Apple’s Application Notarization for macOS

If you are a software vendor developing apps for Apple’s macOS, you may be well versed with the processes involved with distributing to App Store. However, if you are among those who don’t want to publish your apps to the store and prefer a sideloading approach, by this time, you most likely realize, well, it’s not very easy. You can’t blame Apple for this. Apple prefers integrity of apps running on macOS over ease of deployment.

With Authentication, macOS introduced the ability to elevate users when required. This was one of the first disruptive steps Apple took which caused some ripples with people developing Java-based apps for macOS. It took a while for developers and software vendors to change their code and build processes to adapt to the new standard.

The next step Apple took is Application Notarization. If you are a vendor distributing for macOS, you are probably familiar with notarization already. If not, here is a brief primer on what notarization is and why you should care.

Notarization is meant to instill more confidence in end users running your binaries, ensuring that the software is free from any kind of malicious content. Rather than just relying on vendors code signing applications, Apple has taken it upon themselves to conduct these checks for customers and ensure that the software is malware free. Essentially, all the binaries are uploaded to Apple’s servers for stringent checks and developers receive a token on the status of the notarization. In order to send an app for notarization, there are a minimum set of requirements your app needs to satisfy, like requiring Xcode 10 or later, and macOS 10.13.6 or later. In addition to these, you would need to code sign all the executables and enable hardened runtime capability, among others.  For details on full documentation to notarize your apps click here.

InstallAnywhere is cognizant of these changes and makes the process least disruptive to software vendors. If you already use InstallAnywhere, there are really no changes to your build process to notarize your installers. With InstallAnywhere 2020, you can fully automate code signing, hardening and notarization of your installers. Click here to get your copy.

Leave a Reply

Your email address will not be published. Required fields are marked *