Gatekeeper on macOS helps protect users from downloading and installing malicious software by checking for a Developer ID certificate from apps distributed outside the Mac App Store. Make sure to sign any apps, plug-ins, or installer packages that you distribute to let Gatekeeper know they’re safe to install. And now, you can give users even more confidence in your apps running on macOS Mojave by submitting them to Apple to be notarized.
MacOS Big Sur elevates Mac to a new level of power and beauty with a refined new design, major app updates, and more transparency around your privacy. Aug 11, 2021 You can now submit apps built with Xcode 13 beta 5 for iOS 15 beta 6, iPadOS 15 beta 6, tvOS 15 beta 6, and watchOS 8 beta 6 for internal and external testing. Please note that apps using the GroupActivities entitlement for SharePlay functionality are not accepted at this time.
A Developer ID certificate lets Gatekeeper verify that you’re a trusted developer when a user opens your app, plug-in, or installer package downloaded from outside the Mac App Store. Software signed with a Developer ID certificate can also take advantage of advanced capabilities such as CloudKit and Apple Push Notifications.
You can generate your Developer ID certificate in Xcode or in the Certificates, Identifiers & Profiles section of your developer account. Please note that you must be the Account Holder of your development team in the Apple Developer Program.
Enable the hardened runtime capability and declare entitlements for the functions your app requires in Xcode. Archive your app and test the end-user experience of launching your Developer ID-signed app using a Gatekeeper-enabled Mac.
To build your apps for macOS and submit them to be notarized by Apple, use Xcode 10 or later, available from the Mac App Store.
Give users even more confidence in your software by submitting it to Apple to be notarized. The service automatically scans your Developer ID-signed software and performs security checks. When it’s ready to export for distribution, a ticket is attached to your software to let Gatekeeper know it’s been notarized.
For step-by-step details on uploading your Mac software to be notarized, read Notarizing Your App Before Distribution and the Xcode documentation.
Unpublished Software. It’s easy to get unpublished software notarized with the Export process or xcodebuild. Custom build workflows are supported by the xcrun altool command line tool for uploading, and you can use xcrun stapler to attach the ticket to the package.
Published Software. To submit software you’ve already published, upload it using the xcrun altool command line tool. Several file types are supported, including .zip, .pkg, and .dmg, so you can upload the same package you already distribute to users.
In addition to checking for malicious software, the notary service catches common code signing problems that can prevent your software from installing properly. If notarization fails for your upload, check the status log for details.
When users on macOS Mojave 10.14 or later first open a notarized app, installer package, or disk image, they’ll see a more streamlined Gatekeeper dialog and have confidence that it is not known malware.
Mac apps, installer packages, and kernel extensions that are signed with Developer ID must also be notarized by Apple in order to run by default on macOS Catalina.