Did anybody encounter the problem of MacOS (Monterey) repeatedly asking for authorisation to allow an AppleScript.app to access contacts. The code indeed does use contact application, but on non M1 Mac it asks once, get inserted in the list of apps allowed to access contacts and it does not ask any more. On M1 Mac, it is also listed as with granted access but it keeps asking nevertheless on each run of the script.
The script is also listed in the security - automation section.
Any idea?
I created a web app that allows users to enter an IP address to a printer, select the model and it creates a shell script that will download the print drivers, extract the print drivers, install the print drivers and create a print queue with 1 click.
The script works great except that users get a message that the script was created by an unidentified developer. I know you can go to the security settings to open away but some users don't know how to do that.
How do i identify my app or make it so that its not considered an unidentified developer?
You can't. At least, not without significant changes to your workflow.
Normally, this warning can be bypassed by signing your application with an Apple Developer ID certificate. (Note that this requires a paid Apple Developer Program membership.)
However, this signature can only be applied to an .app bundle. It cannot be applied to a standalone shell script. And even if you bundled your script in an application, you'd have to sign every one of those applications separately.
The short version: is it possible to delete helper tools which were set up by the app (SMJobBless() etc.) when the app is deleted? If so, how?
The long version:
The Mac app we are developing unfortunately requires admin privileges to perform an occasional operation, and it also requires a background task to be live for other apps' plugins to connect to even when the app itself isn't running (this one can be unprivileged). The app will be signed with a Developer ID certificate, and distributed only outside the App Store.
We'd like the app to be a "good citizen" as far as possible, also on uninstall.
For the background task, we're using a login item, created using SMLoginItemSetEnabled(). This isn't amazing, because XPC messaging doesn't seem to work (we're using CFMessagePort instead - alternative suggestions welcome), but if the user deletes the app, the login item at least doesn't get loaded anymore on next login. I suspect there's still a trace of it somewhere in the system, but the executable inside the .app bundle is used, and when that disappears, the login item no longer runs.
For the occasional operation requiring admin rights, we've got a privileged helper tool which our app installs using SMJobBless(), and which implements a named XPC service, so the task spins up on demand when it receives a message from the main app. This is what Apple recommends and describes in its Even Better Authorization Sample.
The helper executable is copied to /Library/PrivilegedHelperTools/ by SMJobBless(), and the embedded launchd.plist ends up in /Library/LaunchDaemons/. Even though the OS has the information on which app "owns" the helper, it doesn't seem to uninstall it when the user deletes the app. Apple's sample is silent on uninstalling, other than the uninstall.sh script which is apparently intended to be used during development only. We don't need this helper while the app isn't running, so installing it as a full-blown launch daemon is slightly overkill, but we'd also like to avoid repeatedly annoying the user with the password prompt too. Besides, Apple advises against other forms of running code with admin privileges than SMJobBless() these days - for example SMJobSubmit() is marked deprecated.
So how do we clean up after ourselves?
I've found SMJobRemove(), but (a) when would we call that in our case - you can't run code on .app bundle deletion, or can you? and (b) it doesn't actually seem to clean up.
The only 2 things I can think of are not terribly satisfying:
Some kind of uninstaller app or script. But that seems pretty ugly too.
Don't worry about it and just leave a mess behind when the user deletes our app.
Update:
There have been some changes in this area with macOS 13.0 Ventura; there's an introduction to the new mechanism in the WWDC22 session 'What’s new in privacy'. The new SMAppService APIs support automatic cleanup for daemons, agents and login items. Unfortunately you'll of course still have to find a workaround for any older macOS versions you support.
Original answer:
There has been a similar question on the Apple Developer Forums at https://forums.developer.apple.com/thread/66821 - the recommendation by Apple is a manual uninstall mechanism, and consuming as few resources as possible if the user does not do this.
Apple DTS staff further recommended implementing a self-uninstall mechanism in the privileged launch daemon, to be triggered from the app via XPC. This is what we're going with.
I think the only solution you have right now is to use the uninstall shell code that you mentioned in order to physically remove the privileged helper from disk or to build an uninstaller for it. Either way you will have to ask the user to enter his/her password. This what all installers / uninstallers that require privileged access to the system do, and for a very good reason. That's why I avoid like the plague to use privileged helpers, but I understand that sometimes you really have to. I don't think it is good that you leave such a helper in the user's system, because it will reload next time the user starts up the computer.
I just checked ServiceManagement.h header and they state that SMJobRemove will be replaced by an API that will be made available through libxpc in the future. (Sometimes you really need to go to the headers to get extra info that the documentation does not give you.) Hopefully this promised replacement will uninstall it for us. However, I'd file a bug report and ask for that enhancement.
One solution you could consider is to include an uninstaller script or program in your .app bundle.
You can then pass the path of this small tool to your helper tool (via IPC) and have the execute the the uninstaller, thereby deleting itself. You will have to be careful that components are removed in the right order but it can be made to work.
You're correct that Apple does not provide an API to uninstall a helper tool installed with SMJobBless nor do they do so automatically. As for why macOS doesn't automatically do an uninstall, my educated guess is because macOS fundamentally doesn't have a unified concept of "install". While it's convention for apps to be located in /Applications (and a few other locations), it's perfectly valid for apps to be located and run from anywhere on the system including external drives and network drives. For example should macOS uninstall helper tools when apps disappear because the drive they're on is disconnected?
In terms of how to uninstall, doing so requires root permission and so realistically have the helper tool itself do the uninstall is the easiest option. You can have your app via XPC tell the helper to uninstall itself. Here's an example in Swift of how to do this; it's part of SwiftAuthorizationSample. The basic idea is:
Use the launchctl command line tool to unload the helper tool
Delete the helper tool executable
Delete the helper tool launchd plist
But there's a bit of additional complexity involved because launchctl won't let you unload a running process.
I administer a couple of Mac labs at our school. (OSX Yosemite)
The students use these computers by logging into a local shared account that is limited by Parental Controls.
For the most part this works fine, but our IST students are now creating new applications using things like Game Maker by Yoyo etc. When a student app is created, it cannot be run unless it is allowed via Parental Controls. Even if Allow Always is set on a debug version of the app, it will not run the second time as the signature of the file changes each time it is run.
Are there any workarounds that anybody has used to allow these sorts of app builders run under Parental Controls?
Hi Im using Mac 10.5.8 . In my app im using my own keychain(created by me), but my actual question is when I modify my code in the app every time a prompt is appearing, saying that the present app is modified do you want to allow or not.Can any one tell how to supress this prompt(allow by default when ever I change the app).I couldn't find the solution in the documentation.
The Keychain has a list of trusted applications, and this list includes a hash digest for the application. When the application changes, it becomes untrusted again. This also happens with "big" applications like Camino.
There are two special measures to reduce this: When a shared library gets updated, the system will keep track of this and accept the application even after the update. Also, when Software Update updates an app, it will fix the digests as well (which is why Apple's own apps can get away without re-confirmation).
Update: If you sign your code, Keychain will also accept updated applications (signed with the same certificate).