Develop Reference

Is notarization necessary for Mac App store release?

Is it necessary to notarize app before uploading to Apple App Store? I come across some article says that notarization is needed for non-app store distribution, while apple will run notarization before approving an app store version.
Anyone can confirm?
The reason I ask this question is because I notarized the app for outside Mac App Store distribution and it works fine. For the Mac app store build, I can upload and distribute it and it works fine on Mac, only have issue on Catalina(beta) when user try to open, see attached pic. Wonder if it's related to notarization.
Update: the issue was not due to notarization, but due to code signing. One of the node binary is not signed before uploading to MAS, maybe Catalina has a more strict rule checking it.

No, it's not required. Apps downloaded from the app store are not notarized. You can verify it using spctl command.
spctl -a -v /Applications/Pages.app
/Applications/Pages.app: accepted
source=Mac App Store
Gatekeeper will check notarization only if the app is downloaded from outside the App Store.
From Safely open apps on your Mac
When you install Mac apps, plug-ins, and installer packages from
outside the App Store, macOS checks the Developer ID signature and
notarization status to verify that the software is from an identified
developer and that it has not been altered.

Notarization is only required for distribution outside the Mac App Store. See Distribute outside the Mac App Store (macOS), which says:
In some cases, you may want to distribute an app outside of the Mac App Store [...] Users gain additional assurance if your Developer ID-signed app is also notarized by Apple.
The macOS User Guide has this to say:
App Store: [...] All the developers of apps in the Mac App Store are identified by Apple, and each app is reviewed before it’s accepted
App Store and identified developers: [...] Identified developers are registered with Apple and can optionally upload their apps to Apple for a security check. If problems occur with an app, Apple can revoke its authorization.

Distributing Mac App via Mac App Store and Own Website

I want to distribute my Mac App on both Mac App Store and my own website. The Mac App Store app will be signed via the Mac App Distribution certificate from Apple and the Website version will be signed via the Developer ID Application certificate. The website version will be distributed as a simple MyAppName.zip file that lets the user unpack MyAppName.app to where ever the user wishes. My app is a document based app that creates documents with extension .mydoc
I have two options to implement such a scenario.
First, and my preferred method is to have same bundle identifier for both apps. If a user tries to install from MAS first and then website; Will both apps live on my Mac without any issues? If a user installs the website version first, and then tries to install from MAS, how will MAS behave? How is it decided that which app will open my document by default?
Second, I use different bundle identifier for the apps on MAS and my website. Essentially they are different apps and I don't like this because it is confusing for a user because the apps look and behave exactly the same. In this case, how is it decided which one of the apps will open my document by default?

If a user tries to install from MAS first and then website; Will both apps live on my Mac without any issues? Answer: YES
If a user installs the website version first, and then tries to install from MAS, how will MAS behave? Answer: MAS will ask user that there already exists a version and if it should be kept.
How is it decided that which app will open my document by default? Answer:
Launch Services documentation says the the behavior is not determinate. So either one will open.
Second, I use different bundle identifier for the apps on MAS and my website. Essentially they are different apps and I don't like this because it is confusing for a user because the apps look and behave exactly the same. In this case, how is it decided which one of the apps will open my document by default? Answer:
Launch Services documentation says the the behavior is not determinate. So either one will open.

Revoke / invalidate Mac app signed with Developer ID

I used to distribute a Mac app signed with Developer ID internally. Now I sell this app through the Mac App Store. Is there any way to invalidate the old Developer ID signature, or prevent the old app from running? I'd like to stop the old version from being used, or at least stop it from being redistributed.

If your internal app has no way to update itself them you really can't do much.
What you can do is revoke your certificate and release a new version of your app on the Mac App Store. This still won't prevent the already installed app from running. Just that newer installs can be prohibited.
In your Mac app store version of the app make sure you have some upgrade logic. I.e., if the user has the older app and the newer one then the newer one should delete the older app.
I hope it helps.

Unlocking Developer ID version of app if Mac App Store version is present on system

I'm currently working on sandboxing some of my applications and it looks like I'll have to get rid of a few features just to satisfy the Mac App Store sandboxing (and other) rules.
Obviously users won't be happy about losing features and I fear they won't blame Apple for making stupid rules and we developers will have to bear the brunt of the anger.
In this vein, I'm thinking about building a system that means that if a user buys the Mac App Store version, s/he'll get the "normal" distribution version for free.
Since I have no idea what the email of the people buying my apps on the Mac App Store is and I don't want to have to handle such cases "by hand", I'd like to find a way of doing so automatically.
I've been thinking about just looking on the hard disk, finding an installed version of the program from the Mac App Store and then unlock the "distribution" version as well.
I'm just not certain whether this doesn't break Mac App Store rules..
is looking for the MAS receipt okay in terms of the MAS rules?
can I verify the MAS receipt using the same mechanism as is embedded in the MAS version of my program?
Is anybody else thinking along these lines?
Best regards,
Frank

I do something like this to enable Mac App Store customers to easily beta test new versions of my app downloaded from my website while still enforcing licensing. Upon startup of the MAS version of my app, I copy its receipt into /Library/Application Support/MyAppName/. Beta versions of the non-MAS version of my app include the same receipt validation code as the MAS version. They look for a receipt in the App Support folder, and validate it, running in licensed-mode if the receipt is valid.
I've been doing this since shortly after the launch of the Mac App Store, as have other developers with no problem. What you describe should be just fine.

Must I used my developer account when downloading Xcode from the App Store?

Regular distributions of Xcode are now available exclusively from the OS X App Store, but (like many, I expect) my App Store account and developer accounts use different Apple IDs. All my previous installations of Xcode have used my developer account, and I also wonder if there are critical parts of the Xcode configuration (e.g. provisioning profiles, etc.) that rely on Xcode having been installed using the developer Apple ID.
Are there any undesirable consequences to simply installing Xcode from the App Store using my personal account? Or, should I (can I, must I) log in to the App Store using my developer Apple ID instead?

You can use whatever Apple ID you want to download Xcode from the Mac App Store. There's nothing special about what it downloads. You'll need to log in to the developer portal though to download beta versions.

You can download Xcode (and lots of other stuff) from Apple's developer downloads website.
I very much doubt, therefore, that it matters whether you got it from the Mac App Store or not.