App notarized but Gatekeeper still shows app as untrusted

Question

Recently notarized my application directly through XCode to verify if it works correctly on macOS 10.15 Catalina and ran into an issue where the Gatekeeper popup while launching the application does not mention that the Apple checked the app for malicious software and still shows an exclamation over the security icon. Screenshotof popup

Running the

spctl

tool on the application returns the following.

$ spctl -a -vvv /path/to/application.app
NotarizationTest1.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: DEVELOPER NAME (#certificate_id)

which states that the application is notarized.

The application also runs without any problems after clicking on "open" in the Gatekeeper prompt which, if I understand correctly, will not happen if the app was not notarized correctly on macOS 10.15+.

Any reason why the popup should still not show the app as trusted with these points in mind?

Beta
macOS

3.4k

Posted by

vish90

Reply

Add a Comment

Answer 1

Seems like every app I've tried is doing this in the latest beta. Adobe Reader DC for example, the DMG is failing security checks and the .pkg installer. I needed to Right-Click override both to install.

Posted by

ITTalk

Add a Comment

Answer 2

You should still get that pop-up, even with a notarized app. That is the first-level of Gatekeeper. It may be that Apple just removed the text saying "Apple checked the app for malware and none was found". That text is now superfluous since Notarization is required and could have legal implications that Apple wants to avoid.

Posted by

john daniel

Add a Comment

Answer 3

Apple says that: "Apps that haven’t been notarized show a yellow warning icon" (https://support.apple.com/en-us/HT202491).

I am seeing the same thing: DMGs I have notarized and stapled correctly (according to xcrun altool) display the yellow warning icon when opened. However, the alerts still present an "Open" button, just like the "passed a security check" alert. That alert states that Apple has "checked the software for malicious software and none was detected".

Apple should fix this. I'd prefer my users saw that message rather than the vague warning.

Posted by

DougAdams

Add a Comment

Answer 4

Thanks for posting that support link. It clearly shows the difference. That first "downloaded app" dialog (with no yellow icon) is gone. Apple has taken the unnotarized dialog in Mojave and is using it as the "downloaded app" dialog in Catalina.

Posted by

john daniel

Add a Comment

Answer 5

I hope this is not permanent. I thought that was the whole point of notarization: to let users know they are opening software that has been checked by Apple. What's the point of going through all the notarization folderol and not getting Apple to vouch for it.

Posted by

DougAdams

Add a Comment

Answer 6

Apple changed the rules. If you don’t notarize, it doesn’t install at all.

Posted by

john daniel

Add a Comment

Answer 7

I believe that is incorrect. I am able to install, open and run web browser-downloaded non-codesigned/non-notarized apps in Catalina with the right-click trick.

Posted by

DougAdams

Add a Comment

Answer 8

Could you post screenshots? My situation is that on Catalina, whether I double click, control+click and choose "open", or right click and choose "open", I get the same dialog box, which just says "the following disk images couldn't be opened".

To give you an idea, I get this even for example even when trying to access files from Apple: Download for Sketch

-Verxion

Posted by

Verxion

Add a Comment

Answer 9

Actually just found a solution for my issue with not being able to open ANY dmg on Catalina:

sudo spctl --master-disable

Posted by

Verxion

Add a Comment

App notarized but Gatekeeper still shows app as untrusted

Replies