> The server polls are a backwards compatibility fallback.
This is not true. Gatekeeper will phone home regardless. The stapled notarization tickets are actually the fallback, in case the server check fails for some reason, such as no internet connection.
Remember that notarization tickets can be revoked by Apple! In fact, security researchers have found many instances of notarized malware. Notarization is no guarantee against malware. A notarization ticket just says that the app was validly signed, and that Apple checked the app for malware at the time and didn't find any. At the time. Malware checks are improved. Malware is found after the fact.
Are you sure? Perhaps it changed at some point - that could be the case. Apple employee Quinn "The Eskimo" states clearly here that the network check is done only if not stapled:
Apple can revoke tickets without synchronously checking on every first launch. Mac malware isn't that common, so they could easily use a CRL pushed to clients (for example) on a regular schedule.
It can also be verified visually. Download a notarized stapled app, disable your internet connection, and launch the app. You'll see a Gatekeeper dialog like this:
"Safari downloaded this file on [date]. As of [date], Apple checked it for malicious software and none was detected."
Notice "As of [date]".
Then press Cancel, re-enable your internet, and launch the app again.
This time "As of [date]" is gone! It's phoned home to check.
This is not true. Gatekeeper will phone home regardless. The stapled notarization tickets are actually the fallback, in case the server check fails for some reason, such as no internet connection.
Remember that notarization tickets can be revoked by Apple! In fact, security researchers have found many instances of notarized malware. Notarization is no guarantee against malware. A notarization ticket just says that the app was validly signed, and that Apple checked the app for malware at the time and didn't find any. At the time. Malware checks are improved. Malware is found after the fact.