How can you tell whether a notarized app has been hardened, which Apple claims makes it more secure?
hardening
Many small independent developers have put a lot of effort into getting their app notarized. Then Apple changes the rules. What does this mean for users, and our security?
Newly-built apps supplied by developers outside the App Store need now to be notarized. This in turn requires hardening, but what is that?
You don’t have to add an Info.plist to a standalone Mach-O tool in order to sign it, or to get it notarized successfully. And more tips.
System Integrity Protection can get in your way, and may be recommended to solve compatibility problems. It’s also changing again in Catalina.
Preparing software for distribution shouldn’t be harder than writing the code in the first place.
It took 5 apps, 4 command tools in 6 commands, 2 developer certificates and an app-specific password for 260 lines of code.
Is notarization just ‘security theatre’? How easy would it be to distribute malware through a legitimate distributor outside the App Store?
With apps in future set to come from the App Store or notarized by Apple, entitlements are going to be the rule not an exception.
Apple has shown a way ahead for full apps to access private data in Mojave, but has been curiously silent with respect to command tools. How will they cope?
The Eclectic Light Company 