I need to build an application for Lion with iCloud functionality.
I know that I have to sign the application in order to use entitlements options to enable iCloud.
I do NOT have to distribute my application on MacStore, just to sell it directly to my clients.
Do I need to subscribe to Mac Developer program in order to get a working certificate? Or I can generate a self-signed one and use it to sign my application?
Thanks
Currently it looks like you have to sign up to the Mac Dev Programme to be able to support iCloud in your apps (you need to edit a setting in the portal to enable iCloud for your bundle ID).
Additionally, it is unclear if non-appstore apps will be able to support iCloud anyway.
Related
Is it necessary to notarize app before uploading to Apple App Store? I come across some article says that notarization is needed for non-app store distribution, while apple will run notarization before approving an app store version.
Anyone can confirm?
The reason I ask this question is because I notarized the app for outside Mac App Store distribution and it works fine. For the Mac app store build, I can upload and distribute it and it works fine on Mac, only have issue on Catalina(beta) when user try to open, see attached pic. Wonder if it's related to notarization.
Update: the issue was not due to notarization, but due to code signing. One of the node binary is not signed before uploading to MAS, maybe Catalina has a more strict rule checking it.
No, it's not required. Apps downloaded from the app store are not notarized. You can verify it using spctl command.
spctl -a -v /Applications/Pages.app
/Applications/Pages.app: accepted
source=Mac App Store
Gatekeeper will check notarization only if the app is downloaded from outside the App Store.
From Safely open apps on your Mac
When you install Mac apps, plug-ins, and installer packages from
outside the App Store, macOS checks the Developer ID signature and
notarization status to verify that the software is from an identified
developer and that it has not been altered.
Notarization is only required for distribution outside the Mac App Store. See Distribute outside the Mac App Store (macOS), which says:
In some cases, you may want to distribute an app outside of the Mac App Store [...] Users gain additional assurance if your Developer ID-signed app is also notarized by Apple.
The macOS User Guide has this to say:
App Store: [...] All the developers of apps in the Mac App Store are identified by Apple, and each app is reviewed before it’s accepted
App Store and identified developers: [...] Identified developers are registered with Apple and can optionally upload their apps to Apple for a security check. If problems occur with an app, Apple can revoke its authorization.
I'm having some serious trouble signing an application for ad-hoc distribution. Is it possible to distribute an app with the following requirements?:
Does not require tester to provide UUID up front
Outside app store
Utilizes entitlements such as VPN or Keychain Sharing
I ask because exporting without signing (Organizer (select archive) > Export > Export as Mac Application) fails with "embedded provisioning profile not valid: ..." on some devices. It appears to work on others though.
Thank you!
If you're trying to use the NetworkExtension framework (which I'm assuming because you tagged your question with nevpnmanager,) unfortunately that's only available in App Store apps.
I know this because I asked Apple. I was trying to make a non App Store NEVPN app, but no dice. Quinn from Developer Tech Support told me the NEVPN stuff is only available for App Store apps, and that I should file a bug report (which I think I did.)
I want to distribute my Mac App on both Mac App Store and my own website. The Mac App Store app will be signed via the Mac App Distribution certificate from Apple and the Website version will be signed via the Developer ID Application certificate. The website version will be distributed as a simple MyAppName.zip file that lets the user unpack MyAppName.app to where ever the user wishes. My app is a document based app that creates documents with extension .mydoc
I have two options to implement such a scenario.
First, and my preferred method is to have same bundle identifier for both apps. If a user tries to install from MAS first and then website; Will both apps live on my Mac without any issues? If a user installs the website version first, and then tries to install from MAS, how will MAS behave? How is it decided that which app will open my document by default?
Second, I use different bundle identifier for the apps on MAS and my website. Essentially they are different apps and I don't like this because it is confusing for a user because the apps look and behave exactly the same. In this case, how is it decided which one of the apps will open my document by default?
If a user tries to install from MAS first and then website; Will both apps live on my Mac without any issues? Answer: YES
If a user installs the website version first, and then tries to install from MAS, how will MAS behave? Answer: MAS will ask user that there already exists a version and if it should be kept.
How is it decided that which app will open my document by default? Answer:
Launch Services documentation says the the behavior is not determinate. So either one will open.
Second, I use different bundle identifier for the apps on MAS and my website. Essentially they are different apps and I don't like this because it is confusing for a user because the apps look and behave exactly the same. In this case, how is it decided which one of the apps will open my document by default? Answer:
Launch Services documentation says the the behavior is not determinate. So either one will open.
We are developing an application for our client and he wanted us to build App so he can publish the app over the Mac App store,
As of now we don't have Mac Developer Id, and we have received App Id from the client,
My question is, is it possible to make build only using App Id ?
I guess with App ID you mean something like "com.company.product".
Getting an Application for OS X to the App store is not an easy task (compared to iPhone/iPad).
To sign the App you need the public/private Key pair and a couple of certificates from your client.
The convenient way to upload the app to apple is done using Xcode.
Does the client use Xcode? If your client uses Xcode, then your client can do all the signing stuff. Then your client needs just the source code.
If your client needs a signed binary, then it's not obvious HOW he gets the app to the Appstore. There is a tool which can be used to upload the binary: "Application Loader.app"
(Here is a similar SO question which describes the toolchain: How to submit an iOS app WITHOUT XCode?)
If you need to deliver your results to your client as a signed bundle then you need all Certificates from the client. Your code must have all entitlements set. Uploading this code without testing your entitlements on your local machine is like driving a car blindfolded.
However: If you need to deliver a signed binary to your client, then you need all certificates.
If you will distribute the code to the client, it's not a problem delivering an unsigned binary to the client. Apps can be executed without code signing. Even without an valid AppID your code may be executed.
If your client has knowledge about Mac development, this should be no problem. If your client't doesn't know anything about Mac development, you should get access to his Mac-Developer account and do it for him.
Conclusion: The AppID is just a string to identify the app. If your client does the code signing stuff and uploading to Apple by himself using Xcode, then you need nothing else.
If you should use iCloud or App-Sandboxing (Entitlements) then you NEED certificates from your client.
I am going to submit my application for Mac App Store, and I am confused about enabling entitlements.
In Apple developer guide for configuring your app for mac App store, it does not say if it is required, or its just better to do it.
I am not using iCloud or push notifications (and are not enabled in my App ID).
I am not going to enable Sandboxing before 1st of March.
I sign my executable with the appropriate Apple Application Certificate and my installer with Installer certificate.
I am following the File-System Usage Requirements for the Mac App Store guide lines.
Last time my binary was accepted, but application was rejected in review due to some other violation.
My question is, will my app get rejected if I do not check the Enable Entitlements checkbox in Xcode. If I enable it, the second option is if I want to enable Sandbox which I do not, so it seems irrelevant.
I found this answer which says its not required but its for iOS.
Can someone confirm?
Thanks in Advance.
No it is not needed. My App was approved without Enabling entitlements. But, it will be needed once I start using Push notifications, Sandboxing, or iClouds.