Apple has confirmed that it will be enforcing the MacOS Catalina notarization prerequisites for any MacOS application that is distributed outside of the Mac App Store. That means any application wanting to run under normal circumstances on your MacBook Pro, MacBook Air, iMac, or Mac Pro machine must be signed and authorised by Apple.
If it’s not signed, then it’s not going to run normally. This won’t come as a surprise to those following Apple’s developer boards, but that is only a small number of the Mac user base. it could confuse many users and damage their confidence in Apple.
“In June, we announced that all Mac software distributed outside the Mac App Store must be notarized by Apple in order to run by default on macOS Catalina. In September, we temporarily adjusted the notarization prerequisites to make this transition easier and to protect users on macOS Catalina who continue to use older versions of software. Starting February 3, 2020, all submitted software must meet the original notarisation prerequisites.”
Don’t light the pitchforks just yet, this is not a complete lock-down of code not approved that you see in the iPhone.
But it is a lock-down of being able to run unsigned code by default. Once this is implemented the standard double-click will only run code that has passed through Apple’s clearing process. Currently you can right-click to open unsigned applications, and while Apple has stated that “in future versions of MacOS [Catalina], unsigned code will not run by default”, there will be options to allow unsigned code to run.
After all, the MacOS platform is still the platform of choice for developing applications for all of Apple’s ecosystem, and you can’t expect developers to sign every compilation of their code throughout the development process.
The MacOS platform is not just for developers. It is used by creatives, students, as personal or business machines, and in countless other areas where a smartphone or a tablet will simply not suffice… no matter how much advertising Apple pushes out around the iPad Pro with its Smart Keyboard cover.
So Apple’s decision to lock-down unsigned applications is something that developers are expected to overcome, but will be difficult for the average consumer to understand if they stray away from the sanctioned apps. Whether Apple locks down this process even further (for example developers will need to apply for their own digital certificate to run unused apps) is speculative, but even a cursory glance at iOS, iPadOS and watchOS shows a company that is more than comfortable to restrict application usage to those it has deemed worthy.
Should that thinking be carried over to MacOS Catalina? Should Apple have the final say over what can or cannot be run on hardware that is has sold to a customer? Should Apple have the right to restrict a users’ choice via a future software update? And if that is the case, how confusing will that be for consumers?
These questions may feel more philosophical to some, but Apple has pushed forwards with MacOS in general and Catalina in particular and left some feeling upset over the loss of older apps as support for 32-bit apps was removed.
Having Apple watch over every app does create a solid ring of security for the user, but it is not impregnable. But having a Big Brother decide what is safe and what is not safe could be regarded as Orwellian.
MacOS remains one of the most open parts of Apple’s ecosystem and offers a flexibility that is simply not present in any other Apple hardware. I’m not confident, but I hope that this remains the case in 2020 and beyond.