Distributing Mac software is increasing my cortisol levels (opens in new tab)

Any user who does not like Gatekeeper can turn it off on their machine in ten seconds by running this in a Terminal:

    sudo spctl —-master-disable

People will say, no, that’s too big a hammer, it’s not safe… but then, like, what do you actually want? Either you keep Gatekeeper because you like the friction it introduces, or you don’t like that friction and you should go turn it off. Pick one, you obviously can’t have both!

Of course, you as the developer can’t make this choice for your users… but isn’t that as it should be? The user decides what code is allowed to run on their machines. And the default setting is restrictive because anyone who knows what they’re doing can easily change it.

P.S. Meanwhile, on iOS there’s no way to install unsigned software at all, and on Android (starting soon) the process takes 24 hours instead of ten seconds. That is actually ridiculous because it’s taking away user choice.

P.P.S. To be clear, modern macOS has plenty of other restrictions which can’t really be turned off and which I find super annoying. Gatekeeper just isn’t one of them.

Edit: I’ve just learned that as of Sequoia, you have to also tick a box in Settings after running the Terminal command. So maybe it takes 30 seconds instead of ten seconds. That’s mildly more annoying, but still doesn’t really seem like a big deal to me.

I have been developing software for Macs and PCs as an Indie for 20 years now. I sympathize with the author of the post. You get the feeling that Apple thinks you should be grateful that they allow you to develop apps for their platform.

The author didn't mention Apple's contempt for backward compatibility. Apple like to regularly nuke their entire developer system from orbit. Try running an app developed 10 years ago on the latest version of macOS. It probably won't run.

Microsoft are much better at backward compatibility and they don't force you to join a developer program. But you get totally reamed every time you have to update your authenticode digital certificate for Windows. Just the digital certificate will cost you more than $99 per year. It is a total racket.

This was perhaps the biggest reason I moved to Linux full-time about a year ago. I just got sick of not being able to write software and have people use it. The solution might be an "I trust this author" VS Code style dialog and that's it, but even that misses the mark a bit. I've been having a blast building on Linux and miss almost nothing about macOS. And the things I do miss I write programs for [1][2] and give them to people. Who would have guessed that would ever be so hard.

1. https://github.com/zackb/tether

2. https://github.com/zackb/hyprwat

Author here, just pushed a quick update to the article.

To be fair, compared to the prices of Certum and other providers if you ever want to sign something for Windows, perhaps Apple isn't uniquely overpriced (they all seem to be that way): https://www.certum.eu/en/code-signing-certificates/

Looking more into the Windows side of things, I also found Azure Artifact Signing which is supposedly affordable at 8.54 EUR per month, but unfortunately they don't actually support individual users in the EU (only in US & Canada, meanwhile EU only gets support for organizations). I'd probably have to set up a SIA (equivalent of Ltd.) here first - it was in the plans for later, but this is a bit of a roadblock for using Azure too: https://azure.microsoft.com/en-us/products/artifact-signing

My tone might have been frustrated, but I will absolutely say that the code signing industry needs to have a Let's Encrypt moment of some description - at least commoditize it like Azure Artifact Signing was trying to do, but also for individual developers, across all platforms! Sadly, that doesn't seem to be possible when the platforms are intentionally walled gardens. I don't hate the idea of code signing, though - if done right, it's a good idea, same as TLS for (many) websites.

I shared the author's frustration when figuring out how to ship such binaries to end users so I wrote a guide [0] detailing exactly how to do it. Apple's documentation is surprisingly poor and I couldn't find any blog posts so I ended up reverse engineering what works via trial and error as well as popular OSS projects on GitHub.

[0]: https://ofek.dev/words/guides/2025-05-13-distributing-comman...

This is exactly the sort of paternalism which drove me away from the Mac in ~2015, after I'd been using Apple hardware for thirty years. It's just too much hassle for a casual developer; I'm stuck on the belief that it is my computer, not Apple's, and I should be the one deciding what I can do with it.

1 year ago i would have agreed with you. Today, I'm going to take the other side on this. The amount of malicious code embedded in software now is going up exponentially. Yes this is a painful tax imposed on all software, malicious or not, but until they figure out a better system, this system actually will disuade a certain percentage of malicious actors to give up - ESPECIALLY having to pay a fee. As a mac user, i want to know if the developer has paid a significant fee to get this software to me. It a useful signal for me. If they didn't pay and didn't upload their passport, I really want think think hard about the risks involved for myself when I run this thing.

How does anyone who cares about open source or even development more generally see this and go "Yeah that's the OS I want to use"?

I genuinely don't understand why so many developers are willing to compromise so much for a thin laptop.

So, Linux gets a free pass for requiring chmod +x to run his tool, but needing to run xattr on MacOS is somehow worthy of an entire blog post to complain about it?

Serious question - Is it really true that Windows 11 will run an untrusted .exe without a warning?

If I am understanding this correctly, the $99/year Apple Developer Program allows you to notarize applications for macOS so users do not receive the warning/damaged binary dialog. I simply had AI generate the signing code, and you can run that script on any CICD or on your machine and push the artifacts to a CDN. Works wonderfully for macOS, and users of my app have had no issues with it.

Let me know by replying here if you want me to share the build+sign code or have any questions.

Ugh. I just went through this ID verification process yesterday and I got it to work on /maybe/ the 8th try. Truly horrible design. Now I’m in a paperwork exchange with some random third party to get the account associated with my LLC. It would be awesome to be able to just write and distribute software, but there’s only one iOS monopoly so what are you going to do but play ball.

As a user I actually like Gatekeeper. 95% of the time it's not a problem. the other 5% of the time I have to click a button in my settings to allow unsigned code. But at least it gives me pause to think about the source and if I really trust it (which is mostly offloaded to Apple the other 95% of the time).

Free business idea: get an Apple developer account and then agree to sign code for other people in exchange for a small piece of their income. I'm surprised that doesn't exist yet (or does it?).

Tangential but this made me appreciate how Gatekeeper is perhaps a notorious example of a great naming choice for a piece of software.

My favorite is when someone discovers they haven't yet granted Zoom screensharing permission, and that they need to exit the call to re-launch the application with the permission granted.

> I can use SmartID to verify my ID (and age) in about 20 seconds when buying an energy drink at the local grocery store

Where do you have to show ID for that??

Sometimes I wonder why we don't just treat an installation script like curl https://alx.sh | sh as a universal option for distributing applications. The provenance is there via the HTTPS certificate, and if you're already about to trust an application that can compromise your system, why not trust the installation script as well?

It's interesting that sanctioned Russian banks still find the ways to push their apps into Apple repository by disguising them as a different app. They get removed several months later, but I assume it is done only because someone complains.

Apple's not making any money on developer subscriptions. I suspect they just want to have a velvet rope, to encourage folks to be serious about their work. They don't want farting-around toys. They want developers to ship serious apps.

There'$ a rea$on that $o many people want to relea$e Apple app$. A $uperb rea$on.

It's a really lucrative market. People like to have access to customers that are used to paying a lot. One of the reasons those customers want to pay more, is that walled garden that HN members hate so much, but millions of people have no issue with (whether or not that's a good thing, is not for me to ponder. It just is).

99 bucks is peanuts. It does give you access to the entire suite of Apple tools. Anyone interested in shipping serious software, is likely to far exceed that, in the non-Apple (or Apple hardware) tools that they use to develop the software. Heck, your keyboard probably cost more than that. I remember that we used to pay Microsoft over $4,000 a year for their developer program.

Here's what Apple says about it[0]. That's what I usually do. I think someone else has shared the command line method. If it's a developer tool, then it would probably have a difficult time passing Apple's app review process, anyway, and that will really jangle your cortisol pipes.

[0] https://support.apple.com/guide/mac-help/open-a-mac-app-from...

It has been like this forever and periodically someone complains, but then they just go out and buy another mac and keep producing software for macOS. If you want this to change, stop providing financial support.

Funny how a $20 cert is enough to prove identity and provide security for any domain on the web, but in order to run a calculator Apple hw, Apple HQ is the only entity on the planet capable of such complex security.

All that, and not a single one here is surprised at zero days or trojans or malware that come right out of this process every week.

If it works, then why aren't we surprise when it doesn't?

Because we know it doesn't work.

On a meta note, no one uses link pages like https://links.kronis.dev/NAnEME3Kqt any more. There are better ways of tracking clicks without obfuscating the destination page from the user.

Try to open the file, say ok to the ‘can’t check for malware’ prompt, go to settings, security, approve running the software.

Annoying, but if you’re delivering your app to semi-technical users, not really a problem.

It seems like running with sandbox-exec should remove pretty much all the potential for an app to cause harm… is there a reason why it’s not the default, especially for these certificate-less apps?

checkout fastlane.tools, you can automate signing/distribution

I don't get the part about Homebrew. If you're using Homebrew, it doesn't make a ton of sense to use Itch.io. Just use Homebrew. Seems like a more appropriate place to distribute a dev tool anyway. You could set up a patreon and print a link to it when appropriate. That's basically what Vim does.

I agree that Apple is dumb of course.

I am not entirely against the whole notarization thing.

If it is good for the end-user, it is usually also good for the ecosystem a a whole, trust is valuable.

But ffs, they are rich enough to make this a lot less painful and hostile for developers.

And this is not a new thing, I used to develop games for iOS, from the very beginning, and while the process somewhat simplified over time, it was a huge cortisol inducing process, not to mention the regular forced OS+SDK updates where the procedures changes almost every time and could fail in not-so-evident ways.

I love when my Mac declares random PDFs malware and deletes them when I try to open them.

On two occasions I've been completely dumbstruck when the software I was using was deleted out from under me. I'm not a fan of the overuse of "gaslight", but it sure felt like that when I had to restart Docker and the OS was like "what do you mean, Docker? You've never had Docker installed! What are you talking about? Are you feeling ok?"

https://news.ycombinator.com/item?id=42649790

Maybe I'm too dumb, but I haven't figured out a good way to sign just a binary (or a tar/zip containing a few binaries). I zipped up the binaries, sent them off to Apple, Apple comes back and says "yup, notarized!", and they still trigger the popup. I'm probably missing a step. I guess I'm not currently stapling the ticket to the binary, but supposedly you don't have to if you are running with a network connection.

> I'm sure that other countries also have plenty of similar services for ID and age verification

laughs in Bundesdruckerei

it’s as if apple forgets that some of it’s user base are people who scrap together money over long periods of time just to have a chance at affording a mac only to be told they need $99 to distribute an app. your entire user base isn’t 100% affluent people and apple doesn’t seem to grasp this

Is there no open source collective one can join which will share signing keys and handle signing?

Apple's ID verification failed for me and I am now banned for life. There is no opportunity to appeal this or to ever participate in the Developer Program for me. Which sucks because I am now permanently locked out of developing seriously for any of the Apple ecosystem, ever.

Siri has the same effect.

Due to the delays in ID verification the author of the article didn't even get to the point of the super annoying 'notarization' process where you can't just sign with your key anymore (as you could a few versions ago) but you also have to upload a copy of everything to Apple and 'staple' their ok to it.

At least I don't think they got to it, they only mention signing but not notarization.

So don’t target mac

distributing for macOS is extremely hostile and Apple continues to extort developers through fees, yearly subscriptions, and of course taking 20-30% in transaction sales.

Cortisol spit curve tests are pretty cheap, so I was disappointed to see the title claim not substantiated with real data. Consider biometric testing next time you distribute!

Pains me to say this but as a developer, microsoft is a whole order of magnitude better than apple

It's a backwards walled garden which I mostly avoid to avoid problems like this

That’s nothing, Google charges $900-2600 / year if you want to write an app that calls the google apis for user data

I went through this recently. Got as far as verifying my identity, which Apple happily accepted as verified from my UK driving license. Unfortunately, they then automatically set my first and last name from that identity verification step, and some how managed to use a section of my driving license number as my surname - a string of random uppercase letters and numbers - and it's impossible to edit it. So fuck them, that's $99 they've lost.

Notarize the application and staple the receipt to your app bundle. It won’t trigger the Gatekeeper warning.