How to tell if an app is notarized

Given the importance of executable code being signed, and increasing requirements for apps to be notarized as well, it has long puzzled me that macOS is so reluctant to inform us whether an app is notarized, signed, or sandboxed. I have always thought this would be a useful addition to the Finder’s Get Info dialog when opened for an app or executable code, in the same way that an app’s architecture support is given. This article explains how you can discover this information and more.

Apps

The very best utility for discovering everything there is to know about apps and executable code is Apparency, free from Randy Saldinger at Mothers Ruin Software. Not only is it by far the most powerful and comprehensive you could ever wish for, but it’s superbly designed and integrated into macOS.

I seldom even have to open the app, as it displays all the key facts about apps, command tools and more in a replacement QuickLook thumbnail, which is duplicated in the Get Info dialog. If you do still need more information, click on the button at the foot.

Apparency provides exhaustive information about executable code, even down to details of any launch constraints that have to be satisfied for the code to be run. Launch constraints were only introduced in macOS Sonoma, and are explained here. They are responsible for preventing you from running copies of apps bundled with macOS.

Although I think they’re outclassed in every respect by Apparency, two of my older apps also provide information about signatures and notarization.

Taccy concentrates on settings and features related to TCC privacy protection.

ArchiChect is more about architectures and platforms.

If you really can’t find the information in Apparency, then you might in either of those.

Command tool

The standard command to deliver information about notarization is spctl, used as in
spctl -a -vvv -t install MyApp.app
which should return something like
/Applications/Apparency.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: Randy Saldinger (936EB786NH)

Both Taccy and ArchiChect use that to determine notarization status.

You may also come across recommendations to use the stapler command tool supplied with Xcode to check whether the notarization ticket has been stapled to the executable. Not only does that require you to install Xcode’s command tools, but it also answers a different question, whether the ticket has been stapled to the executable, rather than whether it has been notarized.

Information about notarizing code is provided in this article for developers.