| ▲ | alin23 5 hours ago | |
Notarization is mostly a glorified malware scan. There's no Apple engineer auditing what's being sent for notarization. Even clever malware can evade notarization scans and be distributed as a notarized binary, it has happened in the past [0] There's no better way for auditing such an app than having the code easily available and looking through it, and compiling it yourself. Which is already the case here. [0] https://thehackernews.com/2025/12/new-macsync-macos-stealer-... | ||
| ▲ | burnerthrow008 4 hours ago | parent [-] | |
Your link says that Apple revoked the certificate used to sign the malware by the time the story was published. | ||