and Apple’s support note, and concluded that my app wasn’t correctly notarized, but either tricked its way around Gatekeeper, or Gatekeeper had been subverted or exploited. He therefore made the choice to cancel opening that app, as he didn’t have confidence that Apple had checked my app for malware.
      And reading Apple’s support note, he was perfectly correct to make that choice.
      Howard.
      
      LikeLike
10

Michael Tsai - Blog - Catalina Removes Malware Assurance on December 16, 2019 at 8:54 pm

[…] Howard Oakley: […]

LikeLike
11

Wil van Antwerpen on December 16, 2019 at 10:35 pm

Thanks Howard for the correction.
Seems I got confused by the dialog myself 😀

LikeLiked by 1 person
12

Catalina 10.15.2 has changed Gatekeeper’s dialogs to confuse notarization status – OSnews on December 17, 2019 at 10:20 pm

[…] to macOS Catalina 10.15.2 and installed any notarized apps since, you might have noticed that something has gone missing. Do you remember that dialog shown by Gatekeeper when you first open a notarized app, telling you […]

LikeLike
13

Catalina Removes Malware Assurance | Business Marketing Journal on February 8, 2020 at 6:47 am

[…] Howard Oakley: […]

LikeLike
14

Catalina’s Dialog Bureaucracy — Pixel Envy on February 21, 2020 at 4:03 pm

[…] form of permission or password to run. Nor is it helpful that the Gatekeeper warnings change in mysterious and undocumented ways. But, even if everything were perfectly labelled, a user with less technical background […]

LikeLike

·Comments are closed.

Share this:

Related