Another more complicated class of software are plug-ins for other apps, which have to be notarized, otherwise the user may have to explicitly approve the plug-in through the General tab of the Security & Privacy pane (when they’re quarantined). There are some small but important exceptions to this, kernel extensions in particular, which are required to be notarized on both Intel and M1 Macs. Code signed using a developer certificate, whether or not it’s notarized, can be run without penalty on all Macs.Code signed using ad hoc rather than Apple-issued certificates can be run without penalty on all Macs, including natively on M1 Macs.Completely unsigned code can still be run without penalty on Intel Macs, and on M1 Macs only in Rosetta 2.
Nor has Apple announced any change in rules over the signing or delivery of software. Although Apple makes this a rule for developers, users aren’t limited by it in any meaningful way: downloading and using an app which isn’t notarized involves a small detour on the first run, but that doesn’t seem set to change in macOS 12. Under current rules, all third-party developers of software for macOS are supposed to deliver their software through the App Store, or to notarize it before distributing it independently. This article explains what’s happening, and considers whether it’s benefiting the user. One of the most pervasive changes in macOS security, notarization of apps, is set to change again this summer.