←back to thread

The Anatomy of a macOS App

(eclecticlight.co)
278 points elashri | 3 comments | 07 Dec 25 12:31 UTC | HN request time: 0.577s | source
Show context
mitchellh ◴[07 Dec 25 15:12 UTC] No.46182248[source]
> while that shown in blue is the stapled notarisation ticket (optional)

This is correct, but practically speaking non-notarized apps are pretty terrible to use for a user enough so that this isn't optional and you're going to pay your $99/yr Apple tax.

(This only applies to distributed software, if you are only building and running apps for your own personal use, its not bad because macOS lets you do that without the scary warnings)

For users who aren't aware of notarization, your app looks straight up broken. See screenshots in the Apple support site here: https://support.apple.com/en-us/102445

For users who are aware, you used to be able to right click and "run" apps and nowadays you need to actually go all the way into system settings to allow it: https://developer.apple.com/news/?id=saqachfa

I'm generally a fan of what Apple does for security but I think notarization specifically for apps outside the App Store has been a net negative for all parties involved. I'd love to hear a refutation to that because I've tried to find concrete evidence that notarization has helped prevent real issues and haven't been able to yet.

replies(8): >>46182546 #>>46183094 #>>46183222 #>>46183383 #>>46183424 #>>46185443 #>>46186860 #>>46190047 #
1. internet2000 ◴[07 Dec 25 17:34 UTC] No.46183424[source]
Maybe half of the 3rd party apps I have on my applications folder right now are not notarized. It’s really not that big of a deal.
replies(2): >>46184307 #>>46185458 #
2. jonathanlydall ◴[07 Dec 25 19:26 UTC] No.46184307[source]
It’s a friction point for potential customers, so we do it with our Electron based app,

The USD 99 annual fee is almost inconsequential, the painful part was getting a DUNS number (we’re a South African entity) and then getting it to work in a completely automated manner on our build server.

Fortunately, once set up it’s been almost no work since.

3. sneak ◴[07 Dec 25 21:41 UTC] No.46185458[source]
It is a big deal. You can no longer just right click apps to run them, you have to take a trip to a subpanel of system settings, after clicking though two different dialogs that are designed to scare you into thinking something is wrong (one mentions malware by name).

For normal users this might as well be impossible.

Remember, your average user needs a shortcut to /Applications inside the .dmg image otherwise they won’t know where to drag the app to to install it.