Apple edges closer to cursory code review for all Mac apps
Cupertino will soon require all macOS apps to pass at least a cursory review before they can be run by users
24 April 2019 | 0
Apple will soon make a code review mandatory for all applications distributed outside its own Mac App Store by new developers, a first step towards requiring all Mac software to pass similar reviews.
The Cupertino, California, company argued that the process, which it calls ‘notarisation,’ would build a more secure macOS environment. “We’re working with developers to create a safer Mac user experience through a process where all software, whether distributed on the [Mac] App Store or outside of it, is signed or notarised by Apple,” the company stated in a 10 April message on its developer portal.
Applications delivered through the Mac App Store have long been reviewed by Apple for malicious code, and since September 2012 checked for an Apple-provided digital signature prior to installation. Notarisation adds the App Store’s review – or a form of it – to programs distributed elsewhere, direct from a publisher’s website, say.
Apple made notarisation sound, if not perfunctory, then certainly brief. “Notarisation is not App Review,” Apple told developers, referring to the process App Store software goes through. “The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly.”
When users start to install a notarised application, Gatekeeper will intervene with a message stating that Apple has “checked it for malicious software and none was detected.” From there, the user can either cancel the install or proceed. Gatekeeper is the OS X/macOS utility that for the last seven years has blocked installation of unsigned code, and depending on how it’s set, allowed all software or only App Store-acquired programs to be installed.
Apple has not shared more than that about what users will see related to notarisation. It was unclear whether there will be broad or granular settings to mitigate or disable the notarization requirement in System Preferences.
With the appearance of macOS 10.14.5 – the latest update for Mojave, now in preview – notarisation will be required for software created by developers new to distributing Apple apps, as well as for all new or updated kernel extensions. “In a future version of macOS, notarisation will be required by default for all software,” Apple said in its documentation.
That “future version” could be as close as this year’s macOS 10.15, which if Apple hews to custom, will be introduced in June at the company’s Worldwide Developers Conference (WWDC) and released in September.
When Gatekeeper debuted in 2012 as part of OS X Mountain Lion, some Mac users criticised the restrictions, arguing that they should be allowed to install whatever they wanted on their machines, from whatever source. The appearance of the Mac App Store the year before had raised similar concerns. It wouldn’t be surprising if Apple’s notarisation scheme gets some pushback as well.
IDG News Servicce