Bypass Gatekeeper in Mac OS X Apps without a Mac Developer Membership - macos

Scenario
I want to release an app for Mac OS X, but not on the AppStore. The app runs on 10.6 - 10.8 and up.
Problem
Apple requires all apps for Mac OS X 10.8+ to be signed by the developer to get past Gatekeeper. And unless I tell each user to temporarily disable and re-enable gatekeeper just for my app, according to this document and the Mountain Lion change log... my app won't be allowed to run.
From the wording on Apple's website, it sounds like I'll have to pay the $99.00 a year for the certificate. However, I do not want to pay the $99 - I'm not publishing to the AppStore!
Question
Is there any way I can get around paying the $99 for distribution on 10.8+? I know my app will work on 10.6 and 10.7, but according to Apple it won't be allowed to run on 10.8 without the certificate. Is that true? How can I distribute on 10.8+ (preferably a DMG) without a $99 distribution certificate? Thanks in advance!
Edit #1
DMG files are not authenticated by Gatekepper, only the app itself is.
OS X Lion 10.7.5+ also has Gatekeeper * angry face *

Apple currently provides no way to get around Gatekeeper without paying the $99 / year membership fee. To me, this seems unfair because it squishes out the smaller developers (but that's a discussion for elsewhere).
For a rather cumbersome workaround, one can include a ReadMe or note on the download page for their software to explain to users that they need to right click your app and then click 'Open' and then click confirm to run it. I have also found through experimenting that Gatekeeper does not run security checks on DMG files or the installation of files, only the execution / running of Apps. So one could include some kind of note in their DMG installer that told the user exactly how to install and run the app.
Hopefully Apple will provide a workaround for developers (possibly a cheaper solution for a limited membership) that distribute freeware and open source software.

You don't need to purchase membership. Just get a code signing certificate from any agency and sign your app with it. Then it will bypass the Gatekeeper check. Gatekeeper only checks whether the app is from identified developer or not.

Related

Export XCode App for One Person

Alright so I've built my first desktop app in xcode. The app is intended for use by one person only. I want to export it in the quickest, easiest way possible so they can use it on their laptop.
I've got Mac OS 10.10.3 and XCode 6.4. The target laptop has Mac OS 10.10.5. I am reluctant to update my system and the one on the laptop but will do if I have no other choice.
Getting it to work on my own computer would be a great start. Currently if I do Product > Archive. And then Export "As Mac Application" (unsigned). It creates the app but when I try and open it, it say "App couldn't open because of a problem". Is there a way I can debug this? Or an obvious thing I may have missed?
Ideally I want the app to work on my computer and to be able to transfer it to the target laptop and have it work on there too. I'll pay for the developer licence if I have no other choice but for a single-target application I feel like it's a waste of money.
You don't say it explicitly in your question but do you not have an apple developer certificate? If not, then you will not likely be able to sign the app appropriately to export it for use. If I'm not mistaken, when I export my apps (even for local testing on other machines in my house) the app gets signed with my developer certificate, enabling OSX to see that the app has been signed by a registered developer.
I believe you will be able to run the app in Xcode (without a developer certificate), but in order to export it you need a signature (development certificate) which is provided as part of the Apple Developer subscription.
An easy thing you could try to do, assuming your app builds:
Run your app
Right click the app icon in the dock
Click Options -> Show in Finder
Boom there's your app bundle. Send that over to your recipient
It seems fairly obvious in hindsight but I ended up installing XCode on the target computer (using the Apple Developer site to get the same version as I was running on the dev computer. I was then able to just copy the project across and run it. This wasn't ideal but it did the job.

Distribute App Outside the Mac App Store

I'm a newbie in OSX Development. I built an application in which will be distributed outside the Mac App Store. I have all the other certificates and keys working except for the Developer ID (App and Installer) for production.
I know that this may sound stupid, but for what it's worth, I just wanna make sure.
Will my app still be considered Developer ID - signed if I exported it as a Mac Installer Package instead of selecting Export Developer ID-signed Application, when I install it to its destination devices? Will it be successfully installed or be rejected with GateKeeper-enabled devices?
I have been scratching my head for this since for some weird reason, I cannot add a new Distribution Developer-ID from the Dev Center. I was able to add a Developer ID earlier this week however, I ran into some issues with my private keys. As per suggested by Apple and many other developers, I revoked all the Developer IDs and private keys to start fresh. The problem now is that I can't add any new Developer ID (Distribution). I cannot add in both Dev Center and by requesting through Xcode 5.0.1. I'm stuck.
I have submitted a Bug Report to Apple, but who knows when they'll be able to resolve it.
So now, temporarily, since I don't have any choice (I guess), I'll use the Mac Installer Package, but the question is, will it work?
Any help would be very, very much appreciated.
I've done this recently and have created a third Xcode project configuration to Debug and Release called Archive, which is a copy of Release except the app is signed using the Mac App Distribution / Third Party Mac App Developer and, confusingly there is a third name used for this same certificate.
I then changed the Archive scheme to use the Archive configuration to build.
Before doing this I had errors on some Macs when signing with my Developer ID, in some cases they claimed the app was corrupted, and in other cases I got gatekeeper blocking the app, forcing me to override it in System Preferences > Security & Privacy.
I personally use xcodebuild (from Jenkins) to build the app for distribution to testers, which I package in a .dmg so they only need to drag it to /Applications or ~/Applications and I do all that using a script within the Jenkins configuration. Your experience may differ to mine if you are using the Xcode app instead.

Testing a Mac App on Registered Devices

I have a Cocoa Mac App that I don't know if it will on the Mac AppStore.
The application is still in development, and I want few persons to be able to launch it on their devices while the app gets new features.
The situation is the following :
I have a Mac Developer Certificate
Devices are registered in the Mac Member Center.
Every time they launch the app, GateKeeper complain the app doesn't come from the Mac AppStore, nor is provided by a identified developer, no matter if I sign the app or not.
So I tried to sign it and a provisioning profile is embedded into the app. If I don't sign it nothing embedded.
I should mention that the app has a Spotlight importer and QuickLook generator bundled into it.
I didn't find any clear explanation on how to resolve this issue in the Apple documentation, and most (if not all) blog posts, or articles on the Internet are about iPhone apps, not Mac ones (the process/requirements seems to be different on the two platforms).
The documentation is unclear on if all testers should be team members (which seems crazy because some of them aren't developers and don't have Xcode installed).
Can someone provide a clear step-by-step explanation on how to do that ?
Or maybe a article/blog post link or tips ?
Edit :
Here are screenshots of the app bundle structure and plug-in structure :
Everything seems to be right.
The way I obtained that is : I didn't set "Code Signing Identity" build setting, but rather archived the app, and exported it specifying code signing identity at that time.
Edit :
More and more curious, when I run codesign command in the terminal, codesign -vvv MyApp.app, the output tends to suggests that all is rightly done :
MyApp.app: valid on disk
MyApp.app: satisfies its Designated Requirement
Interpreting this question as essentially:
"how do I beta test Mac App Store apps" ?
Apple hasn't yet published an official workflow in the App Distribution Guide, but the following process works:
Tester sends "System Information utility > Hardware tab > Hardware UUID" to developer
Developer updates dev provisioning profile to include the hardware UUID
Developer uses Xcode Organizer Archives tab, Distribute > "Save as Mac Application", then select the updated development signing identity.
Developer sends newly built app to the tester
Note: The development identities have yellow caution ! icons during the re-signing process but they can still be used.
Not only does this avoid the GateKeeper prompt, but the development provisioning profile is also needed for any store technologies you might be using to work during testing, e.g. iCloud, GameCenter, etc.

Unlocking Developer ID version of app if Mac App Store version is present on system

I'm currently working on sandboxing some of my applications and it looks like I'll have to get rid of a few features just to satisfy the Mac App Store sandboxing (and other) rules.
Obviously users won't be happy about losing features and I fear they won't blame Apple for making stupid rules and we developers will have to bear the brunt of the anger.
In this vein, I'm thinking about building a system that means that if a user buys the Mac App Store version, s/he'll get the "normal" distribution version for free.
Since I have no idea what the email of the people buying my apps on the Mac App Store is and I don't want to have to handle such cases "by hand", I'd like to find a way of doing so automatically.
I've been thinking about just looking on the hard disk, finding an installed version of the program from the Mac App Store and then unlock the "distribution" version as well.
I'm just not certain whether this doesn't break Mac App Store rules..
is looking for the MAS receipt okay in terms of the MAS rules?
can I verify the MAS receipt using the same mechanism as is embedded in the MAS version of my program?
Is anybody else thinking along these lines?
Best regards,
Frank
I do something like this to enable Mac App Store customers to easily beta test new versions of my app downloaded from my website while still enforcing licensing. Upon startup of the MAS version of my app, I copy its receipt into /Library/Application Support/MyAppName/. Beta versions of the non-MAS version of my app include the same receipt validation code as the MAS version. They look for a receipt in the App Support folder, and validate it, running in licensed-mode if the receipt is valid.
I've been doing this since shortly after the launch of the Mac App Store, as have other developers with no problem. What you describe should be just fine.

Must I used my developer account when downloading Xcode from the App Store?

Regular distributions of Xcode are now available exclusively from the OS X App Store, but (like many, I expect) my App Store account and developer accounts use different Apple IDs. All my previous installations of Xcode have used my developer account, and I also wonder if there are critical parts of the Xcode configuration (e.g. provisioning profiles, etc.) that rely on Xcode having been installed using the developer Apple ID.
Are there any undesirable consequences to simply installing Xcode from the App Store using my personal account? Or, should I (can I, must I) log in to the App Store using my developer Apple ID instead?
You can use whatever Apple ID you want to download Xcode from the Mac App Store. There's nothing special about what it downloads. You'll need to log in to the developer portal though to download beta versions.
You can download Xcode (and lots of other stuff) from Apple's developer downloads website.
I very much doubt, therefore, that it matters whether you got it from the Mac App Store or not.

Resources