Publishing Mac App on App Store - macos

We are developing an application for our client and he wanted us to build App so he can publish the app over the Mac App store,
As of now we don't have Mac Developer Id, and we have received App Id from the client,
My question is, is it possible to make build only using App Id ?

I guess with App ID you mean something like "com.company.product".
Getting an Application for OS X to the App store is not an easy task (compared to iPhone/iPad).
To sign the App you need the public/private Key pair and a couple of certificates from your client.
The convenient way to upload the app to apple is done using Xcode.
Does the client use Xcode? If your client uses Xcode, then your client can do all the signing stuff. Then your client needs just the source code.
If your client needs a signed binary, then it's not obvious HOW he gets the app to the Appstore. There is a tool which can be used to upload the binary: "Application Loader.app"
(Here is a similar SO question which describes the toolchain: How to submit an iOS app WITHOUT XCode?)
If you need to deliver your results to your client as a signed bundle then you need all Certificates from the client. Your code must have all entitlements set. Uploading this code without testing your entitlements on your local machine is like driving a car blindfolded.
However: If you need to deliver a signed binary to your client, then you need all certificates.
If you will distribute the code to the client, it's not a problem delivering an unsigned binary to the client. Apps can be executed without code signing. Even without an valid AppID your code may be executed.
If your client has knowledge about Mac development, this should be no problem. If your client't doesn't know anything about Mac development, you should get access to his Mac-Developer account and do it for him.
Conclusion: The AppID is just a string to identify the app. If your client does the code signing stuff and uploading to Apple by himself using Xcode, then you need nothing else.
If you should use iCloud or App-Sandboxing (Entitlements) then you NEED certificates from your client.

Related

Is notarization necessary for Mac App store release?

Is it necessary to notarize app before uploading to Apple App Store? I come across some article says that notarization is needed for non-app store distribution, while apple will run notarization before approving an app store version.
Anyone can confirm?
The reason I ask this question is because I notarized the app for outside Mac App Store distribution and it works fine. For the Mac app store build, I can upload and distribute it and it works fine on Mac, only have issue on Catalina(beta) when user try to open, see attached pic. Wonder if it's related to notarization.
Update: the issue was not due to notarization, but due to code signing. One of the node binary is not signed before uploading to MAS, maybe Catalina has a more strict rule checking it.
No, it's not required. Apps downloaded from the app store are not notarized. You can verify it using spctl command.
spctl -a -v /Applications/Pages.app
/Applications/Pages.app: accepted
source=Mac App Store
Gatekeeper will check notarization only if the app is downloaded from outside the App Store.
From Safely open apps on your Mac
When you install Mac apps, plug-ins, and installer packages from
outside the App Store, macOS checks the Developer ID signature and
notarization status to verify that the software is from an identified
developer and that it has not been altered.
Notarization is only required for distribution outside the Mac App Store. See Distribute outside the Mac App Store (macOS), which says:
In some cases, you may want to distribute an app outside of the Mac App Store [...] Users gain additional assurance if your Developer ID-signed app is also notarized by Apple.
The macOS User Guide has this to say:
App Store: [...] All the developers of apps in the Mac App Store are identified by Apple, and each app is reviewed before it’s accepted
App Store and identified developers: [...] Identified developers are registered with Apple and can optionally upload their apps to Apple for a security check. If problems occur with an app, Apple can revoke its authorization.

What Certificate for signing an Ionic (Cordova) Windows 10 UWP application?

I have an Ionic application, which is currently deployed to the Apple and Android stores. I Now wish to deploy to the Windows store. I have Visual Studio 2015 and have built running the Ionic CLI. I see a lot of created files, including a CordovaApp.Windows10_1.0.0.43_x86.appx
For iOS, the signing is handled via the xcode / developers console, and for Android I created using the keytool which is part of the JDK. Now for Windows..
I have found this on certificates, and this on signing.
I just want to see if I have this understanding correct before I do anything.... so unlike the iOS and Android, where I can just sign, with no extra cost, for the UWP, you actually need to purchase a certificate, just like you do for SSL, to use for the signing of a UWP? Also the app uses SSL (makes https calls to a server via SSL) - not sure if this makes any difference to the certificate required (as when I ran in debug, the https call seemed to be blocked).
Thanks in advance for any information!
I just want to see if I have this understanding correct before I do anything.... so unlike the iOS and Android, where I can just sign, with no extra cost, for the UWP, you actually need to purchase a certificate, just like you do for SSL, to use for the signing of a UWP?
No, you don't need to purchase an certificate to publish your app to store. You only need to create a certificate for package signing, for details, please refer to Create a certificate for package signing. Then you can sign your app using SignTool, please refer to Sign an app package using SignTool.
After that, when you are submitting your app, you will need to have a developer account, which requires some monetary cost,

Is it possible to distribute an OSX app ad-hoc without UUID but with entitlements

I'm having some serious trouble signing an application for ad-hoc distribution. Is it possible to distribute an app with the following requirements?:
Does not require tester to provide UUID up front
Outside app store
Utilizes entitlements such as VPN or Keychain Sharing
I ask because exporting without signing (Organizer (select archive) > Export > Export as Mac Application) fails with "embedded provisioning profile not valid: ..." on some devices. It appears to work on others though.
Thank you!
If you're trying to use the NetworkExtension framework (which I'm assuming because you tagged your question with nevpnmanager,) unfortunately that's only available in App Store apps.
I know this because I asked Apple. I was trying to make a non App Store NEVPN app, but no dice. Quinn from Developer Tech Support told me the NEVPN stuff is only available for App Store apps, and that I should file a bug report (which I think I did.)

Do I need to sign apps for Windows Store?

I have developed a hybrid application for Windows 8.1 that I want to submit to the app store. As the app package requirements, it does not look at like I need to sign my package using any a trusted certificate.
http://msdn.microsoft.com/en-us/library/windows/apps/hh694075.aspx
I am using VS 2013 to create my project and my app package. Is the default certificate enough ?
Can some one who has submitted apps for approval, please speak about their experience regarding the app signing and if/how one can get this certificate.
Answering my own question, I was able to submit the app. I was able to sign the app once I linked my store account.

Distribute App Outside the Mac App Store

I'm a newbie in OSX Development. I built an application in which will be distributed outside the Mac App Store. I have all the other certificates and keys working except for the Developer ID (App and Installer) for production.
I know that this may sound stupid, but for what it's worth, I just wanna make sure.
Will my app still be considered Developer ID - signed if I exported it as a Mac Installer Package instead of selecting Export Developer ID-signed Application, when I install it to its destination devices? Will it be successfully installed or be rejected with GateKeeper-enabled devices?
I have been scratching my head for this since for some weird reason, I cannot add a new Distribution Developer-ID from the Dev Center. I was able to add a Developer ID earlier this week however, I ran into some issues with my private keys. As per suggested by Apple and many other developers, I revoked all the Developer IDs and private keys to start fresh. The problem now is that I can't add any new Developer ID (Distribution). I cannot add in both Dev Center and by requesting through Xcode 5.0.1. I'm stuck.
I have submitted a Bug Report to Apple, but who knows when they'll be able to resolve it.
So now, temporarily, since I don't have any choice (I guess), I'll use the Mac Installer Package, but the question is, will it work?
Any help would be very, very much appreciated.
I've done this recently and have created a third Xcode project configuration to Debug and Release called Archive, which is a copy of Release except the app is signed using the Mac App Distribution / Third Party Mac App Developer and, confusingly there is a third name used for this same certificate.
I then changed the Archive scheme to use the Archive configuration to build.
Before doing this I had errors on some Macs when signing with my Developer ID, in some cases they claimed the app was corrupted, and in other cases I got gatekeeper blocking the app, forcing me to override it in System Preferences > Security & Privacy.
I personally use xcodebuild (from Jenkins) to build the app for distribution to testers, which I package in a .dmg so they only need to drag it to /Applications or ~/Applications and I do all that using a script within the Jenkins configuration. Your experience may differ to mine if you are using the Xcode app instead.

Resources