Learn how Notarization scans for malware

Notarization is a malware scanning service that Apple provides. Developers who want to distribute apps for macOS outside the App Store submit their apps for scanning as part of the distribution process.

Apple scans this software for known malware and, if none is found, issues a Notarization ticket. Typically, developers attach this ticket to their app so that Gatekeeper can verify and launch the app, even offline.

Apple can also issue a revocation ticket for apps known to be malicious—even if they’ve been previously notarized. macOS regularly checks for new revocation tickets so that Gatekeeper has the latest information and can block launch of such files. This process can very quickly block malicious apps because updates happen in the background much more frequently than even the background updates that push new XProtect signatures.

Verify Notarization status of an app

Use the spctl (SecAssessment system policy security) command-line utility to check the status of a notarized application.

In the Finder, choose Go > Utilities, then open the Terminal app.
Type spctl --assess --type execute -v /Applications/AppName.app
Press Return.
If the app you check with spctl is from the Mac App Store, the results will be:
- <app name>: accepted
- source=Mac App Store
Note: Apps distributed through the Mac App Store aren’t Notarized.
If the app you check with spctl is from a download and Notarized, the results will be:
- <app name>: accepted
- source=Notarized Developer ID
If the app you check with spctl is from a download and isn’t Notarized, the results will be:
- <app name>: rejected

Helpful?

Apple Platform Support

Learn how Notarization scans for malware

Verify Notarization status of an app