The ‘Danger' of Unsigned Mac Apps

Jeff Johnson:

In 2012, Apple added Gatekeeper to Mac OS X (now macOS). When you try to run Mac software downloaded from the internet, Gatekeeper checks whether the software was signed with a valid Developer ID certificate. If not, then Gatekeeper refuses to run the software. Over the years, Gatekeeper has become more strict, recently adding a notarization requirement. On macOS Catalina, Gatekeeper not only checks whether the software was signed by a valid Developer ID certificate, it also “phones home” to check whether Apple has notarized the software, again refusing to run it if the check fails. Mac developers must sign up for the Apple Developer Program, sign a legal agreement, and pay an annual fee of USD $99 plus tax in order to obtain a Developer ID code signing certificate and upload software to Apple for notarization.

Can you distribute Mac software over the internet without signing it, thereby avoiding Developer ID and notarization entirely? Technically, currently, yes, although Apple has indicated that a future version of macOS may not allow unsigned code to run at all. Some people claim that Mac users can “just right click” to run unsigned software. But what does that mean exactly? Let’s look at the user experience, in a series of screenshots.

In the eight years that I’ve been using macOS as my primary operating system, the instances of unsigned apps has steadily decreased as macOS’s security ‘protection’ has ratcheted upwards. (I’m using quotes because Apple are very opaque about why they put these measures in place, and increasingly they feel more like inconvenience than protection.)

Jeff’s post includes screenshots illustrating just how scary Apple makes it for users, and how many hoops you need to jump through to run an unsigned app. As he notes at the end:

If you’re a “pro” Mac user, and you already know and expect this procedure, then it’s not that difficult. But if you’re a Mac user who has never seen this before, the odds that you make it through to the end are near zero. Most users would be scared away, rightfully so. Apple is specifically, deliberately warning you about malware and exposing yourself, so who in their right mind would ignore the warning, if they didn’t already know that it was “safe” to ignore?

As a Mac developer, it’s nearly impossible to run a viable software business when this is the first-run experience of new customers. You’ll never get any new customers! This is why every Mac developer I know signs up for Developer ID and ships only signed, notarized apps. It would be financial suicide to do otherwise. Technically, the option is there to “just right click”, but practically, it’s not a viable distribution option for Mac developers. From a business perspective, there’s no avoiding the Gatekeeper.