development

Notarization

Apple's security scanning service for macOS apps distributed outside the App Store. The app is submitted to Apple, scanned for malware, and issued a ticket that macOS Gatekeeper trusts.

code signing gatekeeper hardened runtime

Notarization is Apple’s automated security review for macOS apps distributed outside the Mac App Store (Developer ID distribution). It ensures that the app does not contain known malware and meets Apple’s security requirements.

How Notarization Works

  1. You sign your macOS app with a Developer ID certificate
  2. You submit the app to Apple’s notarization service using notarytool
  3. Apple scans the binary for malicious content (typically 5-15 minutes)
  4. If approved, Apple issues a notarization ticket
  5. You staple the ticket to your app binary
  6. When users download and open the app, macOS Gatekeeper verifies the ticket

Why It Is Required

Since macOS Catalina, Gatekeeper blocks unsigned or unnotarized apps by default. Users see a warning dialog that discourages opening the app. Notarization removes this warning and provides a smooth first-launch experience.

Requirements

  • App signed with Developer ID Application certificate
  • Hardened Runtime enabled
  • All nested code (frameworks, helpers) also signed
  • Secure timestamp in the code signature
  • No disallowed entitlements

Submitting for Notarization

xcrun notarytool submit YourApp.dmg \
  --apple-id "your@email.com" \
  --team-id "YOUR_TEAM_ID" \
  --password "app-specific-password" \
  --wait

After approval, staple the ticket:

xcrun stapler staple YourApp.dmg