←back to thread

The Anatomy of a macOS App

(eclecticlight.co)
278 points elashri | 6 comments | 07 Dec 25 12:31 UTC | HN request time: 0.017s | source | bottom
Show context
mitchellh ◴[07 Dec 25 15:12 UTC] No.46182248[source]
> while that shown in blue is the stapled notarisation ticket (optional)

This is correct, but practically speaking non-notarized apps are pretty terrible to use for a user enough so that this isn't optional and you're going to pay your $99/yr Apple tax.

(This only applies to distributed software, if you are only building and running apps for your own personal use, its not bad because macOS lets you do that without the scary warnings)

For users who aren't aware of notarization, your app looks straight up broken. See screenshots in the Apple support site here: https://support.apple.com/en-us/102445

For users who are aware, you used to be able to right click and "run" apps and nowadays you need to actually go all the way into system settings to allow it: https://developer.apple.com/news/?id=saqachfa

I'm generally a fan of what Apple does for security but I think notarization specifically for apps outside the App Store has been a net negative for all parties involved. I'd love to hear a refutation to that because I've tried to find concrete evidence that notarization has helped prevent real issues and haven't been able to yet.

replies(8): >>46182546 #>>46183094 #>>46183222 #>>46183383 #>>46183424 #>>46185443 #>>46186860 #>>46190047 #
jclay ◴[07 Dec 25 15:47 UTC] No.46182546[source]
I thought the macOS notarization process was annoying until we started shipping Windows releases.

It’s basically pay to play to get in the good graces of Windows Defender.

I think all-in it was over $1k upfront to get the various certs. The cert company has to do a pretty invasive verification process for both you and your company.

Then — you are required to use a hardware token to sign the releases. This effectively means we have one team member who can publish a release currently.

The cert company can lock your key as well for arbitrary reasons which prevents you from being able to make a release! Scary if the release you’re putting out is a security patch.

I’ll take the macOS ecosystem any day of the week.

replies(6): >>46182614 #>>46182764 #>>46182861 #>>46183552 #>>46184093 #>>46188140 #
deltaknight ◴[07 Dec 25 15:56 UTC] No.46182614[source]
The EV cert system is truly terrible on Windows. Worst of all, getting an EV cert isn’t even enough to remove the scary warnings popping up for users! For that you still need to convince windows defender that you’re not a bad actor by getting installs on a large number of devices, which of course is a chicken-and-egg problem for software with a small number of users.

At least paying your dues to Apple guarantees a smooth user experience.

replies(2): >>46182780 #>>46184204 #
1. ryandrake ◴[07 Dec 25 16:15 UTC] No.46182780[source]
Wow. I haven't written software for Windows in over a decade. I always thought Apple was alone in its invasive treatment of developers on their platform. Windows used to be "just post the exe on your web site, and you're good to go." I guess Microsoft has finally managed to aggressively insert themselves into the distribution process there, too. Sad to see.
replies(3): >>46184170 #>>46187747 #>>46190160 #
2. ◴[07 Dec 25 19:10 UTC] No.46184170[source]
3. etbebl ◴[08 Dec 25 02:46 UTC] No.46187747[source]
I get that if you're distributing software to the wider public, you have to make sure these scary alerts don't pop up regardless of platform. But as a savvy user, I think the situation is still better on Windows. As far as I've seen there's still always a (small) link in these popups (I think it's SmartScreen?) to run anyway - no need to dig into settings before even trying to run it.
replies(1): >>46199381 #
4. jeroenhd ◴[08 Dec 25 09:20 UTC] No.46190160[source]
> Windows used to be "just post the exe on your web site, and you're good to go."

That's also one of the main reasons why Windows was such a malware-ridden hellspace. Microsoft went the Apple route to security and it worked out.

At least Microsoft doesn't require you to dismiss the popup, open the system settings, click the "run anyway" button, and enter a password to run an unsigned executable. Just clicking "more details -> run anyway" still exists on the SmartScreen popup, even if they've hidden it well.

Despite Microsoft's best attempts, macOS still beats Windows when it comes to terribleness for running an executable.

replies(1): >>46194278 #
5. ryandrake ◴[08 Dec 25 16:30 UTC] No.46194278[source]
I just wish these companies could solve the malware problem in a way that doesn't always involve inserting themselves as gatekeepers over what the user runs or doesn't run on the user's computer. I don't want any kind of ongoing relationship with my OS vendor once I buy their product, let alone have them decide for me what I can and cannot run.
6. Archit3ch ◴[08 Dec 25 23:51 UTC] No.46199381[source]
Are you sure? I had not used Windows for years and assumed "Run Anyway" would work. Last month, I tested running an unsigned (self-signed) .MSIX on a different Windows machine. It's a 9-step process to get through the warnings: https://www.advancedinstaller.com/install-test-certificate-f...

Perhaps .exe is easier, but I wouldn't subject the wider public (or even power users) to that.

So yeah, Azure Trusted Signing or EV certificate is the way to go on Windows.