Hacker News new | past | comments | ask | show | jobs | submit login

> You can still make an app for Mac without submitting it to the app store, without having to deal with majority of those issues.

Not any more. Apple is so much of a control freak lately that non-app-store apps on Catalina are still required to go through them for "notarization" to be allowed to run on an unmodified OS — and yes that requires the $99 account. For me personally, that's the reason I'm staying on Mojave. That and 32-bit apps.




Yes, it is really just a different set of tradeoffs now.

It isn't just notarization, it is also that notarization requires app hardening which has very strict rules. Shipping an app with 3rd party binaries that supports older versions of macOS is especially tricky to get right.

Also using direct distribution you have to deal more with Gatekeeper.

One particularly fun issue is that if you distribute your app as a zip and a user downloads (to their standard ~/Downloads/ folder) and runs it, then Gatekeeper will use path randomization (aka app translocation), which effectively makes the app look like it is on a read-only volume. Older versions of the sparkle update framework would not show update prompts if on a read-only volume (as what's the point?), and therefore if a user continued to run an app from their downloads folder they would never get updates!

Apple made this change without informing any developers that their users could be left behind for a while. I imagine this security feature prevented users from getting many security fixes.

The way to disable the app translocation is to have a user manually drag the app to their Applications folder, which is why so much software is distributed in DMGs now with the Applications folder symlink.


TIL. I thought this was just so that all apps are in one place for ease of access. When I first tried OS X in the form of hackintosh around 2009, most apps were already distributed in dmgs with "drag to install" so I just thought it's a very neat, Apple-ish way (ugh Windows install wizards) and assumed it's always been like that. Older PPC Macs were basically never really a thing where I'm from.

Now I remember seeing these weird long paths pointing to weird places with the word translocation in them — never really dug into the why. I've also seen apps ask to move themselves to /Applications when launched from ~/Downloads.

Anyway, with all these Gatekeeper changes, it's almost as if Apple doesn't want non-app-store apps at all.


> Anyway, with all these Gatekeeper changes, it's almost as if Apple doesn't want non-app-store apps at all.

Of course that's their idea, The Mac Store has been a moderate failure, so now they are pushing people into it slowly more and more every release.

As Apple and Microsoft (with their Windows Store) have learned, if there's a real choice between an app store and a standard install, nobody will pick the app store. They cannot promote it naturally, they have to push it through by force.


Well, then people have the choice of not updating because why would I if the only change that's noticeable brings more restrictions. I'm on Mojave and I don't really feel like I'm missing on anything. Both Mac OS and Windows are more or less feature-complete at this point.


Heh, I actually prefer the app store version wherever I can download it, because I like not having to think about updates; I let the software updater do it. Is this an uncommon attitude?


Developers care a lot about updates, your average user does not. For them, an update means there's a chance the app isn't going to work like it used to be.

People went as far as disabling all windows updates manually.

Also as a second point, you can totally have a software updater without an app store.


This isn’t true. And it has nothing to do with OSX.


I used to but then I had one app where the developer switched to a rental model but didn't let existing customers continue with the old model.

I don't have any particular problems with the rental model but in this case I had bought it on the basis of it not being that.


Apps did start doing this before, definitely. I always felt they were arrogant in assuming they deserved a spot in my Applications folder. I should be able to put the app wherever I'd like. At the same time dmgs seem backwards-looking since disks were "old" technology so why use an image format for them? So I was personally against distributing my software this way, but Apple forced my hand with the Gatekeeper app translocation change.

Apple themselves ships some software, like the non-Mac App Store versions of Xcode, as xips (signed zips), but for some reason decided 3rd party developers cannot use these.

Apples recommendations are in the "Shipping your Signed Code" section of this tech note:

https://developer.apple.com/library/archive/technotes/tn2206...


> non-app-store apps on Catalina are still required to go through them for "notarization" to be allowed to run on an unmodified OS

Apple tries to hide the option, but you can still run non-notarization software on a Mac. The first time you run the application, open in from the right click menu. It'll give you a warning, and if you select OK it'll run. After that you can just run it by double clicking like normal, and it won't warn you.


That's fine for you and I, but good luck distributing an app to end users that way.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: