I have signed my electron application on Windows with an Code Signing Certificate. According to https://www.electron.build/code-signing, the app will show "a warning during installation that goes away once enough users installed your application and you've built up trust".
My question is, what is the number range of users that have to install my application in order for my certificate to be trusted?
This is crucial for us since we are launching a beta this week and would like to avoid showing the message.
Related
Some users of my Qt Application are reporting some issues about antivirus (Windows) and "unknown developer" (OS X).
In some cases, on Windows, the antivirus is blocking the application or showing a message that the application can be dangerous. What can I do to my Qt Application be "trustworthy" to the antivirus?
On OS X, when the user tries to run the application, the system shows a message about "unknown developer". What can I do to not show this message?
Unfortunately, I can not give more details about the problems because I could not replicate the problems on my machine. I am just asking based on the problems reported by the users.
In macOS - you need to sign the app using a developer certificate.
You need a developer account for signing apps.
Users will still see a message after signing the app if it is not distributed via the AppStore, but unlike the 'unknown developer' message that only has a 'close' button, the user will have an option to open the app once it's signed.
I can only assume the same applies to windows (less restrictive if I remember correctly) - you probably need to sign the app using a certificate obtained from Microsoft.
You will not see this message when running on your own machine, unless you're using an archived and exported version of your app.
In order to fully test an app on your own machine - create a non administrative user (useful for testing how the app works for non admin users, regardless of signing issues) on your local machine and test the app using the newly created account.
Do not compile or debug the app using the new account, use that account just for testing.
I know that, you can now run your iOS app on any device with the advent of Xcode 7 and above, without having a Paid Developer Membership account. Unfortunately my free account's certificate got revoked and hence while running any application on my device I get this error -
A valid provisioning profile for this executable was not found.
This is quite obvious as any provisioning profile containing my free certificate will now be invalid.
My question is how do i solve this issue and still run my app on a device without buying a Paid membership?
P.S - As it is a free account, I am not able to see Certificates, Provisioning Profile button on my apple developer homepage. (I guess you already know that)
On OSX Cocoa application development, do I codesign with two certs or one? (Note, I'm not planning on distributing my app in the Apple AppStore, but from a website.) See, Apple says I need an organizational developer ID to sign my OSX app. Okay, fine, but Chrome and IE browsers like those expensive Symantec EV codesigning certs, at least for Windows apps, more so than other less-expensive EV codesigning certs. (Our tests have shown we get approved by Chrome and IE only with the expensive Symantec EV certs, not the cheaper ones, if wanting to distribute our applications from a website.
So, if indeed I need to code sign with two certs, can you explain the command line process for installing these? Also, note that my application is a little odd and I need to know which items I must codesign. See, in my application, I have:
The setup app is a compiled, custom .app with a binary inside that loads the GUI. I assume I have to codesign both?
The application it installs is a GUI-based .app (Cocoa app) that also contains a couple console executables inside the Resources folder. I assume that I have to codesign the .app and the console executables too?
The certs that Symantec is offering for your web site are probably quite helpful if you were distributing a Windows app, but Apple has developed a solution of its own in Gatekeeper which I strongly recommend using.
As long as you code sign the app with Gatekeeper when you build it with Xcode, you can distribute it on the web and just about any Mac will be able to open it without issue, regardless of browser they're using.
I have a Cocoa Mac App that I don't know if it will on the Mac AppStore.
The application is still in development, and I want few persons to be able to launch it on their devices while the app gets new features.
The situation is the following :
I have a Mac Developer Certificate
Devices are registered in the Mac Member Center.
Every time they launch the app, GateKeeper complain the app doesn't come from the Mac AppStore, nor is provided by a identified developer, no matter if I sign the app or not.
So I tried to sign it and a provisioning profile is embedded into the app. If I don't sign it nothing embedded.
I should mention that the app has a Spotlight importer and QuickLook generator bundled into it.
I didn't find any clear explanation on how to resolve this issue in the Apple documentation, and most (if not all) blog posts, or articles on the Internet are about iPhone apps, not Mac ones (the process/requirements seems to be different on the two platforms).
The documentation is unclear on if all testers should be team members (which seems crazy because some of them aren't developers and don't have Xcode installed).
Can someone provide a clear step-by-step explanation on how to do that ?
Or maybe a article/blog post link or tips ?
Edit :
Here are screenshots of the app bundle structure and plug-in structure :
Everything seems to be right.
The way I obtained that is : I didn't set "Code Signing Identity" build setting, but rather archived the app, and exported it specifying code signing identity at that time.
Edit :
More and more curious, when I run codesign command in the terminal, codesign -vvv MyApp.app, the output tends to suggests that all is rightly done :
MyApp.app: valid on disk
MyApp.app: satisfies its Designated Requirement
Interpreting this question as essentially:
"how do I beta test Mac App Store apps" ?
Apple hasn't yet published an official workflow in the App Distribution Guide, but the following process works:
Tester sends "System Information utility > Hardware tab > Hardware UUID" to developer
Developer updates dev provisioning profile to include the hardware UUID
Developer uses Xcode Organizer Archives tab, Distribute > "Save as Mac Application", then select the updated development signing identity.
Developer sends newly built app to the tester
Note: The development identities have yellow caution ! icons during the re-signing process but they can still be used.
Not only does this avoid the GateKeeper prompt, but the development provisioning profile is also needed for any store technologies you might be using to work during testing, e.g. iCloud, GameCenter, etc.
We are developing an application for our client and he wanted us to build App so he can publish the app over the Mac App store,
As of now we don't have Mac Developer Id, and we have received App Id from the client,
My question is, is it possible to make build only using App Id ?
I guess with App ID you mean something like "com.company.product".
Getting an Application for OS X to the App store is not an easy task (compared to iPhone/iPad).
To sign the App you need the public/private Key pair and a couple of certificates from your client.
The convenient way to upload the app to apple is done using Xcode.
Does the client use Xcode? If your client uses Xcode, then your client can do all the signing stuff. Then your client needs just the source code.
If your client needs a signed binary, then it's not obvious HOW he gets the app to the Appstore. There is a tool which can be used to upload the binary: "Application Loader.app"
(Here is a similar SO question which describes the toolchain: How to submit an iOS app WITHOUT XCode?)
If you need to deliver your results to your client as a signed bundle then you need all Certificates from the client. Your code must have all entitlements set. Uploading this code without testing your entitlements on your local machine is like driving a car blindfolded.
However: If you need to deliver a signed binary to your client, then you need all certificates.
If you will distribute the code to the client, it's not a problem delivering an unsigned binary to the client. Apps can be executed without code signing. Even without an valid AppID your code may be executed.
If your client has knowledge about Mac development, this should be no problem. If your client't doesn't know anything about Mac development, you should get access to his Mac-Developer account and do it for him.
Conclusion: The AppID is just a string to identify the app. If your client does the code signing stuff and uploading to Apple by himself using Xcode, then you need nothing else.
If you should use iCloud or App-Sandboxing (Entitlements) then you NEED certificates from your client.