Login/Register
Bypass Gatekeeper in Mac OS X Apps without a Mac Developer Membership
Asked Answered
Solved macososx-mountain-lionsoftware-distributionosx-gatekeeper
O

2

10

Scenario

I want to release an app for Mac OS X, but not on the AppStore. The app runs on 10.6 - 10.8 and up.

Problem

Apple requires all apps for Mac OS X 10.8+ to be signed by the developer to get past Gatekeeper. And unless I tell each user to temporarily disable and re-enable gatekeeper just for my app, according to this document and the Mountain Lion change log... my app won't be allowed to run.

From the wording on Apple's website, it sounds like I'll have to pay the $99.00 a year for the certificate. However, I do not want to pay the $99 - I'm not publishing to the AppStore!

Question

Is there any way I can get around paying the $99 for distribution on 10.8+? I know my app will work on 10.6 and 10.7, but according to Apple it won't be allowed to run on 10.8 without the certificate. Is that true? How can I distribute on 10.8+ (preferably a DMG) without a $99 distribution certificate? Thanks in advance!

Edit #1

  • DMG files are not authenticated by Gatekepper, only the app itself is.
  • OS X Lion 10.7.5+ also has Gatekeeper * angry face *
Obtrusive answered 29/7, 2012 at 17:32 Comment(5)
Users can also right click on the app and choose 'open'Lubumbashi
@FrederickCheung is that true, because from what it says on Apple's website you have to get a certificateObtrusive
support.apple.com/kb/HT5290Lubumbashi
Just wanted to point out that the latest 10.7.5 has Gatekeeper also.Furlana
It seems like there ought to be a way to sign with a local only certificate. Like an "it's in development" and have a "compile with xcode" button...which would require the user installing xcode, but still a better workaroundTattler
O
8

Apple currently provides no way to get around Gatekeeper without paying the $99 / year membership fee. To me, this seems unfair because it squishes out the smaller developers (but that's a discussion for elsewhere).

For a rather cumbersome workaround, one can include a ReadMe or note on the download page for their software to explain to users that they need to right click your app and then click 'Open' and then click confirm to run it. I have also found through experimenting that Gatekeeper does not run security checks on DMG files or the installation of files, only the execution / running of Apps. So one could include some kind of note in their DMG installer that told the user exactly how to install and run the app.

Hopefully Apple will provide a workaround for developers (possibly a cheaper solution for a limited membership) that distribute freeware and open source software.

Obtrusive answered 27/9, 2012 at 23:12 Comment(0)
E
0

You don't need to purchase membership. Just get a code signing certificate from any agency and sign your app with it. Then it will bypass the Gatekeeper check. Gatekeeper only checks whether the app is from identified developer or not.

Enshroud answered 4/12, 2013 at 9:40 Comment(6)
Like you can get code signing certificate from GoDaddy as well. So here GoDaddy is code signing agency.Enshroud
Does this actually work? How does one sign their own app with any old cert?Intellection
@itguru I tried signing the app with a valid code signing certificate (used successfully on Windows). The signing went well on MacOS but gatekeeper/spctl tool rejects the app. How did exactly signed your app without an Apple Developr Id certificate?Mikol
Using XCode's codesign command we can sign the app. We need to sign all the binaries inside the app bundle.Enshroud
@itguru: You can certainly sign the app (and contained binaries) with a non-Apple certificate, but Gatekeeper will not recognize it as valid. One of the goals of the Gatekeeper system is to allow Apple to revoke the certificates of any developers caught distributing malware, and since Apple cannot revoke 3rd-party certificates, 3rd party certs do not meet this goal.Mutule
Yes it tried and GateKeeper is not passing it. Thanks.Enshroud

© 2022 - 2024 — McMap. All rights reserved.