It's been going OK so far, but it seems like screws are tightening and when this workflow doesn't work anymore, I will simply stop supporting Mac (this applies to M1 too).
I feel that is certainly worth it for a software developer that does any meaningful business on the platform. Maybe you don't get much Mac users, but if you did, I'd definitely look into it.
Then again I've never really understood the point of free (as in beer) software that's not also open source (or at least source available), so personally I think dropping platform support for a [free, cross-platform] application rather than simply distributing a tarball for users to do as they wish with is a bit dramatic.
Personally though I think it's weird that so many people are okay with distributing on platforms they don't even own. It's particularly rampant in cross-platform dev - I don't understand how anyone can feel comfortable just publishing an app on Android and/or iOS when they've never tested it on a real device, to talk of actually collecting money for it.
> Personally though I think it's weird that so many people are okay with distributing on platforms they don't even own.
It's not very comfortable, and I had a lot of inner discussions about this. I originally supported only Linux and Windows (platform I use and test on regularly), but inevitably Mac users came and wanted to use the app too. It's quite difficult to reject such users when in theory a simple cross-build does not seem so difficult.
As mentioned before I'm using Electron and fortunately it does shield you from majority of platform specific bugs, so not testing each and every release on Mac turned out mostly OK. There are other issues though - Mac is very opinionated and many things / conventions are very different from Linux/Windows. As a result a simple cross build of my app is quite "foreign element" and users ask for mac specific features. My eventual solution was a compromise of "I provide builds but don't implement any mac specialties".
I would think it would definitely be worth putting up an issue, asking if any have a Mac for that reason, especially since you have users actually asking for Mac builds.
When the other operating systems have options that are entirely free of cost, that's not as good of a deal as you think.
That is an absolute robbery for something which should be free.
Last I checked Microsoft's signing prices were much higher than Apple's
ARM64 is nice too, but for me not applicable. I won't dare to produce builds which I can't test ...
Architecturally, it's two "apps", a System Preference pane and a daemon that actually does the hiding.
There's a new dance in the last year or so where you must notarize your app before distribution. This is a bit more involved than just code signing, but it's workable. If you codesign and notarize your app, it's still possible for everyday users to download and launch without too much trouble.
I’ve called Apple about it and I’ve searched the web, but I haven’t got a definitive enough answer to satisfy my uncertainty (although I strongly suspect it is the case). Admittedly it may just be a last tenuous thread of hope that keeps me searching.
Almost certainly not. Apple does technically have fee waivers for eligible organizations — note the term organizations, not individuals — but the red tape required effectively (and ironically) puts this out of the reach for most individual open source developers:
I have a sillier answer. You could put it on github and invite any volunteer
with an Apple developer account to fork it and cope with Apple on your behalf.
You could also pledge to do it yourself if you raise $99 plus the cost of
your time in sponsorship.
This is why you can't download WireGuard from the WireGuard website - only from the App Store after providing ID (email and phone are the minimum required to get an Apple ID, required even for free apps).
It's not as easy as simply notarizing via the dev program and then self-publishing; some APIs are totally off-limits outside of the App Store.
To be pedantic, this is not notarization. The term notarization only applies to software distributed outside the the App Store. The developers themselves sign the software with a Developer ID code signing certificate, and then Apple notarizes the signed software.
Whereas software distributed in the Mac App Store is all signed by Apple itself rather than by the developer.
If they notarized your prefpane/daemon combo, I suspect they would notarize quite a few .app applications that are properly signed and not malicious or frowned upon use cases.
Anything that doesn't follow all the steps here wouldn't be notarized, I'm assuming. If a whatever.o file compiled from whatever.cpp with gcc from the command line wouldn't have any viable way of just being uploaded to a website for notarization. You'd have to at least go through all these steps. As far as I can tell, you'd need to have xcode to do that.
Packaging and notarisation is a pain, but it is possible, even though the app we’re distributing is self-contained, so it includes a minimal JRE distribution, dynamic libraries, utility binaries, and a loader. All of these components must be code-signed and notarised (not individually, only the complete bundle is submitted, but all components are inspected).
Nearly any file can be set as an executable, and surely a bash script set to launch an un notarized app in your application folder wouldn't magically bypass the gatekeeper security prompt for that app.
Tell me its unsigned and the dangers, but then give me the option to run it. Stop treating me like some dolt.
Right now, you have to really jump through hoops:
(this is for a open source project I run)
That said, it's not quite as bad as your link. The secret is to right click or control click on the app, and choose Open. The warning dialog will have an Open button to bypass the Security pref pane. (Though maybe that doesn't work for you since you're making a CLI tool?)
I agree that the $100 fee in no way guarantees proper identity verification has been done. I also see plenty of other unnecessary barriers the fee creates, I just don't know what an obvious alternative would be.
sudo spctl --master-disable
Termination Reason: Namespace CODESIGNING, Code 0x1
codesign --force --deep --sign - /path/to/The.app
but what's the difference between the error that causes the friendly warning, and the error that cases the stack trace/exception? Is this the difference between a lack of code signature and a failed check?
Not really onerous. However, you do have to use a terminal command to turn off Gatekeeper.
Windows 10 SmartScreen is just as deliberate and just as scary.
You absolutely have to pay for an extended validation code signing certificate, or your installer will be blocked by default.
Third parties charge more for that code signing certificate than Apple does for a developer account.
If anything, the problem is that even software with an EV certificate should be subject to the warning (like how SmartScreen worked in the past).
If you check to see if the developer's signing certificate has been revoked before running their software, you can be reasonably sure that doing so is safe.
Apple's developer program is cheaper than the extended validation code signing certificate you need to develop and sign software use on Windows without running into a block from SmartScreen.
Apple's developer program is not only cheaper, it allows for functional code signing that completely sidesteps their app store.
I am not sure what you mean regarding your point about sidestepping Apple's app store. Code signing can obviously be done on either platform without any app stores.
Gatekeeper has no such caveat.
My own preference is to try using the Mac App Store, if possible.
One reason, is that I’m lazy, and most of my stuff is free, or first-tier priced. I’m not too concerned about Apple’s cut.
Another reason is that it is another level of QA for my app. Sort of a “peer review.” I’m fairly obsessed with Quality.
But it’s not something that has ever been a “big deal” for me, so the stakes have not been too high.
In my experience, don't expect much from App Store reviewers. Their primary concern seems to be simply protecting Apple's own intellectual property. If you want testing, distribute your app to beta testers.
Apple users also seem to appreciate (and pay for) boutique indie apps. As a Mac user, I paid $25 for Byword just because it was a really nice Markdown editor. That appetite for quality apps gives indies a great market opportunity.
Edit: oh yeah, and a lot of devs use macOS so why wouldn’t they want great apps on the platform they use?
In general, I find the idea strange that developers can simply avoid being dependent on Apple. Look at two of the largest corporations in the world: Google and Facebook. They are themselves platforms. Google has its own mobile OS, Android. And yet... these companies still have big problems with Apple. They still need iOS apps, they still have to go through App Store review, etc.
The world is such that it's extremely difficult for anyone to avoid being dependent in some way on the BigCos. If you think the web is independent, just consider Flash-based web sites. Not so independent anymore, eh? Turns out Google and Apple also control the web browsers. Consider physical product producers and Amazon. And look at how Parler was simultaneously deplatformed by everyone. These BigCos are the elephants in the room, you can't ignore them.
I would also argue that even despite restrictions, spotty docs, and bugs, macOS is still one of the strongest platforms for creating polished boutique apps. The toolkits available elsewhere have technical advantages (like being cross platform), but getting the little details right is so much more difficult with them that meeting the same bar of quality is a much taller order. I think a dev wanting to accomplish something similar in a cross-platform manner is going to have to do something similar to what the Sublime guys have done with developing their own in-house toolkit.
The ecosystem as well is pretty aggressively updated - even old devices (by most company standards) remain supported AND updated - so your development target is not terrible.
So in short - you can make good to great money on the apple ecosystem as revenue per install is higher and ecosystem support costs lower.
On the one hand, having NE entitlements restricted to MAS and the associated pain of MAS distribution is real.
On the other hand, a few years ago, I once installed some garbage corporate VPN software on a Windows machine of mine so that a family member could connect to their office to resolve an urgent matter. I later realized it was impossible to uninstall. It seemed to have somehow managed to embed itself deep into the network stack initiation process, and since you can’t delete an open file on Windows, it was impossible to remove. I booted into the Windows equivalent of recovery mode and forcefully removed the files from a DOS prompt, but then the whole network stack was borked. Not knowing which registry keys to edit I had to reinstall the damn OS.
With that experience in mind, I’d really appreciate the peace of mind of knowing deeply system-altering software can be cleanly removed.
Reality - if they can scam you they will.
1) An annual subscription with no renewal notice AND that you couldn't cancel out of the 7 day period before renewal. So because I subscribed outside the app store I was screwed. After paying another $150 for a year I didn't want the service for, spending time arguing, I had to set a calendar invite for a year away to myself, then find out you can only cancel by CALLING them at a UK number! Of course it was acres of time being on hold.
I ended up just switching off that credit card and sending them an email saying I was canceling. They still send me past due bills saying my card was declined yadda yadda.
Contrast that with apple. You get an alert IN ADVANCE that you have subscriptions coming up. If you uninstall an app with a related subscription it asks if you want to cancel subscription PROACTIVELY etc. And you seem to get benefits via family sharing on subscriptions that automatically flow to family members without having to share passwords which is nice.
So yeah, subscriptions (as just one example) I go through app store if at all possible.
And of course, this extends to everything. On my windows machine we also have that corp VPN stuff -> which they then somehow use as a marketing channel to popup notifications around security etc that I need to buy or get anti-virus etc. I'm sure there are settings to turn this stuff off, but what a pain.
My parents it is even worse. On windows all the ads and toolbars that are "helpfully" installed I am convinced are 99% adware / malware. For some reason my parents (elderly) have no problems with their ipad by contrast.
Your app is signed and that's it. Not App Store review, just signed by a bot. The rest is all just discussing things like copy protection, where to host, etc.
It's a little bit of extra work, which is in your build scripts anyway. And it protects against some attacks.
To me it just sounds like bitching against Apple.. some old, same old
but it doesn't cost a cent
The article is not even about distributing free applications. It's about paid applications.
There are thousands of OSS apps available on the Mac. None of them are signed. This includes many GUI apps like iTerm.
Most people who use OSS apps are already going to have HomeBrew regardless.
I simply fail to understand why people are so privileged to think $100 is no-go. Its not one time fee. Its yearly fee. and $100 is probably half of 1 month salary in many Asian countries.
> "Distributing an OSS app requires neither a domain name nor an SSL certificate"
One can just release app on homebrew or even github release and guess what they don't need domain name or certs. Yes github/homebrew paid that cost but OSS dev doesn't have to pay that much cost to release the opensource app.
Signing your app and distributing it outside of the Mac app store does not require a paid developer ID.
What’s the point of Gatekeeper if getting a new certificate is free? Once your malware is blacklisted you could just use the next one at no cost.
Note that I will concede that it is extremely stupid and greedy of Apple to require a paid account for notarizing apps, particularly free apps, because it is in their best interest if more applications would be notarized, and they are not particularly hurt for cash either. It's inexplicable TBO. But that doesn't mean you cannot install signed but non-notarized apps without a paid developer account.
Even with the boutique money there we usually see someone's sob story about Apple pulling their app on a whim on HN quite often.
Managing all of that yourself would leave less time for development, would cost a lot more than the app store fees & cut and would be in itself an insurmountable barrier to many who might not even bother (particularly small freeware apps).
On the whole I'd say the app store benefits the majority of developers, particularly smaller ones.
The companies that do chafe at the bit though are the larger ones for whom all of that infrastructure is already taken care of, and it's no barrier for them. They seem to resent Apple's cut which would probably explain the Fortnite fracas.
If paranoid, post the SHA1/MD5 hash. I guess signing the app too.
If you only distribute your Mac software outside the store, and aren’t inherently ineligible for the store (like a full disk space measuring program) I just assume you are up to no good or don’t care enough about my security and pass on your product.
If you aren’t willing to fork over $100/year to at least minimally tie an identity to your actions and go through all the signing nuisance then you don’t get control of my computer.
Now that we are living in a notarized application world I may have to rethink this and loosen up, so the nuisance you go through notarizing your app is in some sense the entry fee to sell to some security conscious customers.
APPLE APP STORE, a popular app store also distributed a malware / spyware bundled within a messenger app - https://www.bbc.com/news/technology-50890846
> If you aren’t willing to fork over $100/year to at least minimally tie an identity to your actions and go through all the signing nuisance then you don’t get control of my computer.
You don't need to pay $100 to a corporate to verify your identity and gain the trust of your users. Open source users have been doing it without paying a single penny to any corporates so far.
You also give up 15% or 30% of revenue to Apple; have to go through app review on every update facing arbitrary rejection; have no direct relationship with your users; can't offer upgrade pricing on significant new releases (existing users either get the new release for free or you make it a new SKU thus forcing everyone to pay full price, including existing users).
You also lose access to some of Apple's cloud service like Sign in With Apple which some customers prefer (self included). There are also some additional sales just due to being in the App Store.
Which is to say, the getting rid of that 15% fee isn't a slam dunk. Even before the Apple Tax cut, many developers chose to use the App Store even when the fee was 30% for good reason. I suspect if you are earning $900k in the App Store and launching a new product the math gets quite weird.
10% is a lot.
If listing it in the App Store means you would sell 150 copies instead, how much is that savings worth?
I didn't suggest it was cheap, I said many people find it's worth spending the money.
I don't ordinarily use bit torrent, but I was downloading a couple OS images and the provider requested I use bit torrent so I went and got Transmission during the period while the malware was up, but before Transmission discovered it. I got lucky and saw a news article, perhaps on HN, about the infection the next day or two, verified I had it, removed it, and ran a set of offline backups. Had I not caught it, after a several day waiting period the malware would have encrypted my drives for ransomware. So I got ridiculously unlucky to get the infection, and then ridiculously lucky to see an article suggesting I might have it before it went off.
About HN, the parent comment is getting a disappointing amount of up and down voting relative to its total score.
I think what people who think like you are missing is that developers also don't want to control your computer if they have to go though all this hassle. It's a two way street.
I'm also kinda surprised how desktop app development is not not quite as "hip" as mobile. I'm guessing it's due to the relatively difficulty compared with mobile.
The business incentives often outweigh the technical benefits of desktop apps. DRM and payment processing are easy. Discoverability is a shit show but the only competitive advantage to app stores is exclusivity. No need to worry about provisioning user machines, DLL hell, whatever.
And whatever you do you're going to pay a couple of release engineers anyway.
DLL hell isn’t a problem. You can just ship a stand-alone binary if you want.
Just stop using Macs/Windows. You can have it better. You deserve to be treated with respect.
Someone is privileged / in a bubble enough to think this is even remotely plausible for a massive chunk of people.
When native Photoshop, Final Cut Pro, Logic Pro X, hell; even Unity makes it to Linux, I’ll be able to consider it.
Until then, I make my money off those apps. How is not having access to the vast wealth of commercial software ‘having it better’? Even for just the average person?
It’s not. Plain and simple.
Can we finally just drop this ‘just go to Linux’ shit? It really only works for Grandma or Mom who only needs to check their emails, Facebook and type documents, and programmers who happen to be lucky enough to have that extremely limited set of tools work for them.
Until solutions like WINE are no longer required and commercial software is available it is and will remain a non option for the vast, vast majority of professionals using a computer.
No offence intended - but seriously every time someone posts ‘everyone should just move to Linux it’s so much better’, I have to ask myself how isolated in that community they made themselves to make that ‘realistic’.
Signed binaries are a totally reasonable security feature for computers sold to people that will install anything. Having a reasonable (hard enough to find) workaround is totally acceptable in my book.
I also believe you can trust a self signed codesigning certificate if you want a more permanent solution (citation needed)
Even if I'm assuming no exploits, everything working as intended, the permissions don't map well to what I care about.
I don't really care which app has access to the camera, I care about what gets done with the recording (or even metadata/inferences from the images) or about it taking pictures at surprising times. Some fitness tracker needs a lot of data, which is fine as long as they aren't selling it to third parties.
I would love the feature if it was something I could rely on, with audits of the client code, backend infrastructure, transparency in regards to data use, etc. As is installing software is still caveat emptor.
What you're after is a sociopolitical problem, and would take a sociopolitical solution. It simply can't be implemented in software, and it can't be implemented correctly in all cases, period: even if the app designer is a perfect angel, and only does exactly what they've pledged to with your data, the company could be bought by Evil Corp, or get hacked.
Hardly a saving grace, no?
Apple are still judge, jury, executioner, and taxman as to what the vast majority of their customers can run with their already expensive hardware.
Does that mean Tim Cook is Judge Dredd?
The reality of distributing Mac Software is far more boring than you paint it.
A python alternative would be: dmgbuild