The Mac and Windows versions of my applications are code-signed, for the peace of mind of you and your customers. For instance, on Windows, when your customer installs the FTProofsheet Client (or you install the lab-side administrator program), there is no “Unknown Publisher” warning. On the Mac side, the user actually has to jump through some hoops to install an unsigned app. One of those “hoops” is the option to turn off macOS’s “Gatekeeper” security. This is NOT recommended–and most users would look askance at you if you asked them to. Unsigned apps can be installed with Gatekeeper active, but the method is not common knowledge to any but “power users”.
So I make it easy, and the apps and the installers are signed with my digital certificate. A “signed” app means that I am who I say I am, and that the code has not been modified downstream from me. Any alterations would break the signature.
On occasion, malevolent apps manage to get around this, by being signed with apparently legitimate certificates. For Apple’s part, in addition to revoking such certificates as soon as this is found, they have upped the ante on security. The current iteration of macOS, 10.14.x “Mojave”, has introduced a concept known as “Notarization”. In a nutshell, this means that a developer’s signed installer package is sent to Apple for analysis. The package is notarized upon their satisfaction, and can be distributed thereafter.
Notarization is not mandatory yet, but may be in a future version of Mojave, and definitely will be in a future version of macOS. Note that this refers to new installations; existing functional apps should not suddenly break. There are still kinks to work out in this process. At this writing, I have successfully notarized a beta Mac version of the next update to the FTProofsheet Client. The current release of the Client is already Mojave-savvy, on issues such as “Dark Mode”, and I expect to be notarizing my Mac apps going forward. This is part of my ongoing effort to have my products behave like good citizens, the way users expect, on all platforms.
Leave a Reply