I'm probably misunderstanding something, but this is a real puzzle.
The short version is I have an application, that is not notarized, that runs fine on Catalina (released version) without any complaints.
Here are some data points that might help:
I have a clean install of macOS 10.15 released version. I have an unsigned installer that installs a partially-signed application bundle. Nothing is notarized. The application was recently built (if that's the same as the timestamp of its signing, then it was built on Sept 6, 2019). The installer also installs a signed kernel extension..
No issues at install or launch time. When the kext is loaded, I do get the "System Extension Blocked" dialog. I click "Allow", and everything's fine.
But nothing is notarized except maybe the kernel extension, according to kextutil -nt: /Library/Filesystems/efsfuse.fs/Contents/Extensions/10.15/efsfuse.kext appears to be loadable (including linkage for on-disk libraries).
Even though everything seems to be running fine, I need to solve the mystery: How can this be working if it's not notarized and on macOS 10.15?
I'm hoping someone can shed some light on this, 'cause I'm stumped!
As things currently stand on 10.15, the notarisation check is done by Gatekeeper, that is, when a quarantined product is used for the first time. If the product is never quarantined, there’s no notarisation check. I recommend that you watch WWDC 2019 Session 701 Advances in macOS Security, and specifically the part leading up to slide 39, which explains the current state of affairs in detail.
Share and Enjoy
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"