Re: [Fed-Talk] [EXTERNAL] ATO for Notarization?
Re: [Fed-Talk] [EXTERNAL] ATO for Notarization?
- Subject: Re: [Fed-Talk] [EXTERNAL] ATO for Notarization?
- From: Ken Hornstein via Fed-talk <email@hidden>
- Date: Fri, 19 Jul 2019 13:39:15 -0400
>Asking developers to send their apps to Apple for review is like Apple
>asking end users to send their personal data through Apple if they wish
>to send it to other users.
I do not think that's a valid analogy.
As I understand it the notarization service gets the binary application
(only once, submitted by the developer), it scans the binary for
anything malicious, and then you get your notarization ticket back
(I'm assuming it's some kind of cryptographic signature). It wouldn't
surprise me at all if Apple kept a copy of the binary around to scan it
in the future for newly discovered malicious code so it could revoke the
notarization ticket later.
But the application is the same application you are distributing to all
of your users; if you distribute your application on a public website
then Apple's not getting anything that's not available to the entire
Internet. If you distribute your application within a smaller community,
such as your enterprise or to only a few users then I can understand
why you might have a concern on what Apple is doing with your application,
but again, all they're getting is the same application binary that is
shared within your user community. It's NOWHERE NEAR the same as if
Apple was requiring end users to send personal data through Apple.
--Ken
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden