There have been changes to the way that macOS 12 checks executable code when asked to run it. Summarised in a diagram.
Notarization
App signatures remain valid forever, but Installer packages are different, and their certificates can and do expire. What about notarization though?
What are all those files and folders doing inside an app? Which can you safely change to customise an app? Why all the helpers?
The last time Apple paused updates to XProtect and MRT, it changed the way certificate revocations were checked, and introduced notarization.
WWDC this year again featured a session on notarization. Here’s a summary of its status in Big Sur, and details of what’s next.
macOS 12 Monterey promises consolidation and improvement, even truth and reconciliation perhaps. But Shortcuts and Universal Control promise strongly.
You try to open an app on your M1 Mac, only to see an alert telling your that you don’t have permission to open it. Only that isn’t the reason.
Final in series. Examines how the hardened runtime controls access to protected private data and services, and how some use private entitlements.
Second in the series. Considers in detail what the hardened environment offers the user, and how notarized apps can opt out of its protection.
First of three articles looking in detail at what notarization involves, and the benefits it might have to users. Considers the question of legacy apps.
The Eclectic Light Company 