The post I wrote to point people at anyway:
https://developer.apple.com/help/app-store-connect/managing-...
iOS notarization is just app review with fewer rules.
Who is stopping them currently?
What does "revolt" mean, exactly? I'm a developer myself, so I'd like to know what I would/should be doing?
Keep in mind that a lot of Mac developers have iOS apps too, so they're accustomed to app review.
> The steps will have to be gradual.
Developer ID was introduced in 2012, and notarization was added in 2019. What are the next steps, and what is the timeline for them?
Another solution that is not mentioned in the article is that users of both macos and windows should be able to easily integrate the certificate of a third-party editor, with a process integrated in their OS explaining the risks, but also making it a process that can be understood and trusted, so that editors can self-sign their own binaries at no cost without needing the approval of the OS editor. Such a tool should ideally be integrated in the OS, but ultimately it could also be provided by a trusted third-party.
In the end we went with Digicert Keylocker to handle the signing, using their CLI tool which we can run on Linux. For our product we generate binaries on the fly when requested and then sign them, and it's all done automatically.
I cannot do the same thing on MacOS with the same ease, and that's the issue.
Microsoft will upload these executables to the cloud by default if you use their antivirus engine ("sample collection").
In a way, Microsoft is building the same "notarisarion database", but it's doing so after executables have been released rather than before it. Many vendors and developers will likely add their executables to that "database" by simply running it on a test system.
On the other hand, SmartScreen can be disabled pretty easily, whereas macOS doesn't offer a button to disable notarisarion.
https://9to5mac.com/2024/06/19/iphone-pc-emulator-block-ille...
https://apps.apple.com/us/app/utm-se-retro-pc-emulator/id156...
Assuming the basic facts are straight, the the linked story explicitly proves this is false:
> UTM says Apple refused to notarize the app because of the violation of rule 4.7, as that is included in Notarization Review Guidelines. However, the App Review Guidelines page disagrees. It does not annotate rule 4.7 as being part of the Notarization Review Guidelines. Indeed, if you select the “Show Notarization Review Guidelines Only” toggle, rule 4.7 is greyed out as not being applicable.
Rule 4.7 is App Review Guidelines for iOS, so this would be a case of failing notarization for iOS App Review Guidelines, which means the policies (and implementation) are different between platforms.
(Of course there's no such thing as "Notarization Review Guidelines" so maybe this whole story is suspect, but rule 4.7 is the App Review Guidelines rule that prohibits emulators.)
When Apple denies notarization for bullshit reasons on one platform, it makes me highly suspicious of their motivation for notarization on all platforms.
Just noting I was wrong, Notarization Review Guidelines are referenced here https://developer.apple.com/help/app-store-connect/managing-...
It's not. They're totally different. The only thing they share is the word "notarization".
Ok... you can believe whatever you want to believe based on one word, or you can read the documentation that Apple has published:
https://developer.apple.com/help/app-store-connect/managing-...
You don't even need signing for Microsoft's system to do what it does - it can operate on unsigned code, it's all hash based.
Or really any reason. They're not supposed to exert editorial control but that's how it has been happening in practice.
Is there a concrete example of this? We know this isn't blanket policy, because of a recent story (https://news.ycombinator.com/item?id=45376977) that contradicts it. I can't find a reference to any macOS app failing notarization due to API calls.
So in other words, using private APIs in and of itself isn't an issue. Neither is it an issue if your application is one that serves up adult content, or is an alternate App Store, or anything else that Apple might reject from its own App Store for policy reasons. It's basically doing what you might expect a virus scanner to do.
How often do you notarize your apps? Why does the speed matter at all? In my cases it takes 2 seconds for the notarization to complete.
There's obviously simple cases where the iOS notorization also flies in 2 secs, but there seems to be enough tougher cases:
https://www.reddit.com/r/iOSProgramming/comments/1l9m7jd/how...
A brand new developer account submitting a brand new application for notarization for the first time can expect the process might take a few days; and it's widely believed that first time notarizations require human confirmation because they do definitely take longer if submitted on a weekend or on a holiday. This is true even for extremely small, trivial applications. (Though I can tell you from personal experience that whatever human confirmation they're doing isn't very deep, because I've had first time notarizations on brand new developer accounts get approved even when notarizing a broken binary that doesn't actually launch.)
And of course sometimes their servers just go to shit and notarizations across the board all take significantly longer than normal, and it's not your fault at all. Apple's developer tooling support is kinda garbage.
https://developer.apple.com/documentation/security/notarizin... (emphasis added):
“Notarize your macOS software to give users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components. _Notarization_of_macOS_software_is_not_App_Review. The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly.”
⇒ It seems notarization is static analysis, so they don’t need to launch the process.
Also, in some sense a program that doesn’t launch should pass notarization because, even though it may contain malware, that’s harmless because it won’t run.
I don't know, I sometimes contemplated sticking sharpened pencils in my eyes for light relief whilst trying to renew my code signing certificates.
In practice though they use it to turn the screws on various API compliance topics, and I'm not sure how effective it is realistically in terms of preventing malware exploits.
Do you have an example of this on macOS?
How would this be measured?
Since no one has pointed it out here, it seems obvious to me that the purpose of the notarization system is mainly to have the code signatures of software so that Apple can remotely disable any malware from running. (Kind of unsavory to some, but probably important in today's world, e.g., with Apple's reach with non-technical users especially?)
Not sure how anyone external to Apple would measure the effectiveness of the system (i.e., without knowing what has been disabled and why).
There's a lot of unsubstantiated rumors in this comment thread, e.g., that notarization on macOS has been deliberately used to block software that isn't malware on macOS. I haven't seen a concrete example of that though?
> Another solution that is not mentioned in the article is that users of both macos and windows
The article is actually about notarization on iOS, which is vastly different from notarization on macOS. On iOS, every app, whether in the App Store or outside the App Store, goes through manual Apple review. But apps distributed outside the App Store have fewer rules.
Notarization doesn’t involve a complete review (https://developer.apple.com/documentation/security/notarizin...: “Notarization of macOS software is not App Review. The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly.”
I also expect Apple will argue that requiring code to be notarized is explicitly allowed under the DMA, based on section 6.7:
“The gatekeeper shall not be prevented from taking strictly necessary and proportionate measures to ensure that interoperability does not compromise the integrity of the operating system, virtual assistant, hardware or software features provided by the gatekeeper, provided that such measures are duly justified by the gatekeeper.”
So, the discussion would have to be on whether this is strictly necessary and proportionate, and whether Apple duly justified that.
I think “strictly necessary” is a bit at odds with defense in depth (https://en.wikipedia.org/wiki/Defense_in_depth_(computing)), where you explicitly add redundancy to improve security, so we’ll see how a judge rules that, but I can see them accepting it if Apple argues they’ll implement a similar feature on-device instead if they have to.
The submitted article is about notarization on iOS, which is vastly different from notarization on macOS.
It's a shame that Apple used the same word for both platforms, because it appears to be confusing everyone. Maybe that was deliberate...
Next we'll hear that Nintendo has secretly developed a locked-down game console that only runs Nintendo-approved software, and Nintendo is charging developer fees.
It is surely a coincidence that 70% of Apple's iOS App Store revenue is from games.
Glad more developers are seeing the light now.
Again, I would happily donate to such an initiative before it is too late!
The key thing here is that the Apple App Store and third party app stores must be on an level playing field to compete on.
UTM wasn't denied notarization because some virus scanner found that it was a virus, but because it violated App Store guidelines. That's editorial control.
I don't want to hear any of the usual "don't use sideloading if you don't like it". I don't want it to exist so nobody can talk my grandma into installing a fake bank app over the phone, like they did to her once when she had an android phone and stole all her money.
Yes this is not foolproof still, some scam apps might make it past notarization. Just like cover fees in clubs and gates in gated communities -- it does not keep all the riff-raff away, but it helps.
It's clearly not working as advertised. Specially not as advertised by those affected by the distortion field.
That decision has zero impact on you. You can simply ignore how we and our grandmas use our devices, and move along with your life. Mind your own business and simply buy a different phone from a different company which meets your needs. There is no shortage of such devices and companies.
The whole point of a marketplace is to encourage differentiated products from a variety of companies. You are saying that a company should not be allowed to sell me a red car because you prefer blue cars. The correct solution is for you to go buy a blue car from one of the many companies that sells blue cars.
What? This is literally what you are doing. You want to restrict other people's devices and rob them of their freedom "because of your Grandma". We want to give people more freedom such that everybody can use their devices as they see fit. Should you still want more restriction, that's also an option that's included, since you have the freedom to just keep using it with its restricted defaults. It's insane that you are incapable of understanding this.
>That decision has zero impact on you.
No, quite the contrary. It robs 99.9% of people of their consumer rights and robs them of their freedoms, just "because of your Grandma". While our aims have zero impact on you, since you can just keep using your device as you always have. You're literally putting the logic on its head. So take your own advice and "you can simply ignore how we and 99.9% of society use our devices, and move along with your life. Mind your own business and simply buy your Grandma a different phone from a different company which meets your needs. There is no shortage of such devices and companies."
>The whole point of a marketplace is to encourage differentiated products from a variety of companies. You are saying that a company should not be allowed to sell me a red car because you prefer blue cars. The correct solution is for you to go buy a blue car from one of the many companies that sells blue cars.
Here comes the expected nonsense analogy. Yet more evidence that you have zero understanding of the topic and that you're yet another Apple shill who blindly regurgitates the same old debunked talking points ad nauseam. Let me briefly debunk it. "The whole point of a marketplace" is not to sell "differentiated products", that's just your primitive understanding; the point of a marketplace is to connect buyers and sellers, price discovery and competition - without which price discovery is impossible; all of these have to operate under fair market principles which are enforced by the state which has laws to enforce and ensure that no market participant becomes too dominant and anti-competitive and thus breaks fair market principles. Famous examples are:
https://en.wikipedia.org/wiki/United_States_v._Paramount_Pic.... https://en.wikipedia.org/wiki/United_States_v._AT%26T_(2019) https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor....
So your claim that I'm supposedly stating "that a company should not be allowed to sell me a red car" is false and a gross misrepresentation of what I'm saying and a clear indicator that you will simply ignore any argument and any evidence just to blindly regurgitate absurd analogies that make zero sense in the given context just to recycle old and debunked talking points in defense of Apple's anti-competitive and consumer hostile business practices.
Furthermore, the most potent attack vector was, is and will always be social engineering, which is much more likely on smartphones than on dumb phones. So if it's not concern trolling, then the obvious move is to buy a dumb phone for grandma instead of depriving everybody else of their freedoms and rights.
Yes, i imagined this happening, my grandma imagined her bank account being empty, and the police imagined filing a report.
I cannot buy her a dumbphone because we use whatsapp to keep in touch and google photos to share photos with her.
People have vivid imaginations and still none of that is relevant to what constitutes an anti-competitive business practice that is in violation of fair market principles and relevant laws.
>I cannot buy her a dumbphone because we use whatsapp to keep in touch and google photos to share photos with her.
Good news! Yes you can! There are dumb phones with whatsapp and you can share images on whatsapp too! https://www.dumbphones.org/ - check the "Whatsapp Support" filter option.
Also “shill”? I don’t work for Apple. I am not Tim Cook. I have no reason to shill for anyone. That’s just an ad hominem.
I know reading comprehension is hard, but you will get better at it, if you put in some effort: "It is irrelevant what system I am personally using, since it's about the principle and not about personal preferences" https://news.ycombinator.com/item?id=45859640
>Also “shill”? I don’t work for Apple. I am not Tim Cook. I have no reason to shill for anyone. That’s just an ad hominem.
Your profile states "Places we might have crossed paths: VMWare, Google, Apple", so you have an evident conflict of interest, that's just an objective fact worth mentioning; especially when one is dedicated to making bad faith arguments in defense of anti-competitive business practices regurgitating bogus narratives[1].
[1] https://infrequently.org/2025/09/apples-antitrust-playbook
What? You don't disagree with Apple anywhere in this thread; you are hellbent on defending their consumer hostile and anti-competitive business practices with the most absurd narratives and that's exactly the problem. It's a strong indicator that you're highly likely to still be an Apple shareholder since you've worked there, which perfectly explains your persistent bias in your Apple apologia.
> But I also worked at Google, so that too. Man… I’m screwed on so many topics then…
Yes imagine, but the proper terminology is "conflict of interest". It seems new to you, have a read: https://en.wikipedia.org/wiki/Conflict_of_interest
iOS notarization is still manual review by Apple, but with fewer rules and restrictions.
https://developer.apple.com/help/app-store-connect/managing-...
> If you’ve opted into alternative distribution for customers in the European Union, you can choose to make your app version eligible for distribution on alternative app marketplaces or websites only by selecting to have it evaluated based on the Notarization Review Guidelines (a subset of the App Review Guidelines). Otherwise, App Review uses App Review Guidelines to evaluate your app version to make it eligible for distribution on the App Store, alternative app marketplaces, and websites if approved.
Its a smokescreen.
You want less liberty because of the “least competent” user?
A phone/tablet is a tool, with very intense usage, and huge privacy value, not an engineer's toy.
Editing to add: it seems particularly ironic that you think iPhone users make great purchasing decisions when they buy the phone, but are incapable of making good decisions when selecting software. What accounts for the discrepancy?
60% of society could be raptured tomorrow and the world would be better off.
Allowing third party installations does not mean uncontrolled third party apps. It merely means users have to option to install software on their phones - which continues to limit the softwares capabilities until the user was prompted to allow each.
You could argue "but a braindead person can randomly go on a phishing website, randomly download some .app file and suddenly - through magic go through a theoretical installation dialog to finally explicitly grant this malware problematic permissions... And I'm sure there are going to be people that will do exactly that... But without it, they'll still manage to do the same to the same effect, just without the app installation by inputting their bank credentials in a phishing site or similar
The thing your citing as a problem solved by disallowing app installs isn't actually solved - and it would not become more problematic either.
Finally, the fact of the matter remains that almost nobody would actually use the capability to install from third party stores, as you've correctly insinuated. But if anything, that should be another proof that allowing third party installs doesn't reduce security.
People just like to have everything provided to them from a single source, and will usually pay a premium for that.
And, the app store does absolutely nothing to prevent "dangerous" apps. Apple doesn't review the code. In fact, if your code is reviewable, it's even harder to get it on the app store.
At the end of the day, the App Store and Play Store are filled with adware, spyware, and other malware - because Apple and Google like it that way. That's what they want. They don't give a single flying fuck about your security. They care about extracting 30% while simultaneously doing as little as possible. That's completely at odds with security, yes, and they know that. They just don't care.
I actually don't have (much) of an issue with walled garden approaches as long as the wall has a gate that is easily opened, give me an OS level toggle with a warning of "Here be dragons" and I can live with it - it's not ideal but it's not a terrible trade off.
It's something Android has had previously (but they seem to be trying to lock that gate) and iOS less so.
and the purported purpose of notarization is "blessing" trustworthy software.
We also can't count on every person being able to check every single thing they do: how do you check if some food or drug you get is good or not? you can't really, you have to trust someone who knows.
Yes - the democratically elected government, not a monopolistic entity with capital interest.
Society should be more dangerous as a means to force people to learn more about technology they rely on.
I think they are choosing one out of the two options that duopolize all smartphones, a device they need to do pretty much everything.
Further, the state of affairs has steadily gotten worse over the years as Apple tightens their restrictions, adds more barriers to running apps of your choosing, and having agency over what programs you can actually run.
This is a war on general purpose computing. And sure, there are gobs of people who don't care, but there are many who do, and they're fighting for the rights of all of us. My own mother-in-law who spent thousands of dollars on Kindle books didn't understand that she couldn't ever read any of those books using anything other than Kindle, and that she could never give them to somebody else to read (like my son who doesn't have an Amazon account). These people making these decisions are not well-informed. They assume they're not being screwed over, but they're in for a rude awakening.
We are rapidly moving to a world where there are no options for people to run software of their choosing on mobile devices. And we already know that the mobile manufacturers operate at the behest of the US government. This is not a pattern that I think is going to serve us well in the coming decades.
At some point, you have to figure out who your mobile devices are working for.
Which is exactly as it should be
Nobody else would bother. That’s why meme language repositories continuously lead to hacks and vulnerabilities.
Right now you have a lot of piracy apps which are disguised as a "note taking app" and they passed the appstore review without any issues.
[0] https://appstoreconnect.apple.com/WebObjects/iTunesConnect.w... [1] https://developer.apple.com/support/downloads/terms/apple-de...
All the relevant agreements can be found here, so if there's something that specifies this kind of overreach, I'd both be very surprised and interested.
Edit: oh, are you saying that such requests would be "Apple confidential information" so nobody would say if it happened?
> any information disclosed by Apple to you in connection with Apple Events will be considered and referred to as “Apple Confidential Information” and are subject to the confidentiality obligations of this Agreement
The definition of Apple Events:
> As an Apple Developer, you may have the opportunity to attend certain Apple developer conferences, technical talks, and other events (including online or electronic broadcasts of such events) (“Apple Events”).
I don't trust Apple's App Store review. They've approved countless scams that have tricked Apple users out of a lot of money, perhaps $billions in total.
You have to trust native apps, as it always was the case. You can't just install random apps. You can delegate the trust to a curated lists of apps that you trust.
Or you can just use the web apps, but then you have to trust them too (so they don't misuse information about you or your data for example). But then it can't integrate with anything and many features are simply not available.
As for your example, a photo editor could need a network connection when it contains collaborative features. Or an auto-update system. Or downloading of assets on demand. Or cloud AI feature. Or list of add-ons to install. Or for license checks. Or online help/docs. Or whatever.
Not only are all of these functions and corresponding permissions completely standard for all kinds of applications, they belong to the core of what any system that calls itself an "operating system" should deliver to developers and end users.
You don't need full unlimited access to everything in order to send a file.
But in the end the file access issue is an operating system deficiency. They could offer more fine-grained access control but the common operating systems don't. It's ultimately a matter of user convenience.
The only problem is that nobody cares, so there's no evolutionary pressure for OS developers to make their products safer in the sense the applications are safe for user.
Notarization is only needed when distributing binaries to others. Personally I do it once a month for the Mac app I distribute.