IBM Security MaaS360

macOS Apps Notarization through IBM Security MaaS360 Packager

By Dhanasekar Varadarajan posted Mon January 20, 2020 10:04 AM

Co-authored by Mitt Sharma.

User privacy is one of the main differentiators for Apple compared to the other OS platforms out there. Apple has a strong review process for iOS and macOS apps through App stores to make sure they protect the privacy of the users. However, app store is not the only sources from which users can install apps. There are other ways and Apple has started extending the protection by starting with app notarization process to those sources.

For macOS devices, Apple has recently introduced a new process called App Notarization. Apple wants to make sure the macOS apps do not contain any malicious content that compromises device security and user privacy. So, from macOS 10.15 apps need to either come from the Apple app store or apps need to be notarized by Apple if coming from any other sources. Else, Gatekeeper will not allow the app to be launched after installation. It will look for this notarization ticket to decide whether to let the software to launch.  Gatekeeper enforces App Notarization and verifies downloaded applications before allowing them to run, thereby reducing the likelihood of inadvertently executing malware.

IBM Security MaaS360 has built and launched an integration with Apple to support the notarization process from day zero of macOS 10.15 launch. MaaS360 has the capability of packaging the enterprise apps and distributing to devices through the CDN server via the MaaS360 packager app. The administrator can package the app using the MaaS360 packager app and submit the app for notarization approval through the MaaS360 packager app. This makes it super easy for the administrator and helps avoid a trip to the Apple portal to notarize the app.

With a few short steps, the administrator can enable notarization with the MaaS360 packager. In Settings, the administrator needs to provide the Apple Id of the Enterprise Apple Account and App Specific Password. These credentials will be used to connect to the Apple server for notarization.

Once the app is notarized by Apple, the MaaS360 packager will directly upload the app to the CDN server and is ready for installation on devices. The administrator can track the status of the notarization submission end to end from the Maas360 packager. In case of rejection/warnings from Apple, the MaaS360 packager will show the administrator any messages provided by Apple. The Administrator can leverage the error or warning messages to take corrective action in the app and resubmit for notarization. If required, the messages from Apple can be passed to the app developer.

The administrator can also submit more than one app in parallel for notarization. The MaaS360 packager supports multiple notarization submissions while tracking status end to end.

App Notarization through the MaaS360 Packager is easy for administrators and improves macOS security. Click here to see more about app Notarization.