On the one hand, of all the big companies, Apple seems closest to “getting it” with respect to security.<p>On the other hand, NO entity is inherently trustworthy “forever”, nor should any entity have the power to be a unilateral Decider even on its own platform. Just like when a good restaurant may some day become bad under new management, we are just one “new management” away from Apple becoming something that maybe we don’t trust so much. This system is being set up to give “Apple” tremendous power for “all future definitions of Apple”, which is ridiculous. That wouldn’t make sense even if Apple were a perfect saint today, invulnerable to buggy software and disgruntled employees and other potential weaknesses.<p>We need a system whereby users decide which <i>SET</i> of entities they trust, one of which may include Apple, and which may even <i>exclude</i> Apple if the user so chooses. The complex mechanism for signing and verifying things should be open-source so it can be understood and validated and reproduced cross-platform. Then you decide who you trust, period. You can rely on others to help you determine what is trustworthy. Given <i>this</i> type of system, I would be fine with macOS saying “select at least one trusted source to enable software installations”, knowing that I ultimately decide what those authorities will be. I am <i>not</i> fine with their seeming “father knows best” approach.
So this is another step for Apple to try to get everyone paying them their software development tax, since "notarization" requires you paying the $100 annual fee.<p>While you currently can still run digitally signed software that is not notarized, this document admits that in the future signed software will require Apple's approval, so Apple will make everyone's software LESS secure (by forcing developers to not sign the code if they aren't paying Apple) so that it will continue running.<p>Sigh.
A pretty good blog summary of how this differs from past practice.<p><a href="https://eclecticlight.co/2018/09/24/has-that-app-been-notarized-and-what-are-the-benefits-to-the-user/" rel="nofollow">https://eclecticlight.co/2018/09/24/has-that-app-been-notari...</a><p>TLDR: You have to adopt the new OS user privacy protections. (Users must give permission for your app to access things like the webcam, microphone, contacts, photos, location data, etc.)<p>Your app gets scanned for malware before it is signed.<p>There is still no App Store approval process involved.
> Note that in an upcoming release of macOS, Gatekeeper will require Developer ID signed software to be notarized by Apple.<p>Does this mean that anything distributed outside of the App Store will have to be approved by Apple? Will the App Store sandboxing rules apply to outside apps too?
So if Apple won't like my app it won't renew my developer account so that I cannot sign it anymore. Seems quite "fair" and I sense no lock-down or censorship. Let's be happy for making the internet "safer". As some have said this is good news for ...(fill the gap)
I was recently cleaning off someone's Mac and made this note:<p>> I found no fewer than eight fake Adobe Flash updaters, six of them identical and signed by Nevaeh Mitchell (WMAA75SZMS), one signed by Lambert Jeremy (B4MCPEJ42J), and one by Wolfe Bailey (3W8NF7PWUL). It does not appear that Apple has revoked any of these signing certificates or flagged any of these installers through macOS's built-in malware removal tools.<p>So it doesn't seem to me that malware authors are exactly afraid of signing requirements.
Today it may be optionally notarized.<p>Tomorrow it must be notarized.<p>Then it won't be notarized if it uses "dangerous" APIs.<p>Then it won't be notarized unless it's distributed through the AppStore.<p>You can't force every vendor into the AppStore, but you can gradually train <i>users</i> to distrust everything that's not in it. What we are seeing here is just an Act 1 of that.
This protects against… making many slightly-different copies of a malware app and signing them all locally, so that revoking one doesn't affect the others?
So, basically this a replay of Orwellian "1984" where the tables have turned. Now Apple <i>is</i> the Big Brother and it is there to <i>dictate.</i> Who is going to throw that hammer nowadays?
What does this mean for non open source projects? They need to submit the source code to ensure there is no malware, right? This is the standard practice in iOS apps.