MacOS app Notarization Requirements
In February 2020, Apple introduced a set of app notarization policies for any app distributed on MacOS outside the Mac App Store. These policies are enforced by the MacOS Gatekeeper software which performs a check on an app package before attempting to run it. This check is designed to ensure the app has come from the original developer and that it meets security standards.
In order to make this guarantee, apps must be first submitted by the developer to Apple’s “Notarization Service” which scans the app for security issues and malicious code. This is a similar process that apps submitted to the Mac App Store undergo and thus, notarization aims to ensure users can download and install apps with a similar level of confidence as they would if they had downloaded them from the store. Once an app has undergone notarization successfully, when opened for the first time on a Mac, Gatekeeper checks the app’s signature with the notarization service and, if permitted by the service, the app is allowed the run. If you are offline, it is also possible to “staple” a notarization “ticket” to the app itself during the notarization process, verifying that it has been notarized.
Can I submit my app myself for notarization?
Developers need to be a member of the Apple Development Program to submit apps to the notarization service. Becoming a member involves paying an annual fee. However, MDS developers are already part of the program through the University’s developer program account. So, if you contact us to carry out notarization for you, you don’t have to pay anything!
Redundant Workarounds
We have reported a somewhat cumbersome method to work around this policy on this blog before but asking all your users to do this just so they can install your app is far from ideal. Thankfully, the MDS team can help.
Our Service
If you have an app that you wish to notarize, the MDS team will perform a basic consultation with you to understand the purpose of the app and determine whether there are any legislative obligations you must adhere prior to distribution. This may include, but is not limited to, checking to see whether your app collects or processes information, which would require a suitable privacy policy to be included in the app. Once the app meets these requirements, we will take your binary and resign it using the University Developer ID certificate. Once signed, we will then submit it to the Apple Notarization Service on your behalf. If successful, we will staple the receipt to the binary and return it to you, after which you will be able to distribute it as you see fit. The process can be summarised as in the diagram below.
Get in Touch
Keep an eye out for our new MDS web page due to be launched soon on this website. In the meantime you can find details of all our services and examples of our past projects on our search tag page.
You can contact the MDS team directly via the team email address or via through our portal form.