It doesn't say that. It says that it can't verify the developer, and can't verify that the software is free of malware. It's just some arbitrary piece of software, could be written by anyone, and/or could be software that purports to be Word or Photoshop or whatever, but has been modified.
Granted, you could quibble with the details (does pointing out that you can't verify that it's free from malware imply that you could verify that it's free from malware if there were a certificate?). But calling the message "intentionally" (!) misleading?
I... don't think misleading means what you think it means. Misleading statements (pretty much by definition) don't imply falsehoods. They "merely" "suggest" falsehoods to those who don't already know better. If they intentionally "implied" falsehoods then they would be called "lies", not "misleading".
One of the possible warnings you can get literally has "[App name] will damage your computer. You should move it to the trash" in the dialog that shows up. There's a bunch of these, all of them pop up for various GateKeeper/Notarization shortcomings, and none of them actually seem to ever really tell you what the problem was.
1) I searched the article for "damage" and "should move" and didn't find it, so either it was in a screen cap (but I didn't find it there, either) or you meant "literally" in the new sense of "not literally".
2) Apple documentation [1] says (my highlight) "The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly."
Is the claim that Apple is not actually scanning notarised software for malicious content?
3) Random unsigned apps presumably have not been scanned, and might contain malware. I still fail to see the problem, or what's misleading (and "intentionally" so!).
I put quotes around it because that is the exact wording it uses: https://www.google.com/search?q=will+damage+your+computer.+y.... You may note that among the apps shown there is LibreOffice and somebody’s issue on GitHub saying they were getting it when creating their Electron app.
> Is the claim that Apple is not actually scanning notarised software for malicious content?
No, the claim is that just because Apple _hasn't_ scanned some particular piece of software for malicious content, that doesn't necessarily mean it _does_ contain such.
> 3) Random unsigned apps presumably have not been scanned, and might contain malware.
Exactly: they _might._ But popping up big hysterical warnings about it strongly implies, particularly to less technically well-versed users, that they_ do._
> what's misleading (and "intentionally" so!).
Strongly implying something that is obviously not true, that's what's misleading. In fact, AFAICT, that is the very definition thereof. And unless they're putting stuff they didn't intend to say into the dialogs they pop up, then yes, it is obviously intentional. Is the claim that their dialog text is un-intentional?
> I still fail to see the problem
Two hoary old quotes (or is the first a proverb? Maybe literally, from Proverbs) come to mind:
1: Nobody is as blind as he who does not want to see.
2: It's hard to make a man see something he doesn't want to see, particularly if his salary depends on him not seeing it.
(Personally, I do data warehousing / ETL programming for a living; currently at the Finnish Social Security Agency.)
It doesn't seem like they verify every app to ensure it is free from malware. Since they respond in the affirmative if they app is signed (by not warning), it seems reasonable for a lay person to believe that an app that doesn't throw this warning is free of malware.
"The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly."
They couldn’t verify it’s free of malware no matter how much scanning they do. That’s not quibbling with details, it is the fundamental claim that Apple is making.
Granted, you could quibble with the details (does pointing out that you can't verify that it's free from malware imply that you could verify that it's free from malware if there were a certificate?). But calling the message "intentionally" (!) misleading?