![](https://help.apple.com/assets/663BFE394E05E4CA5D0A02DC/663BFE3C4E05E4CA5D0A02E8/en_US/52d714626638d3391623c853be0c593b.png)
App code signing process in macOS
All apps from the App Store are signed by Apple. This signing is designed to ensure that they haven’t been tampered with or altered. Apple signs any apps provided with Apple devices.
On devices with macOS 10.15, all apps distributed outside the App Store must be signed by the developer using an Apple-issued Developer ID certificate (combined with a private key) and notarized by Apple to run under the default Gatekeeper settings. Apps developed in-house should also be signed with an Apple-issued Developer ID so that users can validate their integrity.
On devices with macOS, code signing and notarization work independently—and can be performed by different actors—for different goals. Code signing is performed by the developer using their Developer ID certificate (issued by Apple). Verification of this signature proves to the user that a developer’s software hasn’t been tampered with since the developer built and signed it. Notarization can be performed by anyone in the software distribution chain and proves that Apple has been provided a copy of the code to check for malware and no known malware was found. The output of Notarization is a ticket, which is stored on Apple servers and can be optionally stapled to the app (by anyone) without invalidating the signature of the developer.
Mandatory Access Controls (MACs) require code signing to enable entitlements protected by the system. For example, apps requiring access through the firewall must be code signed with the appropriate MAC entitlement.