FSF EU Notarization Complaint

Free Software Foundation Europe (via Hacker News):

The EU’s Digital Markets Act (DMA) aims for a structural reset of power in digital markets, a shift from corporate control toward device neutrality, where users decide what runs on their devices. For Free Software, this legislation can be a unique opportunity by finally opening closed ecosystems - like iOS - to Free Software alternatives. Apple has reacted aggressively against the DMA, litigating against regulators, and unfairly excluding Free Software from iOS and iPadOS by blocking the unfettered installation of software (sideloading), prohibiting alternative app stores, and hindering interoperability.

[…]

Apple’s complete review of apps – known as “notarisation” process - a mandatory step for distributing any software on its platforms, represents the very gatekeeping behaviour the DMA was written to prevent.

Notarisation forces all apps, even those distributed outside Apple’s App Store, to be submitted to Apple’s servers for scanning, approval, and cryptographic re-signing before installation. The result is that Apple retains full control over what software users can install and how developers can distribute it. This transforms Apple’s self-appointed “security review” into a choke-point of power, locking in developers and users into the company’s proprietary ecosystem.

[…]

The alternative to Apple’s notarisation already exists, and it works. Decentralised curation, as practised by repositories like F-Droid, shows that security and software freedom coexist inherently. Instead of concentrating trust in a single private authority, decentralised systems distribute it: through transparent verification pipelines, reproducible builds, and community audits. Users choose whom to trust, and curators are accountable to the public, not to corporate shareholders. This model embodies the DMA’s vision of interoperability and openness far better than Apple’s notarisation.

I continue to have problems with even the automated notarization for Mac apps. Seemingly every other build these days, I get an error like this:

[15:16:58.729Z] Warning [KEYCHAIN] Couldn't find keychain item matching ["r_Attributes": true, "acct": "com.apple.gke.notary.tool.saved-creds.AppleNotaryProfile", "sync": "syna", "labl": "com.apple.gke.notary.tool", "class": genp, "m_Limit": m_LimitOne, "r_Data": true]. An error occurred while accessing the keychain. The specified item could not be found in the keychain.
[15:16:58.729Z] Info [KEYCHAIN] No Keychain password item found for: AppleNotaryProfile
Error: No Keychain password item found for profile: AppleNotaryProfile

The first few times, I would run notarytool store-credentials to fix this, but I later found that the item really is still in the keychain, and if I keep retrying the notarization it will eventually work. So, aside from the broader policy question, the reality on the ground is that notarization was introduced more than 7 years ago (with macOS 10.14) and it still adds friction and unreliability to the development process.

Hammer:

We need to push a phrase like “freely installed apps”. Don’t use their terms. When Apple talks “sideloading” correct the record “I don’t want sideloading from the App Store either, I want freely installed apps from anywhere”.

[…]

At this rate I think we’re all going to end up using Steve Jobs’s original “sweet solution” to break free.

Previously:

• iOS 26.2: App Marketplaces and Browser Choice in Japan
• Google to Require Developer Verification for Android Sideloading
• Apple’s DMA Compliance Criticized
• Mini vMac for iOS Rejected via Notarization
• iOS Notarization’s Human Review

Antitrust App Marketplaces Digital Markets Act (DMA) iOS iOS 26 Keychain Notarization Programming Sideloading Web Distribution of iOS Apps

1 Comment RSS · Twitter · Mastodon

---

Leave a Comment

Name

E-mail (will not be published)

Web site

Δ