Q&A with the Mac notary service team

1 year ago 8

A reddish fastener icon acceptable against a inheritance of grey grids oriented diagonally.

Security is astatine the halfway of each Apple platform. The Mac notary work squad is portion of Apple Security Engineering and Architecture, and successful this Q&A, they stock their tips connected app organisation and relationship information to assistance Mac developers person a affirmative acquisition — and support their users.

When should I taxable my caller app for notarization?

Apps should beryllium mostly implicit astatine the clip of notarization. There’s nary request to notarize an app that isn’t functional yet.

How often should I taxable my app for notarization?

You should taxable each versions you mightiness privation to distribute, including beta versions. That’s due to the fact that we physique a illustration of your unsocial bundle to assistance separate your apps from different developers’ apps, arsenic good arsenic malware. As we merchandise caller signatures to artifact malware, this illustration helps guarantee that the bundle you’ve notarized is unaffected.

What happens if my app is selected for further analysis?

Some uploads to the notary work necessitate further evaluation. If your app falls into this category, remainder assured that we’ve received your record and volition implicit the analysis, though it whitethorn instrumentality longer than usual. In addition, if you’ve made changes to your app portion a anterior upload has been delayed, it’s good to upload a caller build.

What should I bash if my app is rejected?

Keep successful caput that bare apps oregon apps that mightiness harm someone’s machine (by changing important strategy settings without the owner’s knowledge, for instance) whitethorn beryllium rejected, adjacent if they’re not malicious. If your app is rejected, archetypal corroborate that your app doesn’t incorporate malware. Then find whether it should beryllium distributed privately instead, specified arsenic wrong your endeavor via MDM.

What should I bash if my concern changes?

Keep your developer relationship details — including your concern name, interaction info, address, and agreements — up to date. Drastic shifts successful relationship enactment oregon bundle you notarize tin beryllium signs that your relationship oregon certificate has been compromised. If we announcement this benignant of activity, we whitethorn suspend your relationship portion we analyse further.

I’m a contractor. What are immoderate ways to marque definite I’m processing responsibly?

Be cautious if anyone asks you to:

Sign, notarize, oregon administer binaries that you didn’t develop.
Develop bundle that appears to beryllium a clone of existing software.
Develop what looks similar an interior endeavor exertion erstwhile your lawsuit isn’t an worker of that company.
Develop bundle successful a high-risk category, similar VPNs, strategy utilities, finance, oregon surveillance apps. These categories of bundle person privileged entree to backstage data, expanding the hazard to users.

Remember: It’s your work to cognize your lawsuit and the functionality of each bundle you physique and/or sign.

What tin I bash to support power of my developer account?

Since malware developers whitethorn effort to summation entree to morganatic accounts to fell their activity, beryllium definite you person two-factor authentication enabled. Bad actors whitethorn besides airs arsenic consultants oregon employees and inquire you to adhd them to your developer team. Luckily, there’s an casual solve: Don’t stock entree to your accounts.