As many sources state on the internet, you need to have your app Sandboxed to be able to deploy it in the App Store.
Furthermore, it is impossible to use the accessibility api (AXUIElement.h) when sandboxed,according to this.
However, some apps still seem to use this api. One of these apps is Cinch. In the installation procedure of Cinch you need to give Cinch rights to use the accessibility API, so clearly they are using this API.
After checking out the binary from the app store with the following command:
codesign --display --entitlements - /Applications/Cinch.app
It seems the app is not sandboxed:
Executable=/Applications/Cinch.app/Contents/MacOS/Cinch
(only line in output).
So my question is, how is it possible to circumvent this requirement. Do you need to negotiate with Apple to achieve this? Are there special rules? Do you need to bribe a staff member? Or is my terminal command wrong?
Irradiated submitted Cinch to the App Store in 2011 before sandboxing was needed and didn't do any substantial updates since then. As soon as they add new functionality or features, they'll need to sandbox the app.
Apple wrote to the developers in February 2012:
Starting June 1 2012, if you have an existing app on the Mac App Store that is not sandboxed, you may still submit bug fix updates without sandboxing your app. In addition, if you have technical issues that prevent you from sandboxing your app by June 1, let us know.
and in May 2012:
If you have an existing app on the Mac App Store that is not sandboxed, you may still submit bug fix updates after June 1.
It is quite surprising for an app from the App Store to not be sandboxed.
If you do not develop a competing app maybe you could contact them directly. Maybe they will tell you how they've done it. You might also get your answer in a shorter amount of time as (at least in my view) not many developers would have done this.
http://www.irradiatedsoftware.com/about/
Related
I've experienced a few apps that have had some time on the Mac App Store, but were later removed either by Apple or the developer for whatever reason. The developer then followed up with an offer where you could register the app by downloading one from their site onto your system with the App Store version already installed, which would unlock the full features of the new download.
How does one go about verifying an authentic purchase like that? Ideally I'd prefer examples in Swift if you would be so kind, but ObjC is manageable as well.
Here are official docs about receipt validation:
https://developer.apple.com/library/archive/releasenotes/General/ValidateAppStoreReceipt/Introduction.html
There’s also WWDC 2013 video 308 called “Using Receipts to Protect Your Digital Sales”.
It’s recommended to implement your own validation code, but it’s overwhelming and error prone if you’re new to this. There are projects on GitHub that can get you started.
This might seem a silly question, but I come from iOS development which is a bit more restricted as we (all) know.
My question is partially answered here:
Is the mac app store required?
But I still have a doubt. Basically what I want is to develop a simple app with some 3rd party frameworks in and then give it to a friend for normal usage.
Are there any restrictions in any regard? I have a free iOS and Mac developer account.
Yes, you can do that. You do not need a Mac developer account at all. I would still suggest that you code-sign the app bundle though.
The only caveat is the user would needs to change a setting on their Mac to allow it through Gatekeeper.
TestFlight is a welcome change for iOS. It makes distributing beta versions painless for both the developer and the testers.
Does Apple support TestFlight for Mac OS as well? I've done quite a bit of searching and haven't found anything conclusive one way or the other.
We have an OS X app store app that turns out to have an install problem with Yosemite. We failed to do a first install test against Yosemite, so we missed the problem.
I developed a fix and would love to have some new users try it out. It's petty complex, difficult and disruptive to have current users delete the entire "container" directory and kill the preferences process in order to simulate a fresh install.
I also don't like the idea of distributing an unlocked version of our app. If that gets out, it could damage sales of the app store app.
I've done things like added an expiration date to a test app (weak protection) or created developer ID builds that will only run on machines from a specific list of MAC addresses. The last approach works, but it's tedious and painful to maintain, and requires that the tester give up uniquely identifiable information about their machines.
I'd really like the ability to create apps that will only run on beta tester's machines, like TestFlight does for iOS.
This is a developer question more than a code question. It isn't a great fit for SO, but I can't think of a better Stack Exchange site to post it. If anybody has a suggestion of a better site to post the question I'm happy to move it there.
This document at Apple Developer explains it.
It says you should register the testers' devices and generate a provisioning profile that includes them. Which means, theoretically, the app won't run on any device not in the list.
Here is the strange thing about it however: I have two Mac computers and I didn't register either of them with my provisioning profile (in fact the list of registered devices is empty right now), but I can run the exported app image on both easily. The app is sandboxed and signed, ready for App Store distribution, but nevertheless it runs on unregistered computers. It might be that with an empty device list it allows to run on any, or it might be that I'm doing something wrong with code signing.
I will update the answer once I figure this out.
Good news for everyone (including me) waiting for TestFlight for Mac - it just got announced on WWDC21.
Unfortunately, it might take another few months until it is out of beta and publicly available for everyone. But since this question is almost more than 6 years old, its just a fraction!
I"ll update the answer if there are more details available
Update
TestFlight on Mac will be available to download on the Mac App Store. It will be similar to the iOS version of TestFlight offering almost the same functionality to both developers and testers.
It supports both native Mac apps and iOS apps on Apple Silicon!
It is now available.
TestFlight is not available for Mac apps.
source: https://testflight.apple.com/
😕
If I make an application for Mac OS X am I required to put it on the Mac app store or can I distribute it, on my website, for free?
And what about Windows?
Thanks
No there is no such requirement you are free to distribute your program however you want.
You may wish to use the App store as a method of distribution, but to do that you have to conform to various apple requirements.
I'm not sure what the equivalent would be for Windows, but again, there is no such requirement. Think of the millions of independent apps that have no affiliation to any centralized store, I would say the majority still fall in this category.
2018 Update - With increasing security concerns, and a desire to replicate the success of the iOS App Store, Apple have been making it harder and harder to run apps from outside the store. You can get digital certificates, and become a trusted developer, but it’s clear the future is the AppStore or broke if you want users to be able to easily run your app. Note that it remains, and likely always will, very possible to install and run any unauthorised app with a simple trip to settings, it’s just that’s clearly a big deterrent for many users, as it should be.
You dont have to distribute it over the Mac App Store right now but that might change with the next OS X, make sure to check this out: https://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html
you can distribute it however you'd like. It does not need to be in the Mac App store. Same thing for Windows.
For those distributing Mac apps outside the Mac App Store, how are you planning to support updating and sandboxing? I'm guessing most people's answers for the time being is that they're not, but I hope that eventually non-MAS apps could be sandboxed just like MAS apps.
To use Sparkle, your app would need network access, which could be granted, as well as the ability to overwrite itself in Applications. Currently you could do this with the com.apple.security.temporary-exception.files.absolute-path.read-write entitlement, but that's not a good solution. It will likely go away, and even if it doesn't there's little point in sandboxing an app if you're going to give it full filesystem read-write access as well as network access.
Has anyone already gone down this path and found a good solution? I ask because I try to keep my MAS build and my non-MAS build as identical as possible, and I'm currently looking at having my MAS build sandboxed and my non-MAS build not.
In a conversation started by #chockenberry on twitter, #andy_matuschak responded favorably to creating an XPC service for Sparkle.
I have a pull request open on GitHub that actually creates the XPC service. Hopefully, this will get incorporated into Sparkle soon.
We actually have two versions of our app: one for our own web site and one for the app store.
I recommend using Sam Deane's approach which you can find in his GitHub repository. It works well for us.
Not yet.
As of 1.15 Sparkle does not support sandboxing, and the patch that is floating around has a vulnerability that allows complete bypass of sandbox security.