Product update7 min read

Why Whisper Notes for Mac Uses DMG Distribution—and How to Verify It

Understand the move from the Mac App Store to a website DMG, why system-wide dictation uses Accessibility permission, and how to verify signing, notarization, and updates.

Updated

Installing a signed and notarized Whisper Notes DMG on Mac

Key takeaways

  • Website distribution can still use Developer ID signing, Apple notarization, and Gatekeeper.
  • System-wide insertion requires a clear explanation of Accessibility permission.
  • Download only from the official site and periodically review macOS privacy permissions.

Why distribution affects system-wide dictation

Whisper Notes for Mac inserts recognized text into the active application after a user-triggered shortcut. That workflow relies on macOS Accessibility permission, while sandbox and review constraints affect implementation and updates. Website DMG distribution preserves that workflow. This is a product-specific decision, not a claim that every Accessibility-enabled app must leave the Mac App Store.

What DMG, Developer ID, notarization, and Gatekeeper do

A DMG is only an installation container. Developer ID signing identifies the publisher and protects integrity; Apple notarization scans submitted software; Gatekeeper verifies these signals when the app first runs. If macOS reports an unverifiable developer, damaged signature, or unexpected source, delete the file and download it again from the official site rather than disabling system protection.

Why Accessibility permission is sensitive

Accessibility access can inspect and control interface elements. System-wide dictation uses it to insert text at the active cursor, but the permission remains powerful. Users should see a specific explanation, a visible recording state, and a clear path to revoke access in System Settings. Microphone and Accessibility permissions serve different purposes and should be explained separately.

How existing users should migrate

Export important recordings and transcripts, follow the official license-migration instructions, and test a short dictation, one import, and one export before removing the old build. Avoid running two versions that compete for the same shortcut. Never share an Apple ID password or remote-control access with unofficial support contacts.

Update a website-distributed app safely

Accept updates only in-app or from the verified official domain, review version notes, and keep Gatekeeper enabled. Security-conscious organizations can validate the signature before rollout and test on a small device group. Transparent release notes, verifiable signing, and precise permission explanations are more useful than a generic request to “trust the developer.”

Frequently asked questions

Is a DMG app automatically less safe than a Mac App Store app?

No. A website app can still be signed, notarized, and checked by Gatekeeper, but the user must verify the download source and update path.

Why does system-wide dictation need Accessibility access?

It allows the app to insert recognized text at the cursor after the user triggers dictation. Because the permission is powerful, it should be narrowly explained and revocable.

What should I do if macOS cannot verify the developer?

Do not disable security controls. Delete the installer, download it again from the official site, and contact official support if verification still fails.

Sources and further reading

WHISPER NOTES

Keep every word on your device.

Record, transcribe, and organize voice notes without sending your audio to the cloud.

Download Whisper Notes

Related guides

Model benchmark

Parakeet V3 Local Transcription: Speed, 25 Languages, and Whisper

Mac productivity

System-Wide Mac Dictation with Whisper: Private Voice Typing Anywhere

Voice AI

Voxtral Explained: Transcription, Audio Q&A, and GPT-4o Comparisons