Ever since Apple introduced the Mac App Store developers have warned it plans to close off its platform, so news the company will insist on App Notarization in macOS Catalina set those critics off again. The thing is, it’s a little more complicated.
What is Apple doing?
Yes, Apple is making it a little more difficult for Mac users to install apps that aren’t sold at the Mac App Store or made available from bona fide developers happy to submit their software for the company’s speedy App notarization service.
But it is not making it impossible for people to install Mac apps that come from elsewhere.
How does this work?
Developers choosing to sell software through the Mac App Store continue to submit apps for approval in the usual way.
That leaves two classes of developer:
- Those who don’t want to distribute via the store but are registered developers prepared to try to help secure their users.
- Independent developers who love working on the platform but want to be free of any kind of control.
App Notarization is a new process Apple introduced in 2018.
The company seems to see this as a compromise between those developers who don’t want to sell apps at the Mac App Store and the security it is trying to provide users.
Registered Apple developers who create an app they don’t want to offer through the App Store just need to send their app in for approval by Apple.
The approval process isn’t about the content of the app, but the safety of the code. Apple checks to make sure code is free of any known malicious code or malware.
What is the process?
The process is fast: 90% of apps submitted are approved within 15 minutes or less, which is sometimes faster than ordering a pizza.
It works like this:
- A developer submits the app.
- Apple scans the app, and if it is OK, returns it with a ticket that approves the app as free from malware.
- The developer than staples that ticket to their application.
- They then distribute the app.
- When someone downloads the app from wherever the developer distributes it, they will try to run the app.
- When the app is run, the Mac’s Gatekeeper verifies the developer certificate and the notarization ticket.
- The person using the app will see a message that tells them the app is from a registered developer and asks them to confirm the developer’s name.
What protection does this provide?
Apple has been focused on the Mac App Store for some time.
During this time it has pushed developers to profit share with the company in exchange for access to its growing Mac market. This effort has largely been a success; you can even purchase Microsoft Word at the Mac App Store today.
The company’s actions will probably help protect the vast majority of users against installing poorly made software that – by accident or design – may ship with built-in software flaws or unwanted malware.
OK, but how do I download apps that haven’t been notarized?
The short answer? I don’t know – the process hasn’t been finalized yet.
At present, when you want to install an application that isn’t signed, you need to right-click the app icon when you first open the app.
A similar process will still exist in Catalina when it ships, but at WWDC I learned that details of how it will work haven’t yet been finalized.
The bottom line?
The bottom line should be that while Apple is making the Mac more secure for most users, it seems intent on ensuring Mac users/developers who must install/distribute apps elsewhere still can.
That means if you are an enterprise distributing your own bespoke apps, you’ll still be able to do so.
If you are a registered developer prepared to tolerate a little oversight in terms of the App notarization process, you’ll actually be able to offer clients a better experience.
But for the majority of Mac users who don’t really look for apps outside of the App Store, then Apple’s curated experience will remain the best.
The platform remains open. Just not quite as open.