Hacker News new | past | comments | ask | show | jobs | submit login

How can they scan your software and run security checks on it based only on a hash?

Are the checks actually run locally by xCode?




> Give users even more confidence in your software by submitting it to Apple to be notarized. The service automatically scans your Developer ID-signed software and performs security checks.

Looks like it uploads a bundle to them for all that to happen on their side.


The software is sent to Apple when it is notarized. When a user downloads and runs it, it is not sent to Apple. It just uses the hash. It would be pretty crazy for Mac OS to send the whole package to Apple to do a security scan, but a naive reader might think that.


They scan the software, not your software. If the hashed match against a known scanned good bit of software then it's safe. Maybe.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: