MacOS – Apple notarization and 10.14.5


We distribute an app for Mac OS outside of the Mac App store. We have an apple account that we have used to generated signing certificates. We heard about the new notarization requirements. We have tested on 10.14.5 and we see no difference.

Where does Apple document this so we can understand if or how our account is grandfathered for builds in the field?

Best Answer

Apple documents the requirements here:

The section that governs is yellow and hilighted:


Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. Beginning in macOS 10.15, notarization is required by default for all software.

So, your whole account isn’t new so unless you make a new developer account, you are not required to notarize anything that’s current or in the field as long you don’t have a kernel extension.

Those are mandatory today for all updates and new builds. Your tests are what I expect and you surely can notarize everything now so you are set for 10.15

The developer I read closely for all the underpinnings and reverse engineering of this process is Howard Oakley and his Eclectic Light blog - it’s amazingly well written, clear and technically deep about how gatekeeper works in practice and what things Apple has and has not documented yet.