←back to thread

The Anatomy of a macOS App

(eclecticlight.co)
278 points elashri | 2 comments | 07 Dec 25 12:31 UTC | HN request time: 1.694s | source
Show context
mitchellh ◴[07 Dec 25 15:12 UTC] No.46182248[source]
> while that shown in blue is the stapled notarisation ticket (optional)

This is correct, but practically speaking non-notarized apps are pretty terrible to use for a user enough so that this isn't optional and you're going to pay your $99/yr Apple tax.

(This only applies to distributed software, if you are only building and running apps for your own personal use, its not bad because macOS lets you do that without the scary warnings)

For users who aren't aware of notarization, your app looks straight up broken. See screenshots in the Apple support site here: https://support.apple.com/en-us/102445

For users who are aware, you used to be able to right click and "run" apps and nowadays you need to actually go all the way into system settings to allow it: https://developer.apple.com/news/?id=saqachfa

I'm generally a fan of what Apple does for security but I think notarization specifically for apps outside the App Store has been a net negative for all parties involved. I'd love to hear a refutation to that because I've tried to find concrete evidence that notarization has helped prevent real issues and haven't been able to yet.

replies(8): >>46182546 #>>46183094 #>>46183222 #>>46183383 #>>46183424 #>>46185443 #>>46186860 #>>46190047 #
jclay ◴[07 Dec 25 15:47 UTC] No.46182546[source]
I thought the macOS notarization process was annoying until we started shipping Windows releases.

It’s basically pay to play to get in the good graces of Windows Defender.

I think all-in it was over $1k upfront to get the various certs. The cert company has to do a pretty invasive verification process for both you and your company.

Then — you are required to use a hardware token to sign the releases. This effectively means we have one team member who can publish a release currently.

The cert company can lock your key as well for arbitrary reasons which prevents you from being able to make a release! Scary if the release you’re putting out is a security patch.

I’ll take the macOS ecosystem any day of the week.

replies(6): >>46182614 #>>46182764 #>>46182861 #>>46183552 #>>46184093 #>>46188140 #
dceddia ◴[07 Dec 25 16:13 UTC] No.46182764[source]
The situation on Windows got remarkably better and cheaper recently-ish with the addition of Azure code signing. Instead of hundreds or thousands for a cert it’s $10/month, if you meet the requirements (I think the business must have existed for some number of years first, and some other things).

If you go this route I highly recommend this article, because navigating through Azure to actually set it up is like getting through a maze. https://melatonin.dev/blog/code-signing-on-windows-with-azur...

replies(4): >>46184191 #>>46187315 #>>46191688 #>>46193298 #
1. lwkl ◴[08 Dec 25 12:57 UTC] No.46191688[source]
That's not easier and cheaper than before. That's how it's always been only now you can buy the cert through Azure.

For an individual the Apple code signing process is a lot easier and more accessible since I couldn't buy a code signing certificate for Windows without being registered as a business.

replies(1): >>46193067 #
2. dceddia ◴[08 Dec 25 15:07 UTC] No.46193067[source]
> That's how it's always been only now you can buy the cert through Azure.

Where can you get an EV cert for $120/year? Last time I checked, all the places were more expensive and then you also had to deal with a hardware token.

Lest we talk past each other: it's true that it used to be sufficient to buy a non-EV cert for around the same money, where it didn't require a hardware token, and that was good enough... but they changed the rules in 2023.