Open Radar

 
Summary:
To distribute and run MAS apps for testing and development purposes, you have to sign with a 3rd Party Mac Developer Application certificate, or else the app can’t get MAS receipts and run properly. However, when downloading such an app from the internet (when distributing beta builds) the app doesn’t pass Gatekeeper authentication, requiring a user to use the Finder context-click workaround.

Steps to Reproduce:
1. Start off with a blank Mac app
2. Build it on Xcode Server, signing it with the generated Server signing certificate
3. Use this xcodebuild command to export a signed build:

        xcodebuild -verbose -exportArchive -exportFormat app -archivePath “path/to/archive” -exportPath “~/Desktop/TestApp.app” -exportSigningIdentity “3rd Party Mac Developer Application: ____ (____)”

4. Zip and upload the exported app to a web server
5. Download the zip from Safari
6. Unzip and run the app

Expected Results:
The app shows a Gatekeeper warning with the option to open the app

Actual Results:
A Gatekeeper warning appears, with the message “‘Test App’ can’t be opened because it is from an unidentified developer”, and only an OK button. To open the app, you must browse to it in Finder, context-click on it, and select Open.

Notes:
Signing the exported app with a Developer ID certificate doesn’t work, because my app checks for MAS receipts on launch. So you can click through the initial Gatekeeper dialog, but then the app exits because it can’t access the MAS Sandbox environment to get ta receipt.

It would be nice not to have to instruct Beta users to go through a Finder context-click, if they aren’t aware of that mechanism.