2

Is it necessary to notarize app before uploading to Apple App Store? I come across some article says that notarization is needed for non-app store distribution, while apple will run notarization before approving an app store version. Anyone can confirm?

The reason I ask this question is because I notarized the app for outside Mac App Store distribution and it works fine. For the Mac app store build, I can upload and distribute it and it works fine on Mac, only have issue on Catalina(beta) when user try to open, see attached pic. Wonder if it's related to notarization.

enter image description here

Update: the issue was not due to notarization, but due to code signing. One of the node binary is not signed before uploading to MAS, maybe Catalina has a more strict rule checking it.

Bruce Lin
  • 2,700
  • 6
  • 28
  • 38
  • 1
    Why not read the docs and find out what Apple says about it? – matt Aug 17 '19 at 01:00
  • The documentation clearly paints notarization as an optional (and indeed - basically required on macOS 10.15) step when distributing outside the Mac App Store; but doesn't mention it as a requirement when submitting an app for App Store distribution. For those with an understanding of how the submission, review and distribution works in the Mac App Store, then it's probably obvious that it's not required. But the downvotes and snark seem unwarranted here. – TheNextman Aug 18 '19 at 05:24
  • I couldn't find an official document that mention if it's required to notarize for App store, then emailed Apple and they said it's necessary to notarize for Apple store as well. – Bruce Lin Aug 21 '19 at 17:49
  • No, it's not required. Here is reference https://developer.apple.com/developer-id/ "Gatekeeper on macOS helps protect users from downloading and installing malicious software by checking for a Developer ID certificate from apps distributed outside the Mac App Store. Make sure to sign any apps, plug-ins, or installer packages that you distribute to let Gatekeeper know they’re safe to install. And now, you can give users even more confidence in your apps running on macOS Mojave by submitting them to Apple to be notarized." – Parag Bafna Aug 21 '19 at 18:19
  • @ParagBafna Yeah the document says notarization is required for outside MAS distribution but didn't say if it's required for MAS build? How can we be sure..? – Bruce Lin Aug 23 '19 at 00:25

2 Answers2

1

Notarization is only required for distribution outside the Mac App Store. See Distribute outside the Mac App Store (macOS), which says:

In some cases, you may want to distribute an app outside of the Mac App Store [...] Users gain additional assurance if your Developer ID-signed app is also notarized by Apple.

The macOS User Guide has this to say:

App Store: [...] All the developers of apps in the Mac App Store are identified by Apple, and each app is reviewed before it’s accepted

App Store and identified developers: [...] Identified developers are registered with Apple and can optionally upload their apps to Apple for a security check. If problems occur with an app, Apple can revoke its authorization.

Community
  • 1
  • 1
TheNextman
  • 12,428
  • 2
  • 36
  • 75
1

No, it's not required. Apps downloaded from the app store are not notarized. You can verify it using spctl command.

spctl -a -v /Applications/Pages.app 
/Applications/Pages.app: accepted
source=Mac App Store

Gatekeeper will check notarization only if the app is downloaded from outside the App Store.
From Safely open apps on your Mac

When you install Mac apps, plug-ins, and installer packages from outside the App Store, macOS checks the Developer ID signature and notarization status to verify that the software is from an identified developer and that it has not been altered.

Parag Bafna
  • 22,812
  • 8
  • 71
  • 144
  • Thanks Parag! Do you know the error in the screen shot by any chance? - "xxx can not be opened because it's integrity can not be verified" – Bruce Lin Aug 26 '19 at 20:27