Mojave’s new level of app security
QHow can I tell whether an app has been ‘Notarised’? Does it make any difference? by Kate Perkins
ANotarisation is an extension to app security that’s voluntary in Mojave. It’s aimed at giving stronger confidence that apps you download from outside the Mac App Store aren’t malware. The signature system that was present already in previous systems was intended to do that, but most Mac malware is now signed using black-market developer certificates, so needs improvement.
Notarisation involves two steps: apps are ‘hardened’, then submitted to Apple to check for malware.
Hardening forces an app to declare intent to use certain features, such as the intent to access your Mac’s camera. If an app doesn’t obtain an entitlement to do so, macOS won’t allow it access. This limits the potentially bad things apps can do, and, coupled with Mojave’s When you first open a notarised app in Mojave, Gatekeeper’s dialog is different, as shown in the upper dialog here. new privacy protection, stops apps from secretly accessing any protected data without your explicit consent.
When you first open a downloaded app that has been notarised, you’ll see a new dialog as the app goes through Gatekeeper’s signature checks: the dialog’s icon lacks a yellow warning triangle, and it declares that Apple has checked the app for malware.
Notarised apps also have an extra certificate inside, which you can see if you ≈- click one in Finder and choose Show Package Contents. In Contents is a small file named CodeResources, as well as the normal _CodeSignature folder. You can also check using the spctl command in Terminal, or Taccy (free, eclecticlight.co).