I'm concerned about the security of my binary after I submit it for the notarization process.
What steps does Apple take to ensure that the binaries I submit for notarization do not leak out into unintednded hands?
I think I read somewhere in the official doc that even the notarization response links expire in a day (can't find it though - anyone knows which document says that?), and I don't see any way to get back to the binary after I submit it, but I would appreciate further clarification.
There should be no expectation of security of binaries. The Notarization process is for distribution of software. Ergo, you wouldn't be notarizing it if you didn't intend to distribute it. If you are distributing it, then anyone to whom you send it could re-distribute it. If they do so illegally, then you are certainly free to take any legal action as necessary.
Of all the people that you might send your files to, Apple is the least likely to allow it to "leak" to "unintended hands". Apple respects the privacy and personal information of all of its users and developers. I would argue that Apple's level of protection of your data is probably is probably higher than what you would find at any other company.
That being said, Apple's first priority is to its customers. If you read your Developer agreement, the section for Notarization says "Apple shall not be responsible for any costs, expenses, damages, losses or other liabilities You may incur as a result of Your Application development, use of the Apple Software, Apple Services (including this digital notary service), or Apple Certificates, tickets, or participation in the Program, including without limitation the fact that Apple performs security checks on Your Application."
What this means is that, although I personally think your binaries are safe with Apple, there are no guarantees.
Apple has a pretty good track record for keeping stuff secret and, speaking personally, I’m not aware of any way that random folks can download the software that you submit for notarisation. However, it seems like you’re looking for an official assurance about this. If so, you won’t get that here on DevForums. DevForums is an informal support channel, and we don’t use it for making policy statements.
My recommendation here is that you file a bug against the notarisation documentation requesting that it include the assurances you need.
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
Have you filed a bug?
What is the policy on submitted notarization data?
Confidentiality level of the submitted binaries (and disk images, which includes non-binaries).
What is the data retention policy and duration?
Is there a way to un-notarize a binary (i.e. remove copy on Apple’s servers) when there’s a need for that? (e.g. EU’s “right to forget” should a DMG contain data on a natural person, license expiration of contained photographs or clip-arts, etc)