Hacker News new | past | comments | ask | show | jobs | submit login
Distributing Mac apps outside the App Store, a quick start guide (rambo.codes)
307 points by tosh 7 days ago | hide | past | favorite | 158 comments





I'm building my app for all platforms (Win, Lin, Mac) on a Linux machine, so I don't (can't) sign or notarize.

It's been going OK so far, but it seems like screws are tightening and when this workflow doesn't work anymore, I will simply stop supporting Mac (this applies to M1 too).


Why wouldn't you find a person with a Mac to sign the package? An apple developer account is only $100/year.

I feel that is certainly worth it for a software developer that does any meaningful business on the platform. Maybe you don't get much Mac users, but if you did, I'd definitely look into it.


Not everybody writing software for a platform is doing business on it. Many apps are free.

Then again I've never really understood the point of free (as in beer) software that's not also open source (or at least source available), so personally I think dropping platform support for a [free, cross-platform] application rather than simply distributing a tarball for users to do as they wish with is a bit dramatic.

Personally though I think it's weird that so many people are okay with distributing on platforms they don't even own. It's particularly rampant in cross-platform dev - I don't understand how anyone can feel comfortable just publishing an app on Android and/or iOS when they've never tested it on a real device, to talk of actually collecting money for it.


To clarify, my app is free and open source. There's nothing really preventing users from building the app themselves, and some of them do that. But building yourself is not something most users can do. So when talking about "dropping support", I mean specifically stopping doing Mac builds myself. (Or rather not creating new builds for M1 Mac and similar, I'm okay with doing builds for old x86)

> Personally though I think it's weird that so many people are okay with distributing on platforms they don't even own.

It's not very comfortable, and I had a lot of inner discussions about this. I originally supported only Linux and Windows (platform I use and test on regularly), but inevitably Mac users came and wanted to use the app too. It's quite difficult to reject such users when in theory a simple cross-build does not seem so difficult.

As mentioned before I'm using Electron and fortunately it does shield you from majority of platform specific bugs, so not testing each and every release on Mac turned out mostly OK. There are other issues though - Mac is very opinionated and many things / conventions are very different from Linux/Windows. As a result a simple cross build of my app is quite "foreign element" and users ask for mac specific features. My eventual solution was a compromise of "I provide builds but don't implement any mac specialties".


Surely a contributor has a Mac, and could take over code signing, and pushing that into your dist or bin directory?

I would think it would definitely be worth putting up an issue, asking if any have a Mac for that reason, especially since you have users actually asking for Mac builds.


GitHub says my project has 34 contributors, but in reality it's a one-man show, just like the majority of open source software. I would of course welcome if somebody would do the signing, but nobody stepped up to do it.

>An apple developer account is only $100/year.

When the other operating systems have options that are entirely free of cost, that's not as good of a deal as you think.


How do you sign for free for Windows? When I last looked at certs they were as expensive if not more, and they still wouldn’t solve the SmartScreen “not frequently downloaded” warning problem

> only $100/year

That is an absolute robbery for something which should be free.


Code signing isn't free. It never has been free, and most code signing certificates are 300-500/yr.

Apple is the one who wants the code signed so they should pay.

$100 is very expensive compared to the other platforms. These licensing fees destroy the majority of open-source projects geared around said platforms, sadly.

I'm pretty sure only Android is cheaper.

Last I checked Microsoft's signing prices were much higher than Apple's


$100 is lot of money in many parts of the world, specially if your app is free.

I can't remember where but there is a group of devs who offers to sign mac apps for open source developers.

How are you building a macOS app from linux? Is there some equivalent of mingw?


My app is based on electron and electron-builder can do Mac x86 builds on linux.

GitHub Actions has OSX runners. I’m building an Electron app too and my builds run in Actions. Electron even has arm64 builds now. It works great

Interesting, I need to look into it.

ARM64 is nice too, but for me not applicable. I won't dare to produce builds which I can't test ...


I can understand that. Intel builds run just fine. But once you try the ARM64 build, it really flies and you can’t go back.

I distribute a Mac app outside the app store. In my case, it's a freeware tool to hide the cursor with a hotkey or idle timer: http://doomlaser.com/cursorcerer-hide-your-cursor-at-will/

Architecturally, it's two "apps", a System Preference pane and a daemon that actually does the hiding.

There's a new dance in the last year or so where you must notarize your app before distribution. This is a bit more involved than just code signing, but it's workable. If you codesign and notarize your app, it's still possible for everyday users to download and launch without too much trouble.


I have a silly question. Is it possible to sign and notarize an app for macOS without paying $99/year? I am writing an open source program and want to make it easy for people to install but I don’t think I can justify the cost for something probably no one will see. It’s pretty niche.

I’ve called Apple about it and I’ve searched the web, but I haven’t got a definitive enough answer to satisfy my uncertainty (although I strongly suspect it is the case). Admittedly it may just be a last tenuous thread of hope that keeps me searching.


> Is it possible to sign and notarize an app for macOS without paying $99/year?

Almost certainly not. Apple does technically have fee waivers for eligible organizations — note the term organizations, not individuals — but the red tape required effectively (and ironically) puts this out of the reach for most individual open source developers:

https://developer.apple.com/support/membership-fee-waiver/


Alright, that’s pretty much what I expected but glad to hear it definitively. Thank you!

> I have a silly question.

I have a sillier answer. You could put it on github and invite any volunteer with an Apple developer account to fork it and cope with Apple on your behalf. You could also pledge to do it yourself if you raise $99 plus the cost of your time in sponsorship.


> for something probably no one will see

Unless you need the NetworkExtension API to be a vpn; Apple only notarizes those in the App Store.

This is why you can't download WireGuard from the WireGuard website - only from the App Store after providing ID (email and phone are the minimum required to get an Apple ID, required even for free apps).

It's not as easy as simply notarizing via the dev program and then self-publishing; some APIs are totally off-limits outside of the App Store.


> Apple only notarizes those in the App Store.

To be pedantic, this is not notarization. The term notarization only applies to software distributed outside the the App Store. The developers themselves sign the software with a Developer ID code signing certificate, and then Apple notarizes the signed software.

Whereas software distributed in the Mac App Store is all signed by Apple itself rather than by the developer.


How does Mullvad do it, then? Their Mac app is downloaded directly from their website, and WireGuard is used for their VPN.

I think Mullvad doesn't use the NetworkExtension API but relies on tun/tap. WireGuard used to do this in the past. But if you want to run a VPN on iOS devices you need to implement via NE anyways, so I believe the development was streamlined and the macOS version was build using NE as well. Afaik you can still install WireGuard via Homebrew: https://www.wireguard.com/install/#macos-homebrew-and-macpor...

Older, deprecated API that requires root and will likely soon be removed from macOS.

Glad to find out they notarized this. It isn't a .app though, which I think several in the thread are hoping to distribute outside the app store without making it difficult/spooky for the end user.

If they notarized your prefpane/daemon combo, I suspect they would notarize quite a few .app applications that are properly signed and not malicious or frowned upon use cases.


I was under the impression they would notarize essentially anything that doesn't match known malware? It's an automated system, not a manual review.

https://developer.apple.com/documentation/xcode/notarizing_m...

Anything that doesn't follow all the steps here wouldn't be notarized, I'm assuming. If a whatever.o file compiled from whatever.cpp with gcc from the command line wouldn't have any viable way of just being uploaded to a website for notarization. You'd have to at least go through all these steps. As far as I can tell, you'd need to have xcode to do that.


You need to have Xcode installed, but you don’t need to actually use the Xcode GUI for notarisation, you can use command line tools via `xcrun {altool,stapler}` to achieve the same. My company is distributing a Java application with a compiled JNI component written in C++, and I created the macOS distribution process for the app. It’s fully command-line based for automated deployment.

Packaging and notarisation is a pain, but it is possible, even though the app we’re distributing is self-contained, so it includes a minimal JRE distribution, dynamic libraries, utility binaries, and a loader. All of these components must be code-signed and notarised (not individually, only the complete bundle is submitted, but all components are inspected).


.o files aren't notarised. Only the executable files that will be run by other people are.

I suppose I could have wrote that a single .o file can be made an executable by gcc if the .o has a main function.

Nearly any file can be set as an executable, and surely a bash script set to launch an un notarized app in your application folder wouldn't magically bypass the gatekeeper security prompt for that app.


Command line tools do not use notarisation at all.


Quoting that page, "Command Line Tools can be signed, but not directly notarized".

Thanks for Cursorcerer!

I dont mind Apple putting more restrictions around signing, but they make it SO onerous for Desktop users to explicitly allow unsigned apps.

Tell me its unsigned and the dangers, but then give me the option to run it. Stop treating me like some dolt.

Right now, you have to really jump through hoops:

https://github.com/mikechambers/dcli/wiki/Running-dcli-tools...

(this is for a open source project I run)


Completely agree, especially because a signing key is $100 a year. Feels like the church selling indulgences.

That said, it's not quite as bad as your link. The secret is to right click or control click on the app, and choose Open. The warning dialog will have an Open button to bypass the Security pref pane. (Though maybe that doesn't work for you since you're making a CLI tool?)


I disagree, I don't really want the signing key to be $0.99 and someone just making 100+ developer accounts that can't be tracked with some leaked list of SSNs or similar. That would negate the whole point of the signing key for the end user almost entirely.

What you're seeking is proper identity verification, not necessarily a tariff or upfront cost to even do business.

Is proper identify verification something that Apple can do at a marginal cost significantly lower than $100?

I agree that the $100 fee in no way guarantees proper identity verification has been done. I also see plenty of other unnecessary barriers the fee creates, I just don't know what an obvious alternative would be.


$100 per year for distributing opensource app is way too much. $100 may be low in your country but its half salary for month in our country.

The $100 fee is no barrier at all to professional criminals. Whereas it's a huge barrier for open source developers.

Maybe a fee waiver for oss with certain licenses and dev accounts for .edu addresses with a couple other ID requirements would be a good start.

I'm not sure why, but I don't see many of these prompts myself. You can disable Gatekeeper.

  sudo spctl --master-disable
That should get rid of the prompts.

I’d rather not. After the initial setup I don’t see that many annoying prompts either, I’d rather not disable security measures when they’re really not that painful.

I don't have it disabled myself. But if it's a burden, the option is there.

It used to be option+click, then "Open". They removed that approach?

That still works.

you need to open twice, first time will never show it.

Sometimes, rather than giving me a "friendly" warning that the app is unsigned, I get and exception with a stack trace, with:

    Termination Reason:    Namespace CODESIGNING, Code 0x1

I can (re)sign the application with:

    codesign --force --deep --sign - /path/to/The.app
which often resolves the issue.

but what's the difference between the error that causes the friendly warning, and the error that cases the stack trace/exception? Is this the difference between a lack of code signature and a failed check?


It’s a failed code sign of some sort. E.g. and typically, the developer used an installer cert for an app.

The point isn't to imply you're a dolt, but to slowly convince you to use the App store for the percentage they make.

> they make it SO onerous for Desktop users to explicitly allow unsigned apps

Not really onerous. However, you do have to use a terminal command to turn off Gatekeeper.

https://www.imore.com/how-open-apps-anywhere-macos-catalina-...


He means from the perspective of an app developer - it is hard to educate users when Apple's deliberate UI scares the user. Asking some some of them to disable Gatekeeper can also backfire with ignorant users, because it is a security measure against malware spread and execution (once malware is identified).

From the app developer's perspective, you can hardly spin a terminal command as any more onerous than a registry edit on Windows.

Windows 10 SmartScreen is just as deliberate and just as scary.


You don't need to pay anything or sign up for any app store to be approved by SmartScreen, and even if you are not approved there is a "Run anyway" button right there in the dialog.

You absolutely have to pay for an extended validation code signing certificate for Windows 10 Smartscreen to allow your installer to run.

That's not true. Binaries can acquire a positive reputation by being commonly downloaded. However paying for an EV certificate (or getting windows logo certification) is the only way to bypass the warning with no reputation.

What new developer already has a reputation score?

You absolutely have to pay for an extended validation code signing certificate, or your installer will be blocked by default.

Third parties charge more for that code signing certificate than Apple does for a developer account.


No new developer already has a reputation score. Why should they? Is there something unfair about warning users that uncommonly downloaded software is more likely to contain malware?

If anything, the problem is that even software with an EV certificate should be subject to the warning (like how SmartScreen worked in the past).


The entire point of Gatekeeper and SmartScreen is to only warn users about unsigned software that could install a trojan horse.

If you check to see if the developer's signing certificate has been revoked before running their software, you can be reasonably sure that doing so is safe.

Apple's developer program is cheaper than the extended validation code signing certificate you need to develop and sign software use on Windows without running into a block from SmartScreen.


No, that might be the point of Gatekeeper but the point of SmartScreen is to warn you when you are running uncommonly downloaded software. You might be right that it is cheaper to buy a guaranteed exception for Gatekeeper than it is to buy a guaranteed exception for SmartScreen though, but I don't think that is relevant when you don't really need an exception for SmartScreen at all.

No, stopping uncommonly downloaded software from running is Microsoft's way to force new developers to use their app store, since software distributed from there is exempt from that limitation.

Apple's developer program is not only cheaper, it allows for functional code signing that completely sidesteps their app store.


SmartScreen existed prior to Microsoft's app store though.

I am not sure what you mean regarding your point about sidestepping Apple's app store. Code signing can obviously be done on either platform without any app stores.


No, SmartScreen blocks software that doesn't have a high enough "reputation score" even if it is signed. The only way around that particular restriction is to distribute your app through Microsoft's app store.

Gatekeeper has no such caveat.


"Everyday" users shouldn't have to edit the registry in order to install an app, either. Being no worse than Windows doesn't make it good.

Turning off gatekeeper disables the protections for all apps, not a specific app of the user's choosing. That is not what the other poster was asking for

This is a great guide!

My own preference is to try using the Mac App Store, if possible.

One reason, is that I’m lazy, and most of my stuff is free, or first-tier priced. I’m not too concerned about Apple’s cut.

Another reason is that it is another level of QA for my app. Sort of a “peer review.” I’m fairly obsessed with Quality.

But it’s not something that has ever been a “big deal” for me, so the stakes have not been too high.


> Another reason is that it is another level of QA for my app. Sort of a “peer review.” I’m fairly obsessed with Quality.

In my experience, don't expect much from App Store reviewers. Their primary concern seems to be simply protecting Apple's own intellectual property. If you want testing, distribute your app to beta testers.


Not to worry. I would never rely on it. But what they are good for, is some basic usability, and "Apple user expect this" kind of things.

It still puzzles me to this day why developers are happy to develop for Apple products. If the red tape alone doesn't make it a deal breaker the % cut certainly should.

Simple. Apple users spend more [1]. Not to say you can’t make money on Windows, Linux or Android, obviously there are thousands of successful software businesses on those platforms. It’s just that iOS and Mac users really don’t mind spending.

Apple users also seem to appreciate (and pay for) boutique indie apps. As a Mac user, I paid $25 for Byword just because it was a really nice Markdown editor. That appetite for quality apps gives indies a great market opportunity.

Edit: oh yeah, and a lot of devs use macOS so why wouldn’t they want great apps on the platform they use?

[1]: https://www.appannie.com/en/insights/market-data/mobile-hit-...


May be if I would like 'boutique indie apps' I wouldn't chose a platform so restrictive to indie developers.

Developers can switch to a different platform, but the problem is that their customers won't switch. The customers for boutique indie apps simply do not exist on Linux. And they don't exist on Windows to the extent that they exist on the Mac. The Mac has always been by far the best platform to find customers for boutique indie apps, long before Mac code signing existed, and that equation hasn't changed even though Apple is now getting worse and locking down the Mac.

In general, I find the idea strange that developers can simply avoid being dependent on Apple. Look at two of the largest corporations in the world: Google and Facebook. They are themselves platforms. Google has its own mobile OS, Android. And yet... these companies still have big problems with Apple. They still need iOS apps, they still have to go through App Store review, etc.

The world is such that it's extremely difficult for anyone to avoid being dependent in some way on the BigCos. If you think the web is independent, just consider Flash-based web sites. Not so independent anymore, eh? Turns out Google and Apple also control the web browsers. Consider physical product producers and Amazon. And look at how Parler was simultaneously deplatformed by everyone. These BigCos are the elephants in the room, you can't ignore them.


> Developers can switch to a different platform, but the problem is that their customers won't switch. The customers for boutique indie apps simply do not exist on Linux. And they don't exist on Windows to the extent that they exist on the Mac. The Mac has always been by far the best platform to find customers for boutique indie apps, long before Mac code signing existed, and that equation hasn't changed even though Apple is now getting worse and locking down the Mac.

I would also argue that even despite restrictions, spotty docs, and bugs, macOS is still one of the strongest platforms for creating polished boutique apps. The toolkits available elsewhere have technical advantages (like being cross platform), but getting the little details right is so much more difficult with them that meeting the same bar of quality is a much taller order. I think a dev wanting to accomplish something similar in a cross-platform manner is going to have to do something similar to what the Sublime guys have done with developing their own in-house toolkit.


Because apple provides a tradeoff - a VERY trusted ecosystem that folks are happy to spend big money in knowing they are pretty safe (no impossible to cancel subscriptions).

The ecosystem as well is pretty aggressively updated - even old devices (by most company standards) remain supported AND updated - so your development target is not terrible.

So in short - you can make good to great money on the apple ecosystem as revenue per install is higher and ecosystem support costs lower.


3rd parties kind of shot themselves in the foot by abusing the fuck out of users in every way possible and now things have swung in the other direction where users all flock to marketplaces that prevent the abuse even if sellers get charged a huge fee.

Yes.

On the one hand, having NE entitlements restricted to MAS and the associated pain of MAS distribution is real.

On the other hand, a few years ago, I once installed some garbage corporate VPN software on a Windows machine of mine so that a family member could connect to their office to resolve an urgent matter. I later realized it was impossible to uninstall. It seemed to have somehow managed to embed itself deep into the network stack initiation process, and since you can’t delete an open file on Windows, it was impossible to remove. I booted into the Windows equivalent of recovery mode and forcefully removed the files from a DOS prompt, but then the whole network stack was borked. Not knowing which registry keys to edit I had to reinstall the damn OS.

With that experience in mind, I’d really appreciate the peace of mind of knowing deeply system-altering software can be cleanly removed.


I had this experience a few times. I used to buy outside the standard marketplaces (was an early cydia user as well).

Reality - if they can scam you they will.

1) An annual subscription with no renewal notice AND that you couldn't cancel out of the 7 day period before renewal. So because I subscribed outside the app store I was screwed. After paying another $150 for a year I didn't want the service for, spending time arguing, I had to set a calendar invite for a year away to myself, then find out you can only cancel by CALLING them at a UK number! Of course it was acres of time being on hold.

I ended up just switching off that credit card and sending them an email saying I was canceling. They still send me past due bills saying my card was declined yadda yadda.

Contrast that with apple. You get an alert IN ADVANCE that you have subscriptions coming up. If you uninstall an app with a related subscription it asks if you want to cancel subscription PROACTIVELY etc. And you seem to get benefits via family sharing on subscriptions that automatically flow to family members without having to share passwords which is nice.

So yeah, subscriptions (as just one example) I go through app store if at all possible.

And of course, this extends to everything. On my windows machine we also have that corp VPN stuff -> which they then somehow use as a marketing channel to popup notifications around security etc that I need to buy or get anti-virus etc. I'm sure there are settings to turn this stuff off, but what a pain.

My parents it is even worse. On windows all the ads and toolbars that are "helpfully" installed I am convinced are 99% adware / malware. For some reason my parents (elderly) have no problems with their ipad by contrast.


I love programming on Apple platforms, they are beautiful devices and the UX is the best.

The users are there and are wanting good software that they are even willing to pay for! Jumping through hoops is just a price to pay for it. I also like servicing demanding users ; Apple users demand software that works full stop.

What red tape?

Your app is signed and that's it. Not App Store review, just signed by a bot. The rest is all just discussing things like copy protection, where to host, etc.


Plus signing up and paying for a developer ID. While it’s easy to minimize all of this, it’s still red tape and it’s extra work one has to do.

You sign up for github, hackernews etc too.

It's a little bit of extra work, which is in your build scripts anyway. And it protects against some attacks.

To me it just sounds like bitching against Apple.. some old, same old


> You sign up for github, hackernews etc too.

but it doesn't cost a cent


So does a domain name, so did an SSL certificate, so does any payment provider, so do many many other things. Heck.. so is facebook, so is whatsapp. When it's about those "we" like to complain that there should be a paid version instead of a free version. It's just a load of bs.

The article is not even about distributing free applications. It's about paid applications.


Distributing an OSS app requires neither a domain name nor an SSL certificate. And even if you shell out for these, they cost me vastly less than an Apple developer subscription. For somebody who develops OSS just for fun in their spare time, doesn’t make (nor expects to make) any money from it, and would rather spend time and other resources on interesting stuff, the 100 USD fee is essentially a no-go. I don’t mind paying for my hobby but (1) I’ve got more than one hobbies and I’m not rich, and (2) I’d like to perceive that the money I spend actually gives me something. For my purposes, an Apple developer subscription doesn’t feel like it is.

If you are distributing an OSS app, put it in HomeBrew. Done

There are thousands of OSS apps available on the Mac. None of them are signed. This includes many GUI apps like iTerm.

Most people who use OSS apps are already going to have HomeBrew regardless.


> "100 USD fee is essentially a no-go."

I simply fail to understand why people are so privileged to think $100 is no-go. Its not one time fee. Its yearly fee. and $100 is probably half of 1 month salary in many Asian countries.

> "Distributing an OSS app requires neither a domain name nor an SSL certificate"

One can just release app on homebrew or even github release and guess what they don't need domain name or certs. Yes github/homebrew paid that cost but OSS dev doesn't have to pay that much cost to release the opensource app.


I don't understand. of course it's a problem that DNS costs money, and of course it was a big problem than SSL cost money.

>> Plus signing up and paying for a developer ID.

Signing your app and distributing it outside of the Mac app store does not require a paid developer ID.


Yes it does if you want to be allowed by Gatekeeper.

What’s the point of Gatekeeper if getting a new certificate is free? Once your malware is blacklisted you could just use the next one at no cost.


That's moving the goalposts. The point was that signing and distributing an app outside of the App Store does not require a paid developer account, not that it would play nice with Gatekeeper. You can still option-click and run the installer even if it is not notarized.

Note that I will concede that it is extremely stupid and greedy of Apple to require a paid account for notarizing apps, particularly free apps, because it is in their best interest if more applications would be notarized, and they are not particularly hurt for cash either. It's inexplicable TBO. But that doesn't mean you cannot install signed but non-notarized apps without a paid developer account.


I think OP is including iOS in their scentiment.

Pat Sayjak, I'd like to solve the puzzle. "ios is two thirds of the hundred billion dollar mobile app market"

https://www.businessofapps.com/data/app-revenues/#1


For me, it's simple. On balance, it's a great platform to develop for, and I make a good living from it doing work I enjoy. I also appreciate the community of Mac users that use my apps.

Because Apple, alongside Google and Microsoft platforms, provide a whole stack experience in tooling and SDKs, instead of endless configurations of home made distributions, and people on those platforms usually pay for their apps, even when taking piracy into account.

Because Apple users have done nothing wrong and deserve nice software too.

They are short-sighted. They don't realize that they are the ones adding value to Apple's platform, and they shouldn't have to pay Apple to do so! With its app store, Apple acts like a corrupt bureaucrat middleman between developers and users, and demands an unnecessary bribe from both to distribute and use the app. It reduces profit for the developers and increases cost for their clients.

This sums up my thoughts quite well.

Even with the boutique money there we usually see someone's sob story about Apple pulling their app on a whim on HN quite often.


I don't think they are short-sighted. I think they realise that the app store gives them such a leg up in the process of packaging, distributing, managing updates, helping with discoverability, ensuring platform compatibility and (optionally) taking payment of their software that they easily see the value advantage to going on the app store other than doing all that themselves.

Managing all of that yourself would leave less time for development, would cost a lot more than the app store fees & cut and would be in itself an insurmountable barrier to many who might not even bother (particularly small freeware apps).

On the whole I'd say the app store benefits the majority of developers, particularly smaller ones.

The companies that do chafe at the bit though are the larger ones for whom all of that infrastructure is already taken care of, and it's no barrier for them. They seem to resent Apple's cut which would probably explain the Fortnite fracas.


Everything you've described is exactly the things they are short-sighted about - if you need to grow your business these are the things you need control and oversight over, and need to master. Betting your business on one horse (whose feet are tied) is just plain stupid.

I never knew this was so much to write about. Whatever happened to the days of having an apache web server, having it in a zip, and just hosting it? If it's small enough, personal S3 bucket?

If paranoid, post the SHA1/MD5 hash. I guess signing the app too.


It's not much more complicated than just sticking it in an S3 bucket. This article seems to be more about the broader implications for your business about choosing one route vs the other. Guilherme mentions that GitHub Releases work fine for open source apps.

Agreed. I worked for (very large company) distributing a mac app outside the app store. Other than the distribution + update benefits (and a couple entitlements) you get from the app store, the freedom you get by living outside the sandbox outweighs it IMO.

You can do that. The only extra step is you need to have your app signed by Apple. Not App Store review, it just scans for malware and signs it.

And charges you $100/year for that scan.

The extended validation code signing certificate you need for your software installer to get around Windows 10's SmartScreen isn't free either.

That's really not a lot of money if you are selling software as a business.

And what if you are a non-profit?

I can speak for the cross platform open source project I work on; we don't pay the license fee. That means regularly bumping into new users that need help with opening the mac application, so we've written a "How to" guide as a workaround . It's an annoyance we'll live with, probably until we hit v1.0 and then i'll probably take it upon me to pay that fee.

Sad reality is that if you'not making profit (which Apple takes cut of), you're not important for Apple.

Is it at least available in all countries?

“Transmission”, a popular Mac bit torrent client did it the simple way. They ended up distributing a disk destroying malware to their users.

If you only distribute your Mac software outside the store, and aren’t inherently ineligible for the store (like a full disk space measuring program) I just assume you are up to no good or don’t care enough about my security and pass on your product.

If you aren’t willing to fork over $100/year to at least minimally tie an identity to your actions and go through all the signing nuisance then you don’t get control of my computer.

Now that we are living in a notarized application world I may have to rethink this and loosen up, so the nuisance you go through notarizing your app is in some sense the entry fee to sell to some security conscious customers.


> "Transmission", a popular Mac bit torrent client did it the simple way. They ended up distributing a disk destroying malware to their users.

APPLE APP STORE, a popular app store also distributed a malware / spyware bundled within a messenger app - https://www.bbc.com/news/technology-50890846

> If you aren’t willing to fork over $100/year to at least minimally tie an identity to your actions and go through all the signing nuisance then you don’t get control of my computer.

You don't need to pay $100 to a corporate to verify your identity and gain the trust of your users. Open source users have been doing it without paying a single penny to any corporates so far.


The $100 fee is not the issue.

You also give up 15% or 30% of revenue to Apple; have to go through app review on every update facing arbitrary rejection; have no direct relationship with your users; can't offer upgrade pricing on significant new releases (existing users either get the new release for free or you make it a new SKU thus forcing everyone to pay full price, including existing users).


For me, $100 annual fees is also an issue. It's just an unnecessary and useless burden for not just open source softwares, but commercial wares too. Moreover, why should Apple get a monopoly on this - non-profits like EFF or the FSF should be allowed to do something similar, or even other corporates. Isn't that what we do currently with browsers and certificates?

For $100 you get a precious _codesigning_ certificate, the equivalent cost more money on Windows because it's not organized by Microsoft but left to 3rd-party vendors that abuse their position. Codesigning is essential for security.

I actually argued that $100 is not a big hurdle, but now I feel I should ask why it can't be $10? SSL certificates used to cost a lot until LetsEncrypt made them free.

IIRC LetsEncrypt provide website certificates but not codesigning certificates. The entities giving codesigning cert need to verify you exist by checking an company index and phonecalling you. Apple makes it way easier on their platform.

Well Gumroad, the storefront he's using charges 5% or 3.5% + $10/ month so unless you are earning more than $1m/ year you are only saving 10-11.5%. Plus you have to host your own code which is another (very small) fee.

You also lose access to some of Apple's cloud service like Sign in With Apple which some customers prefer (self included). There are also some additional sales just due to being in the App Store.

Which is to say, the getting rid of that 15% fee isn't a slam dunk. Even before the Apple Tax cut, many developers chose to use the App Store even when the fee was 30% for good reason. I suspect if you are earning $900k in the App Store and launching a new product the math gets quite weird.


> unless you are earning more than $1m/ year you are only saving 10-11.5%

10% is a lot.


If you sell 50 copies independently for $100 you save $10 or $500.

If listing it in the App Store means you would sell 150 copies instead, how much is that savings worth?

I didn't suggest it was cheap, I said many people find it's worth spending the money.


Just a little more info and a meta-HN fact:

I don't ordinarily use bit torrent, but I was downloading a couple OS images and the provider requested I use bit torrent so I went and got Transmission during the period while the malware was up, but before Transmission discovered it. I got lucky and saw a news article, perhaps on HN, about the infection the next day or two, verified I had it, removed it, and ran a set of offline backups. Had I not caught it, after a several day waiting period the malware would have encrypted my drives for ransomware. So I got ridiculously unlucky to get the infection, and then ridiculously lucky to see an article suggesting I might have it before it went off.

About HN, the parent comment is getting a disappointing amount of up and down voting relative to its total score.


> If you aren’t willing to fork over $100/year to at least minimally tie an identity to your actions and go through all the signing nuisance then you don’t get control of my computer.

I think what people who think like you are missing is that developers also don't want to control your computer if they have to go though all this hassle. It's a two way street.



I wish articles like this were around when I built my crypto trader mac app. I agree with others here that codesigning is a pain. One thing -- I don't really think adding licensing/copy protection is that hard and I personally think it is beneficial. I use a SaaS to hadnle the backend of that. It's been awhile but I remember it being pretty painless to integrate a simple licesning setup where my users activate devices up to their maximum according to their license key's tier.

I'm surprised there isn't a startup solving this. Cross-platform Sparkle for updates (probably written in Rust), payment processing, DRM. Maybe even some sort of App Store-like thing for discoverability.

I'm also kinda surprised how desktop app development is not not quite as "hip" as mobile. I'm guessing it's due to the relatively difficulty compared with mobile.


I'm glad it's not hip, less competiton for us Mac developers! iOS developers are welcome to their overcrowded market.

Why ship a desktop app when you can ship a browser product?

The business incentives often outweigh the technical benefits of desktop apps. DRM and payment processing are easy. Discoverability is a shit show but the only competitive advantage to app stores is exclusivity. No need to worry about provisioning user machines, DLL hell, whatever.

And whatever you do you're going to pay a couple of release engineers anyway.


Maybe you are building something performance sensitive.

DLL hell isn’t a problem. You can just ship a stand-alone binary if you want.


Figma has shown if you want perf, you write it in C++ and distribute as web assembly and still stay in the browser.

FWIW, Microsoft's Visual Studio App Center will build and distribute iOS apps: https://visualstudio.microsoft.com/app-center.

You know what you can run whatever you want on? Linux and a myriad of other open OSes.

Just stop using Macs/Windows. You can have it better. You deserve to be treated with respect.


>> Just stop using Macs/Windows. You can have it better.

Someone is privileged / in a bubble enough to think this is even remotely plausible for a massive chunk of people.

When native Photoshop, Final Cut Pro, Logic Pro X, hell; even Unity makes it to Linux, I’ll be able to consider it.

Until then, I make my money off those apps. How is not having access to the vast wealth of commercial software ‘having it better’? Even for just the average person?

It’s not. Plain and simple.

Can we finally just drop this ‘just go to Linux’ shit? It really only works for Grandma or Mom who only needs to check their emails, Facebook and type documents, and programmers who happen to be lucky enough to have that extremely limited set of tools work for them.

Until solutions like WINE are no longer required and commercial software is available it is and will remain a non option for the vast, vast majority of professionals using a computer.

No offence intended - but seriously every time someone posts ‘everyone should just move to Linux it’s so much better’, I have to ask myself how isolated in that community they made themselves to make that ‘realistic’.


Unity is available for Linux. The beta has been available sincle like 2015, but UnityHub for Linux is an official release nowadays.

Just this month we moved the installer creation step of our build pipeline to an on-premise mac mini in order to let install4j handle the signing & notarization (for windows, linux and mac).

We need these writeups for iOS as well. Distribute IPA files without a problem!

If Apple has to sign your app for it to run, then the Mac is no longer hackable.

How do you define hackable? Also it is trivial to run unsigned code on a mac.

Signed binaries are a totally reasonable security feature for computers sold to people that will install anything. Having a reasonable (hard enough to find) workaround is totally acceptable in my book.

I also believe you can trust a self signed codesigning certificate if you want a more permanent solution (citation needed)


Hackable means I can run any software I want from any source without anyone's permission. My understanding (please correct me if I'm wrong) is that starting with M1 macs, I now need apple's permission to distribute an app whether I use their store or not. Richard Stallman is seeming more and more prescient every year. Users should not be forced to give up control like this.

I think part of why the signed apps system feels onerous to me is that I can't really trust it for the things that matter most.

Even if I'm assuming no exploits, everything working as intended, the permissions don't map well to what I care about.

I don't really care which app has access to the camera, I care about what gets done with the recording (or even metadata/inferences from the images) or about it taking pictures at surprising times. Some fitness tracker needs a lot of data, which is fine as long as they aren't selling it to third parties.

I would love the feature if it was something I could rely on, with audits of the client code, backend infrastructure, transparency in regards to data use, etc. As is installing software is still caveat emptor.


Capabilities are a technical problem with a technical solution. As in: an app can't use the microphone or access the Downloads folder without getting permission from the user, by design.

What you're after is a sociopolitical problem, and would take a sociopolitical solution. It simply can't be implemented in software, and it can't be implemented correctly in all cases, period: even if the app designer is a perfect angel, and only does exactly what they've pledged to with your data, the company could be bought by Evil Corp, or get hacked.


I totally agree with you, but it's worth noting that what you're describing is TCC (permissions for camera, accessing certain folders, etc), which is somewhat orthogonal to code signing. It's also much harder (practically impossible in many cases) to actually disable than Gatekeeper if you don't like it.

But they don't. Go into the Terminal and type sudo spctl --master-disable (I have that command memorized!) and you can run all the unsigned code you want.

Apple only has to sign your app if you want to distribute it. You can run apps you build without getting them signed. You can build local apps, run Python/ Ruby/ Elixir code on your own computer without Apple ever knowing. Likewise on the iPhone actually, though I have to build the software on the Mac.

> distribute it

Hardly a saving grace, no?

Apple are still judge, jury, executioner, and taxman as to what the vast majority of their customers can run with their already expensive hardware.


> Apple are still judge, jury, executioner, and taxman

Does that mean Tim Cook is Judge Dredd?

The reality of distributing Mac Software is far more boring than you paint it.


So Windows 10 isn't hackable now that Windows SmartScreen hides the option to run unsigned software installers?

Not everyone wants a "hackable" machine - but for those that do, it's rather trivial to bypass the mechanisms.

The article recommends create-dmg to create a disk image, but it depends on node/npm.

A python alternative would be: dmgbuild[0]

[0]: https://github.com/al45tair/dmgbuild




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: