Comment by btown
4 years ago
Designing systems that don't empower abusers is so, so incredibly important.
Completely separately, though, it's also the case that OP is essentially building an Internet-connected backdoor into the system that will have been permitted to monitor cross-app activity. Even if data is E2E encrypted, that doesn't mean the software is immune from vulnerabilities that could then piggyback on the elevated permissions given to the app. And OP being a bootstrapped developer without the resources to have robust security practices is a liability here. Apple's response to treat this as a vulnerability is reasonable.
(As a side note, if OP wanted to distribute source code and unsigned binaries, macOS would allow an end user to run that software, and that's a perfectly reasonable caveat emptor for me. But Apple is under no obligation to digitally vouch for software that enables abusers and hackers.)
I mean, you can run any binary you want on MacOS if you disable Gatekeeper or go into the security settings and allow an exception for it. The developer doesn't need to be known or notarized by Apple. If you trust the source, go for it. If it's your wife or child's computer and you're installing spyware on it anyway, why worry?