DEV Community

..
..

Posted on

Distributing a macOS App Outside the Mac App Store

This post covers publishing of macOS applications outside the Mac App Store. The different distribution methods are described by Apple. At this point it is assumed that the decision has been made to distribute outside the App Store. Distributing installers is not covered however the steps are fundamentally the same.

Version: Xcode 12.4, macOS 10.15.7

Requirements

Before beginning the app export process, ensure the following are installed and present.

Xcode 10.2 or later

Although Xcode 10 will work, Xcode adds the secure timestamp from Xcode 10.2.

Apple ID

To enable automatic signing, Xcode needs to connect to the Developer portal with an Apple ID registered to a Developer account. Your Apple ID must be registered to the same Developer account where the Developer ID came from. This post describes how to check if your Apple ID is setup correctly.

Developer ID certificate

The Developer ID private key must be installed on your Mac keychain.

Apple describes a Developer ID certificate as...

A Developer ID certificate lets Gatekeeper verify that youโ€™re a trusted developer when a user opens your app, plug-in, or installer package downloaded from outside the Mac App Store.

Only an Account Holder can generate a Developer ID certificate. Once the certificate is generated and the private key exported from the Account Holder's keychain, the exported key (with a .p12 extension) can be installed on any Mac machine.

You can check if you have a Developer ID certificate in your keychain by running the following command from the Terminal.



$ security find-certificate -c "Developer ID Application"

Enter fullscreen mode Exit fullscreen mode




Deployment Target

Notarization only works for binaries linked against macOS 10.9 or later. Set your Xcode project's Deployment Target to at least 10.9

Archiving

When you are ready to distribute your app, the first step is to archive the application.

From the Xcode menu, choose Product > Archive. The Organizer window launches showing the archive. You are now ready for the next step: notarization.

Xcode Organizer window showing app archives

Notarization

Apple describes notarization as...

Notarization gives users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components. Notarization is not App Review. The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly. If there are no issues, the notary service generates a ticket for you to staple to your software; the notary service also publishes that ticket online where Gatekeeper can find it.

Start Distribution

From the Organizer, click on the Distribute App button to start the distribution process.

Destination

Though there is an option to export without notarizing, always choose to notarize as notarization enables automated scans of your app. Choose Upload in the destination window.

Xcode Organizer window to choose app destination is upload or export

Signing Option

Choose Automatically manage signing in the signing options window.

Xcode Organizer window to choose automatic or manual signing

Review package content

If the Summary and Entitlements are as expected, click Upload to upload the app to Apple's notarization service.

Xcode Organizer window showing summary and entitlements

Upload Complete

You can monitor the upload progress as shown.

Xcode Organizer window showing notarization upload progress

Once the upload is complete, wait for Apple's notification.

Xcode Organizer window showing completed notarization upload

Notarization Complete

You will receive a notification and an email to your Apple ID once the notarization is complete. For this post, notarization only took about 30 mins.

Notarization notification

Export Notarized App

From the Organizer, choose the archive, and scroll down. If the Organizer is closed, open it from the Xcode menu. Choose Window > Organizer.

Xcode Organizer window showing where to find the export button

Click on Export Notarized App to save the app to your chosen location.

Xcode Organizer window showing the export button for a notarized app

You now have an app that can be distributed outside the Mac App Store.

Verification

Verifying if an app is notarized

Verifying notarization is not a mandatory step after exporting a notarized app. It can be useful when you have an app or installer package and you want to know if it is notarized. The post on How to Check if a macOS App is Notarized describes the verification steps.

References

If you have questions or issues with notarization, Apple's references is a good starting point for investigation.

Top comments (0)