Sunday, March 17, 2024

iOS Notarization’s Human Review


Notarization for iOS apps is a baseline review that applies to all apps, regardless of their distribution channel, focused on platform policies for security and privacy and to maintain device integrity. Through a combination of automated checks and human review, Notarization will help ensure apps are free of known malware, viruses, or other security threats, function as promised, and don’t expose users to egregious fraud.

This is not a quick automated check like with Mac app notarization. There is a human review step where Apple checks the app against a subset of the App Review Guidelines. There is now a “Show Notarization Review Guidelines Only” checkbox that highlights the relevant guidelines. The list is actually much more extensive than I initially thought. Health-related content is highly regulated. Multitasking and location services are restricted. You can’t use the hardware volume buttons. You can’t scrape data from Apple Web sites. Third-party login services are restricted. You can’t monetize built-in capabilities. You have to treat Apple with respect (Developer Code of Conduct). And, unfortunately, this adds delays and the possibility for human error and corporate stonewalling.

Riley Testut:

lol my clipboard manager Clip was rejected from Notarization because it “requires push notifications in order to function”

(it doesn’t, they’re optional)

This is not just a mistake. It’s a charade because it’s not possible for App Review to accurately detect this, anyway.

Kyle Howells:

Apple’s amazing innovation of bringing the fun, accuracy and unpredictability of App Review to Side Loading.

This is just what the web, the Mac, Windows, and Android have been missing all these years!

Random rejections for things your app doesn’t even do!


Update (2024-03-20): Nick Lockwood:

Sure would be a shame if folks were to spam App Store Connect with thousands of innocuous-seeming apps that after passing Apple’s approval process immediately switched to showing an unskippable full-screen message to the effect of

“App review doesn’t and cannot prevent malicious apps doing whatever they want. It’s security theatre whose real purpose is to let Apple impose artificial limitations on what iOS users can do with their own devices, and stifle innovation they don’t approve of”

Ahnaf Mahmud:

I have found 2 scam apps on the store today from the same developer, the moment you launch the apps you get redirected to a bitcoin site prompting you to install a config profile. How did these get through App Store review?

Update (2024-03-25): Riley Testut’s app is now in its 4th week of waiting for notarization review.

10 Comments RSS · Twitter · Mastodon

Calling this "Notarization" is muddying the waters. Perhaps intentionally.

Sam Rowlands

I imagine that it won't be long before iOS operates exactly how Mac, Windows and Android does. Assuming Windows and Android have a similar thing to the Mac's Notarization.

Apple's gonna fight hard to retain control, but I feel at this point it is inevitable.

With Apple fighting this hard to make software development and deployment so annoying, developer-hostile, and restricted, I don't want my next phone to be an iPhone. I'm not sure what I'll jump ship to, but I want to jump ship. I'm so tired of this.

Be prepared to be utterly confused and hate everything for a month or so.

You can't use the hardware buttons?

Apple is going to take Malicious Compliance to a whole new level!

I agree with Sam. They are fighting against this but in the end they will lose. And instead of doing something right, the way they want, they will let governments force them into it, which will be worse, but probably still better than what we had.

Sam Rowlands

I made the jump a few years ago (I got so fed up with so many little problems that irritated me every day and no resolution for years).

I bought a refurbished Zenfone for less than half it's original cost, just incase I couldn't get on with it. I enjoyed it so much, I per-ordered their next phone. There were several places in the OS that reminded me of Apple BC.

The only thing that I really miss is auto syncing of photos to my Mac, but almost everything else is there. There's a couple of apps that handle AirDrop and so on.

I would recommend buying a refurbish phone, you still get a warranty, but it's less of an investment to lose if you don't get on with Android, which to be honest isn't that different from iOS.

Once you're comfortable then fully jump right in, there's so much choice of hardware out there.

"I imagine that it won't be long before iOS operates exactly how Mac, Windows and Android does. Assuming Windows and Android have a similar thing to the Mac's Notarization."

My fear is that it won't be long before the Mac starts behaving like iOS, especially once governments and corporations get a whiff of this power: goodbye torrent clients, emulators, crypto wallets, and any other software not specifically vetted by both Apple and whatever jurisdiction the Mac is being used in.

This completely breaks trust in notarization, which is supposed to be a hands-off technology solely used for revoking access to malicious software. Now it's apparently being used for backdoored app review, (presumably) payment verification, and petty political vendettas.

"the EC told Apple that they aren't allowed to notarize apps to protect users. So "government authorities are the ones that are going to have to step up to protect" app developers and users from the risks of these 3rd-party apps."

The official Apple counter to this rather obvious thing (I.e. if I'm producing and distributing software on my own, no third party gets to meddle but I have to follow the law) is "Whaaat? How can Apple protect users if they aren't allowed to forcibly insert themselves in what other companies are doing completely apart from Apple?"

Also, Apple invoking "Tragedy of the Commons" a piece of landlord propaganda from the heydays of the Inclosure Acts is *chef's kiss*

We're well past the "Are we the bad guys?" meme and into the "Are you entertained" territory.

Sam Rowlands

@Chose, You know I thought that when the App Store first came to the Mac. I also thought that when App Sandboxing was enforced on the App Store (and I honestly thought Apple would improve the App Sandbox, but here we are). I think the likelihood of it happening is minimal...

However as time has gone by, it feels like Apple PJ has become more and more desperate, it's like there's something they know about their products, that they're working so hard to come keep from customers and shareholders.

If this CTF (Creative Thwarting Fee) comes to the macOS, I'mma stop fighting to make Mac software, buy myself one of those fancy dual screened Windows laptops and learn C# or whatever is the most popular Windows development language is.

Whats really sad is that there are factions inside of Apple who truly want and believe that Apple needs 3rd Party developers, but it's overshadowed by the general direction of the company and the App Store team. This last decade has been tiring.

Leave a Comment