How to notarize a macOS app for EU developer?

by

Summary

To notarize a macOS app for EU developers, it’s essential to understand the requirements and process set by Apple. The question revolves around an issue where a developer is trying to notarize a macOS app built without Xcode, facing a rejection due to team configuration for notarization. The main goal is to successfully distribute the app from the developer’s website, bypassing the App Store.

Root Cause

The root cause of the issue lies in the misconfiguration of the developer’s team for notarization and the lack of acceptance of the Alternative Terms Addendum for Apps in the EU. Key points include:

  • Team configuration: The developer’s team must be properly set up for notarization.
  • Alternative Terms Addendum: Acceptance of this addendum is required, even for macOS apps distributed outside the App Store.
  • Marketplace token misunderstanding: The developer is not using a marketplace but is being asked for a marketplace token.

Why This Happens in Real Systems

This issue occurs due to Apple’s security and distribution policies, which are in place to ensure that apps distributed to users are safe and compliant with Apple’s guidelines. Reasons include:

  • Security measures: Apple’s notarization process is a security measure to protect users from malicious software.
  • Compliance with EU regulations: The Alternative Terms Addendum is part of Apple’s compliance with EU regulations, affecting all developers, including those distributing macOS apps directly from their websites.

Real-World Impact

The real-world impact of this issue includes:

  • Delayed distribution: The inability to notarize the app delays its distribution and availability to users.
  • User experience: Without notarization, users may face difficulties launching the app due to Gatekeeper restrictions.
  • Developer frustration: The process can be confusing and frustrating for developers, especially those not familiar with Apple’s notarization requirements.

Example or Code (if necessary and relevant)

# Example of how to notarize an app using the command line
xcrun altool --notarize-app --primary-bundle-id "com.example.app" --username "your@apple.com" --password "your_app_specific_password" --asc-provider "YOUR_TEAM_ID"

How Senior Engineers Fix It

Senior engineers fix this issue by:

  • Carefully reviewing Apple’s documentation on notarization and team configuration.
  • Accepting the Alternative Terms Addendum as required.
  • Correctly configuring their team for notarization.
  • Understanding the notarization process and using the appropriate tools, such as altool, for notarizing their apps.

Why Juniors Miss It

Junior engineers might miss this due to:

  • Lack of experience with Apple’s notarization process and policies.
  • Insufficient understanding of the requirements for distributing macOS apps outside the App Store.
  • Overlooking details in Apple’s documentation and support resources.
  • Misinterpreting the need for a marketplace token when distributing directly from their website.