Apple is encouraging developers to have their apps that are distributed outside the Mac App Store to be ‘notarized’, or cleared by Apple’s security checks before it’s distributed.
The new process closes a gap in macOS Gatekeeper protections, which previously checked whether an app outside the Mac App Store was signed with a legitimate Apple developer ID certificate, but the check didn’t extend to each app itself.
Apple says the most secure option for users is to only install apps published on the Mac App Store, which it vets, while Gatekeeper is employed when users configure security setting to allow apps to be downloaded from the “App Store and identified developers”.
Gatekeeper relies on Apple-issued developer ID certificates to minimize the risk of malicious macOS apps downloaded from the internet.
Apps that are notarized by Apple indicate that the developer ID app was also uploaded to Apple and passed a security check before it was distributed on the internet. This should help reduce the risk of apps from a known developer ID being tampered with and then distributed to users.
There were a few instances in recent years when attackers used legitimate Apple developer IDs and then released tampered versions of legitimate macOS apps to infect users with malware. These apps weren't blocked by Gatekeeper until Apple revoked the developer's signing certificate.
With Mojave, the first time users launch an app from an identified developer outside the App Store, the Gatekeeper dialog will say, ‘Example app’ was downloaded from the internet and then ask whether you’re sure you want to open it. It also states the time Safari download the app and that “Apple checked it for malicious software and none was detected”.
If an app hasn’t been notarized, the dialog will show a yellow warning triangle with an exclamation mark with no message that Apple has checked it for malware.
“When users on macOS Mojave first open a notarized app, installer package, or disk image, they’ll see a more streamlined Gatekeeper dialog and have confidence that it is not known malware,” Apple notes in a developer update.
As Apple explains in a support page, users can still download apps that have neither a developer ID linked to it or has been notarized by Apple. These apps will generate a Gatekeeper security alert before installing, but users can override Mac security settings.
While it’s not necessary today for makers of developer-ID signed apps to have them notarized, Apple notes that in a future release of macOS, Gatekeeper will require this software to be notarized.