I just finished developing a macOS application. I compressed my application and gave the zip to my friend. Then he said that it is from unknown developer. I don’t want that to show. So I found out that you have to pay 99$ for distrubution. I don’t want to pay any money. I dont know how to do that. Can you please help me with that
I just finished developing a macOS application. I compressed my application and gave the zip to my friend. Then he said that it is from unknown developer.
That's Gatekeeper. The whole point of Gatekeeper is to provide a level of assurance that your app isn't malicious, and that assurance comes from Apple.
So I found out that you have to pay 99$ for distrubution.
You can distribute your app yourself, but in order to avoid the Gatekeeper warning you have to sign the app with a key that matches a certificate issued by Apple, and you have to have the app notarized by Apple. You're not paying for distribution, but you are paying for membership in Apple's developer program, which enables you to create certificates etc.
I don’t want to pay any money. I dont know how to do that.
I don't know how to do it either, and as doing it would pretty much defeat the point of Gatekeeper and undermine Apple's efforts to protect its platform from malware, it's probably not realistically possible.
Related
I am looking for a certifier for my Windows app, and I am wondering which certificate type I should choose for the application of my startup. I saw that there are mainly two types - so-called OV and EV certificates. A quick summary from SSL.com (for code-signing a desktop application)
An EV code signing certificate offers an immediate reputation with Microsoft SmartScreen, so your users will never have to click through a SmartScreen warning in Windows.
With an OV certificate, SmartScreen reputation must be built organically, as users download and install your files. SmartScreen warnings may occur until enough software proves sufficiently popular with Windows users for SmartScreen to view it as “well known.”
I understand the differences, and most articles refer to them in the use-case of Web SSL certificates. But would you recommend an EV certificate for a desktop application from a startup? Or is it not worth the money? Any help is highly appreciated!
The real answer here is that you need to be able to cover the cost of the cert, only you know whether you will make enough money from your app for it. The increase in downloads between the two is unlikely to be very big.
Taking SSL.com as an example, OV certificates are offered for 2 years at $232 but EV is $598. If you think that the fairly small percentage increase in downloads will cover this then go for it. It will look more professional that way. After all, $366 to a popular app is peanuts. But if you think your app will not be popular or won't make money, don't waste your cash.
I have an app on the Mac App Store.
To meet the store requirements I had to remove my own serial code requirement at startup and then use apples purchase mechanism.
This raises some issues.
I have no way of knowing if a user has paid or not.
The /MASReciept/receipt data appears to only guarantee that the original purchase was genuine.
So whats stopping someone simply copying the .app to another mac?
I tried this and it worked.
As I am in a sandbox and can not see the actual mac how can I differentiate between the purchase mac and the mac the app is used on?
I am actually happy for the user to install on many macs that are using the same itunes account or part of family sharing.
You can validate the receipt either locally or through the App Store.
See the Receipt Validation Programming Guide
This is basically just a deterrent like most any other protection; a clever person can generally pirate an app at will, and there's not a whole lot you can honestly do. I would recommend focusing on making your app better — if it's worth buying then usually people are willing to pay for it.
... or am I doing something wrong? (Yep. I was. Feel free to skip to the Update section.) I've read a couple of quickstart posts and was ready to dive into the "amazingly new language", so I visited https://developer.apple.com/swift/resources/ in order to get my hands on some nifty tutorials and what did I get? I downloaded a Lister XCode project, opened it, switched build target to My Mac, started the build and... all I got was a couple of windows telling me to become a developer for 99 bucks.
I'm pretty new to all this locked-in-itself Mac/OS X/whatever ecosystem and, coming here from mostly free and painful Linux, I find these little things really repulsive, so I hope that this problem is really in my head and I can run exemplary code without paying $99.
If this is an off-topic question, please point me in the right direction (except for the case when you think I should crawl into some dark corner and cry about how hard thing in real life are).
Update. This issue seems to have a happy ending. As some of you mentioned in the comment section and in your answers, I should've disable the code signing feature for the project in order to build and run it. The confusion was all mine when I did disable the signing procedure for the sub-projects that interested me (ListerOSX and its dependencies), but as it turned out, in order to successfully compile and launch the project, one also should disable signing for all the sub-projects (targets, whatever). E.g. if you are launching ListerOSX, make sure you've disabled signing for Lister Watch app etc.
Seeing as this was at least a bit subtle for me, of whom you might say 'Mac development newbie', I'd still ask you not to close the question but rather leave it open: should anyone else stumble into the same problem, my story might actually help.
Recent versions of Mac OS X will not allow software to run unless it is signed by a developer, or the user is technically savvy enough to bypass gatekeeper (which is not very hard. Just right click on the app and select "open", and then the unsigned software will run).
This is an attempt by Apple to block malware distribution. If malware is not signed, then users who are likely to fall for malware will not know how to make it run. If malware is signed, then Apple can can pass the signature (and associated contact details) to the FBI who will try to organise a lengthy jail term.
What this means for you, as a developer, is you need to either get a certificate or accept that your software will only run with gatekeeper turned off.
The normal mac developer program is $99/year and includes a whole bunch of stuff that makes it well worth the price. However there is a free "Developer ID" membership level that only gives you the ability to sign your apps.
So, you've got three options:
sign up for a free developer account and sign with that
sign up for a paid account
don't sign your code and accept that it will not pass gatekeeper. just disable code signing in your "release" builds. It's already disabled by default in "debug" builds.
Disable code signing via on all targets in the project settings. Code signing with an official Apple certificate requires a paid account. You can still sign your code to identify yourself as the author, but it will not pass Gatekeeper automatically and you will not be able to sign directly from Xcode.
Due to mysteries preventing me from using a certificate issued by thawte from code signing a DMG file, and the need for some expediency, I'm going to try to convince my boss to get us a development license with apple. If nothing else, there is at least product support...? Anyways:
I gather that the developer's license is $100/year. Beyond that, what does it cost to have them issue a certificate for code signing?
Your $100.00 developer account will let you create as many certificates as you need for one or multiple apps. For IOS you typically create provisioning licenses for development, so that your test users can try your app before apple approves it. This isn't needed on the Mac however. You should be able to just build your app and deploy it however you like without Apple being involved.
You don't say in your post, but I'm assuming that you are planning to sell the application through the Mac App Store? If you are planning to use the App Store, or Mac App Store, when you are ready to publish your app, you create another signing certificate, used only when you submit for review. If you are self publishing, be aware that the certificates Apple issues typically have short expiration dates, and you may have to re-sign your distribution bundle in a few months.
I hope this was helpful.
I had a hard time finding anything concrete on Apple websites, but looking bellow on the sites I found, it sure seems you have to pay Apple to get your app signed, even if it won't go in the Mac App Store. I didn't thought you need to pay for that. It sucks for open source apps. :/
http://www.realsoftwareblog.com/2012/08/code-signing-real-studio-apps-on.html
Unfortunately, to sign your apps you need a developer certificate from
Apple. And the only way to get a Developer Certificate is to sign up
for the Mac Developer Program, which costs $100 a year. However, the
certificate you get is good for 5 years, so it looks like you do not
need to pay the $100 fee each year unless you also want to distribute
apps in the Mac App Store.
http://successfulsoftware.net/2012/08/30/how-to-sign-your-mac-os-x-app-for-gatekeeper/
Sign up for Apple Developer Connection ($99 per year). Doesn’t matter if you already paid through the nose for a Windows authenticode
certificate. Gatekeeper only accepts Apple certificates, so you have
no choice. On the plus side, you do get other benefits, including
downloading new OS upgrades for free.
http://www.cocoabuilder.com/archive/cocoa/315419-how-to-get-mac-codesign-certificate.html
You need to buy it from a certificate authority, like Thawte or
Verisign (or one of the myriad resellers) and they will all be happy
to sell you one at prices that range from around $80 to around
$500/yr. Alternatively, you can get a certificate from Apple as part
of the OS X Developer Program, which will cost you the extra $100/yr
but also includes beta access to OS X system software.
...
Prior to Mountain Lion, the only advantage of buying a cert from a
known authority is for the firewall system preference "Automatically
allow signed software to receive incoming connections" (which by the
way is a really stupid preference, IMO). The disadvantage of such
certs is that they usually expire relatively quickly, in one or two
years.
Mountain Lion changes the game a bit. It eliminates a lot of the
advantage of 3rd party cert authorities, because only Apple's cert
will allow your app to run, so if you're not going to get a cert from
Apple (I don't think I can discuss the terms here), you might as well
self-sign.
Actually the cheapest for 1 year is $200 but it get it also at $500 from Symantec :)
https://www.sslshopper.com/apple-code-signing-certificates.html
We are working on a stylish screensaver that we would like to publish on the upcoming mac app store. Do you think it will be possible to release a screensaver? We reviewed the draft guidelines but still not sure about it.
Thanks, Renaud
I actually tried writing Apple and ask about this. Since the screensaver has to install files (or rather a file - itself) to a system location, and since it is not really an app you want to open at will, I figured there was a good chance that it's outside the scope of the app store. The reply from apple was just a generic reference to http://developer.apple.com/support/mac/ and http://developer.apple.com/programs/register/. I wrote them back and said that I didn't want to fork out the $100 for the developer program unless I knew the guidelines for screen savers. Their reply was: "Please know that developers should be testing and developing their apps in line with the Mac Developer Program License Agreement and the App Store Review Guidelines.
Should you have any questions or concerns, we request that you review the Mac Developer Program License Agreement details with your own legal counsel. If you choose to enroll in the Mac Developer Program, you will have the ability to review the Mac Developer Program License Agreement before purchasing the program."
Thanks a lot Apple, I'll review your reply with my legal counsel.
ps. I know this doesn't really answer your question, but at least it tells you not to waste time trying to ask Apple about it. If you do find an answer, I'd be very interested to know about it.
No you can't. It requires the app to create files outside its area. There are plenty of restrictions in the App development guidelines which prohibit that.
I think you need authorisation for that which is also a recipe for rejection.
From June all apps has to be sandboxed which makes it even more impossible.