Custom Network Protocol and app distribution

Hi,

We're working on implementing our app with custom network protocol (existing solution was to use a kext with an interface filter).

Note that we don't intend to distribute our app via the App Store.

Now in order to add the Custom Network Protocol capability to the app (com.apple.developer.networking.custom-protocol entitlement), Xcode requires a few things...

  1. We cannot sign to run locally. Xcode says that our app has entitlements to require signing with a development certificate.

  2. Once I "Enable Development Signing" - a provisioning profile is used.

All works fine (on the development Mac) after doing this.

However, now I cannot run this app on just any other Mac.

If I understand this right, each of those Macs will need to be added to the provisioning profile by our (corporate) account admin (or we install Xcode on those machines and open the project - not desirable).

Is there a simpler path?

What happens when we need to distribute our application to our customers (we don't want to go through the App Store).

Are custom network protocol entitled apps only distributable via the App Store?

Thanks.
Devendra.


Up vote post of dparakh Down vote post of dparakh
3.3k views
Posted by
dparakh
Reply
Add a Comment

Accepted Reply

What happens when we need to distribute our application to our
customers (we don't want to go through the App Store).

According to Developer Account Help > Reference > Supported capabilities (macOS), this capability is available to both App Store and Developer ID apps.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

What happens when we need to distribute our application to our
customers (we don't want to go through the App Store).

According to Developer Account Help > Reference > Supported capabilities (macOS), this capability is available to both App Store and Developer ID apps.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment
Thanks Quinn - that is a relief! (also Thanks for that link!).

So if I want to simply send this app for internal testing (without the Developer ID signature) to other Macs - is it still possible (without having to add each Mac to the provisioning profile first)?

I think I don't quite understand the role of having a provisioning profile with Developer ID apps. If you can point to some reference that explain this - it would be useful.

Thanks.
Devendra.
Posted by
dparakh
Up vote reply of dparakh Down vote reply of dparakh
Add a Comment

So if I want to simply send this app for internal testing … to other
Macs is it still possible …?

No. This entitlement must be allowlisted by a provisioning profile, and that means that your app must be signed (either using a Development signing identity, which is restricted to the devices listed in the profile, or a Developer ID signing identity, which is not).

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Thanks again Quinn for the clarification.

Devendra.
Posted by
dparakh
Up vote reply of dparakh Down vote reply of dparakh
Add a Comment