My app requires to access the calendar. Up to Catalina that worked with the sandbox with no big issues. Now under Catalina the app does not show in the security settings:
I have set the Hardened Runtime with calendar access (also tried Sandbox with no different effects):
Since I believe this is related to that signing stuff, here's my setting:
Strangely enough I have another app which had been developed in parallel also using the calendar. And that app is listed in the security setting.
So likely I'm missing something. But what?
Try: reboot the Mac, try your app again. Sometimes, weird problems resolve by themselves after a reboot.
Edited: This is not meant to be a bad joke, or to insult the skill and capability of the person asking the question, but when I read:
Strangely enough I have another app which had been developed in parallel also using the calendar. And that app is listed in the security setting.
I assume the other app has a very similar or identical set-up and signing config, etc., otherwise the person asking the question would have tried changing something to make them similar or identical.
So it sounds like the kind of situation that doesn't make sense. I have a few (painful) memories when I rebooted my Mac and situations like that went away. I suspect that memory corruption, bugs in the OS, etc., can cause small failures as time goes on, and a fresh start can sometimes help.
Related
The security preferences on my MacBook Pro allow installation of only apps from the App Store and identified developers. This policiy has been set by my employer, which I cannot change. As a consequence, I cannot run Isabelle2017. I'm running MacOS High Sierra vs. 10.13.5. I downloaded Isabelle yesterday from isabelle.in.tum.de.
Are there any plans of fixing this in the near future?
Does anyone have a workaround?
Thanks!
This is security measure by Apple to prevent the malware being spread.
However, if you are sure about the app you are using, then there is already a solution for this.
When you try to run the app, it will tell you the error which you've mentioned here.
Close the error, open System Preferences, click on Security & Privacy.
Now, you can observe that there is a text saying <your_app_name> was blocked because it was from an unidentified developer. followed by a open anyway button.
Click it and it should launch your app. Be sure to use this feature only when you know what you are opening. else you may become the victim of malware or ransomware.
Thanks Vignesh, for a very good answer. However, for me your answer did not work. And for a very simple reason: The corporate policy of my employer has blocked this possibility.
Too bad for me, all sites offering answers to this problem seem to ignore that there may be corporate policies that block this remedy. So I have spent hours to figure out why all these answers didn't work. Until I accidentally ran into our corporate policy maker, who offered this explanation...
We're trying to sandbox our app to submit it to the Mac App Store (for the first time). It makes hard use of the lower level Carbon APIs and cannot operate the other way.
When I enabled the sandboxing, some features stopped working and I see this message in the log:
9/14/12 10:51:58.863 PM sandboxd[41243]: ([41237]) MouseRecorder(41237) deny hid-control
Is there any hidden entitlement I could use or we have no chance in the App Store with this app?
Even though I'm several years too late, I assume I can help others looking for the same. It's taken me days wondering why I couldn't connect to the keyboard. Today, the thought of the sandbox hit me, and I finally allowed my app access.
As described here, I added the following to the .entitlements file, and got access.
<key>com.apple.security.device.usb</key>
<true/>
To be specific, and not mislead:
I do not use Carbon; I use IOKit.hid, with Swift.
EDIT: See the new accepted answer
Just to answer my own question – it's not possible, there is no workaround and it's unlikely it will be possible in the future.
How can i access another app if my app is in this strange Sandboxing thing which is required to release a app in the MAC App Store?
I'm reading with this Method an UIElement:
AXUIElementCopyElementAtPosition(xxx)
This works fine so far. But if i enable App Sandboxing, i no longer get reference to the MenuItem!!!
Thanks for help.
Such Apis are not supported from within the sandbox. All you can do is file a radar and sell your app outside of the store
Filed a bug... radar: 12174743 Keep filing Bugs maybe someday they'll relent.
Flawed / illegal sandbox leads to failure of all Accesability API's,
aka AXUIElementRef's.
Have you guys gone crazy over there??? Ever heard of the ADA act?
Get ready to get sued..
The sandbox is such a SAD result of your success. It really pisses
me off, actually. It goes against every reason I have ever stood
behind this platform... through thick and thin.
For those distributing Mac apps outside the Mac App Store, how are you planning to support updating and sandboxing? I'm guessing most people's answers for the time being is that they're not, but I hope that eventually non-MAS apps could be sandboxed just like MAS apps.
To use Sparkle, your app would need network access, which could be granted, as well as the ability to overwrite itself in Applications. Currently you could do this with the com.apple.security.temporary-exception.files.absolute-path.read-write entitlement, but that's not a good solution. It will likely go away, and even if it doesn't there's little point in sandboxing an app if you're going to give it full filesystem read-write access as well as network access.
Has anyone already gone down this path and found a good solution? I ask because I try to keep my MAS build and my non-MAS build as identical as possible, and I'm currently looking at having my MAS build sandboxed and my non-MAS build not.
In a conversation started by #chockenberry on twitter, #andy_matuschak responded favorably to creating an XPC service for Sparkle.
I have a pull request open on GitHub that actually creates the XPC service. Hopefully, this will get incorporated into Sparkle soon.
We actually have two versions of our app: one for our own web site and one for the app store.
I recommend using Sam Deane's approach which you can find in his GitHub repository. It works well for us.
Not yet.
As of 1.15 Sparkle does not support sandboxing, and the patch that is floating around has a vulnerability that allows complete bypass of sandbox security.
the license agreement for the Mac Developer Program explicitly states that I am not to implement my own copy protection process in my Mac app.
Yet, in the developer documentation, Apple also says this:
You can add receipt validation code to
your application to prevent
unauthorized copies of your
application from running.
I am confused here. Does the Mac App Store provide any form of built-in copy protection for Mac apps? The above statement from Apple would seem to indicate that it does not.
The statement suggests that if I do not implement these receipt checks, then unauthorised copies of my Mac App CAN run on other Macs.
I'm not allowed to implement (or rather, keep an existing) copy protection, but I am expected to verify receipts manually, using various fragments of code and pseudo-code provided by Apple, simply to provide the most basic level of protection. Is this interpretation correct?
Is this a miscommunication from Apple, or is this really how things are done?
Ref: http://developer.apple.com/devcenter/mac/documents/validating.html
Thanks.
(Please note that I'm not after a debate on the philosophy of copy-protection or the merits of Apple's approach. Rather, I'm just interested in the technical requirements for getting a Mac app on to the App Store.)
Yes, you are correct. It's their way or the highway.