Apple Responds to Developers Regarding Expired Mac App Store Security Certificates
Last week some users and developers experienced an issue that displayed a "damaged" error when attempting to open select apps from the Mac App Store, including popular apps like 1Password, Tweetbot and Byword. Today, Apple has sent an email to developers explaining what happened and how to fix their apps.
In the email, which developer Donald Southard Jr. shared on Twitter, Apple explains that the company issued a new security certificate for the Mac App Store in September in anticipation of the expiration of the old certificate. The new certificate used a stronger SHA-2 hashing algorithm instead of the old SHA-1 algorithm. Hashing algorithms are used by certificate authorities to sign security certificates.
However, two issues caused users to experience errors when starting up apps. The first issue, according to Apple, is that there was a caching issue with the Mac App Store that required users to restart their computers and re-authenticate with the Mac App Store to clear out the old cache. Apple says it's working on a fix for this in an upcoming OS X update. The other issue is that some apps were running an older version of OpenSSL that didn't support SHA-2. Apple says it replaced the SHA-2 certificate with a new SHA-1 certificate last Thursday night.
Finally, Apple says that "most of the issues are now resolved", but that some apps might still experience problems if the apps make "incorrect assumptions" about the Mac App Store's security certificates. Apple asks developers to make sure their code adheres to the Receipt Validation Programming Guide and to resubmit apps for expedited review if necessary. The AppleCare support team has also been briefed with the latest troubleshooting information for users.
Popular Stories
Apple's "Let Loose" event kicks off today at the unusual time of 7:00 a.m. Pacific Time, and we're expecting to see an iPad-focused event with new iPad Pro and iPad Air models, updated Apple Pencil and Magic Keyboard accessories, and perhaps some other announcements. Apple is providing a live video stream on its website, on YouTube, and in the company's TV app across various platforms. We...
Apple today unveiled redesigned iPad Pro models featuring the M4 chip, Ultra Retina XDR OLED displays, a nano-texture display option, and more. The new iPad Pro offers a considerably thinner design and slightly larger 11- and 13-inch display size options. The 11-inch model is 5.3mm thick and weighs less than a pound, while the 13-inch model is just 5.1mm thick and weighs a quarter pound less ...
Apple today announced that iOS 17.5 will be released to the public "soon," following over a month of beta testing. While the software update is relatively minor, it does have a few new features and changes, as outlined in the list below. "The new Pride Radiance watch face and iPhone and iPad wallpapers will be available soon with watchOS 10.5, iOS 17.5, and iPadOS 17.5," said Apple, in its...
Apple at its "Let Loose" event today announced a new Magic Keyboard for the latest iPad Pro models, with a thinner, lighter design. Apple says the Magic Keyboard has been redesigned to be thinner and lighter, while maintaing the same floating design. Two colors are available that match the new iPad Pro. New features include a function row with screen brightness controls, an aluminum...
Apple today held the first event of 2024, debuting new iPad Air and iPad Pro models and accompanying accessories. While the event was faster than normal and took 40 minutes, we've condensed it down even further for those who want a quick overview of everything that was announced. Subscribe to the MacRumors YouTube channel for more videos. We've also got a full recap of all of the coverage...
While the iPhone 16 series is still months away from launching, an early rumor about an all-new iPhone 17 model has now surfaced. In a research note with investment firm Haitong this week, analyst Jeff Pu said Apple is planning a so-called "iPhone 17 Slim" model that would replace the Plus model in the lineup. Pu said this model will feature around a 6.6-inch display, a slimmer design, an...
Apple will be holding its first event of the year this Tuesday, May 7 at 7 a.m. Pacific Time, with a live stream to be available on Apple.com and on YouTube. How long will the event be? In his newsletter today, Bloomberg's Mark Gurman said the video will have a runtime of "around 35 minutes." Apple is expected to announce new iPad Pro and iPad Air models, along with updated Apple Pencil...
Top Rated Comments
Consider that for a moment.
Take the Tweetbot issue which I had hit me. They had released a new version, Tweetbot 2.1.1, right before this issue happened on Oct 15. This updated version is incompatible with Mac OS Mavericks (10.09) so those running Mavericks were stuck with the previous version. This means that for all those running an OS older than 10.10, you're only able to run Tweetbot 1.6.2. If you go to the App Store and try to update it, or even re-download on such an older OS it explicitly tells you of the incompatibility and says that it will download the "old" version for compatibility.
That would be fine, except the old versions are still signed with the EXPIRED CERTIFICATE! So even if you follow the directions to "re-download the damaged app" it will refuse to run because the certificate signed is expired. So the only "fix" is to upgrade your OS to 10.10. Sure it can be argued to upgrade to the latest version, but there are quite a few instances where this is impossible to do and as such, Apple has just put an expiration date on older software preventing you from running it by linking it to this certificate and not providing developers a way to re-sign those submissions with an updated cert. Neither does the App Store itself provide such a facility.
So if by the current expiration date which I believe now is 2 years from now, if your computer is unable to be upgraded to current OS and the current version is unsupported on your system, then you are completely out of luck and stuck with no app that you paid for. This makes the "download old version" feature in the App Store completely flawed if they provide no way to back sign older provided version on the store front.
In the good ol' days, prior to the existence of the MAS, online activation, and subscription services, I'd install a program and it would just work™ until it got replaced or the computer died.
Yes let's tear apart the letter for next 30 posts shall we. Let's question Apples integrity over it.
Oh my god. Get over it!
If Apple normally does one thing well, it's strong apologies once they've completed an investigation into a problem. This letter is not that.