Security Experts:

Apple Changing the Way OS X Recognizes Signed Apps

Pre-release notes published by Apple for OS X Mavericks 10.9.5 and Yosemite Developer Preview 5 are informing developers that they might have to re-sign their apps if they don't want Apple's Gatekeeper anti-malware feature to block them.

According to the tech titan, version 1 signatures, the ones created with OS X Mountain Lion 10.8.5 or earlier, will be obsolete once OS X Mavericks 10.9.5 is released, and Gatekeeper will no longer recognize them.

"For your apps to run on updated versions of OS X they must be signed on OS X version 10.9 or later and thus have a version 2 signature," Apple informed developers in the pre-release notes.

Teams building code on older versions of OS X are required to re-sign their apps on OS X 10.9 or later by using the codesign tool. Apple has highlighted the fact that developers must sign code while running OS X Mavericks in order to get a valid version 2 signature because the code signing system is part of the operating system. Copying the codesign tool from Mavericks to an older version of OS X will not work.

Once the applications are re-signed, they must be submitted to the App Store as an update. Applications signed with version 2 signatures will work properly on older versions of OS X, Apple said.

When Gatekeeper detects an application with an invalid signature, a warning message is displayed. Programs that continue to use version 1 signatures will only work if users add them to the protection software's exception list. To ensure that their applications' signatures will be accepted by Gatekeeper, developers can use the spctl tool.

The company has also advised developers to structure their bundles to meet the requirements for OS X 10.9 and later. This implies including signed code and resources only in directories that should contain such code, and not using the "--resource-rule"s flag or "ResourceRules.plist" since they've been made obsolete.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.