Okay, I'm going to chime in.
Firstly, let's look at your first question: Why does OS X warn a user before they launch it for the very first time?
OS X had instituted the added precaution for one important reason: so that apps wouldn't seemingly launch on their own. Obviously it would be crippling to workflow if the confirmation popped up every time the app was launched, so a first-time only policy was instituted. And that seems to be sufficient if you give it some thought, as that means any app that runs without the confirmation has already been approved once before, thus making it a "trusted" application.
The implications here aren't measurable beyond this simple strategy. Apple wanted some assurance that programs wouldn't just be run without a level of consent. If they somehow happened to find their way on a user's machine, they wouldn't be thought of as something "old" or something "trusted." It's not meant as a total safe-guard against malware, but rather almost as an important training tool. It gets the user to understand that OS X monitors these things. And that if an app is run, the system will be there to provide a little protection. If a user stumbles on a strange file somewhere, and double clicks on it, the system will check to see if it meets certain criteria. If it does, it'll notify the user that it's never been launched and is to be deemed "potentially" dangerous. It is then to the user to decide if they should run. It is a safeguard that does more to for user behavior than actual, hardcore system protection.
So it's not that there is a definitive threat. It is more a user-land security measure and perhaps even to be better thought of as a "pre-emptive" strike. To label it a clear cut case of either implement a security measure for a specific threat or axe it doesn't apply in this case (for the reason's above). Think of it more along the vein of Apple being pro-active (and quite clever). And it's not that obtrusive is it? Windows gives warnings each and every time. OS X delivers one just on the first run. It's a sane compromise.
Now, to get to the second tail of your query (and excuse me if I'm paraphrasing here, but I think this is what you're driving at): Why doesn't OS X have an anti-virus program to deal with these threats instead?
First, I think it's important to square away the terminology. There are no known viruses that have propagated into the wild for OS X. OS X is based on a Unix structure, which poses a seriously problem for virus-makers. In a nutshell (and excuse the oversimplification) Windows marks everything with executable rights. From images, to text files, to even music. This is ultimately what allows virus-makers to, for a lack of a better term, go to town. Unix doesn't exhibit this trait. It's crafty with its privileges. So the likelihood that OS X (and all Unix-based systems for that matter) will ever need an anti-virus is remote. Windows and Unix are fundamentally very different. Essentially, if you wanted to get a virus on OS X, you'd require either root access or significant user activity. You could not deliver and run it from simply opening up an email.
Now that does not speak towards security, per se. OS X is not any more secure than Windows and this is a common misperception. This of course depends on your definition of security. It is largely immune to viruses (I use the term "immune" loosely here) but it is still susceptible to buffer-overlows that can allow root access. Charlie Miller has razed OS X in seconds numerous times at the Pwn2Own competition. He's a masterful security researcher, but putting that aside, he shows that OS X (along with pretty much everything else) is not an iron horse. It can be exploited just like every other system.
But the chances of being targeted by Lulzsec are rather slim. You'll likely face a gauntlet of script-kiddies that pack ready-made tools that serve more to aggravate than deliver a focused attack. To this day, only one has managed to make the rounds—enough to force Apple to step up it's security measures: Mac Defender. And even with Mac Defender's seaming success, it still required the user to navigate through a series of prompts via its native OS X installer (note that later versions didn't require an administrative password). So you have to take the "success" of Mac Defender with a grain of salt. It was likely successful because it was the first of its kind, and exploited more the user's blind faith in OS X than the system itself. People readily installed it thinking they were safe from harm because they aren't running Windows.
So in closing, OS X does not require an anti-virus because quite simply, there are no known viruses making their way out in the wild. Proof-of-concepts do exist, but again, the likelihood that they will one day wreak havoc is very remote simply because propogation is incredibly difficult to sustain. Malware, on the other hand, has shown itself to be a cause for concern. OS X now contains a built in safety feature (called a "safe downloads list") that can be viewed under the Security & Privacy section of System Preferences (General tab). This should protect users from future malware that follows the same trend as Mac Defender. Additionally, Lion has implemented sandboxing and privilege separation, which is a real significant step towards not only preventing malware, but solidifying the overall security of the system from even focused attacks.
I hope that provides you with more insight into why Apple has decided to implement what looks like half-measures. It's important to bear in mind that security is always in direct conflict with usability. So the former must always be in balance to provide a semblance of the latter.
Lion
Carbon Framework Release Notes (2011-04-11, three months before the OS was released) placed three things under Transparent App Lifecycle in relation to a seed of the OS:
- persistent state
- sudden termination
- automatic termination.
Mountain Lion
In Mac App Programming Guide: The Core App Design (2012-07-23, two days before the OS was released) the app life cycle is:
… the progress of an app from its launch through its termination. …
then automatic and sudden termination are:
… techniques that make the termination of an app transparent …
(Unsurprisingly, no mention of Carbon in that guide.)
Summary
Maybe the 2010 man page for talagent, in both Lion and Mountain Lion, uses an expression (Transparent App Lifecycle) that was outdated before Lion was released.
Best Answer
Yes, Catalina and Mojave gatekeeper can and will phone home now as part of a layered defense model against malware and privacy protection system violations.
Everyone expects (or tolerates) this on the first run, but ongoing checks for certificate revocation can and will block apps when any trusted Certificate Authority revokes a signing certificate before their expiration dates. When this happens repeatedly, it can be highly frustrating.
If you (or anyoneelse fails to) sign or notarize installers/packages/apps and don’t staple the notarization, this is how gatekeeper and related checks are supposed to work. We would need to know your gatekeeper settings and more about your app to know if this is in play. Also, when the systems online and locally to check revocations change or fail, this may be challenging to troubleshoot.
Notarization specifically is a Catalina-era feature and not anything to do with specific hardware.
Stapling the ticket generated by your successful notarization should restore the behavior and performance you expect as Gatekeeper can find the ticket while offline in most cases.