Pardon my inexperience, this is my first Apple project.
This is a simple Objective C++ project with Cocoa/WebKit hybrid interface and uses a native C library for a custom network protocol. No external frameworks. This is a content submission utility for our media company.
In 2019 I built the first version of this program, and got it notarized, and all is happy, it runs for new users who download it with no trouble to this day.
In 2022 I needed to crate a new version of this program for a different set of end users (another branch of our corporation), with different branding (other icons, modified application name, and different server it talks to). I created a new target configuration with the new application name. I used preprocessor flags to customize the code at build time (like the text in the title bar of the main window and the hardcoded server address to connect to). The bundle identifier was left the same, since for all intents and purposes this is still the same application. Xcode builds and signs this new version of application and I successfully test it on the development machine, and I am able to verify using the codesign utility on the .app.
But once I deploy it on the download page inside a .dmg, which is a copy of the same of as the first version, when downloaded using Safari this version of the application is blocked with the message:
"Application Name" can't be opened because Apple cannot check it for malicious software.
And in System Preferences:
"Application Name" was blocked from use because it is not from an identified developer.
...which, of course, isn't factually true. In the console all it says:
syspolicyd Terminating process due to Gatekeeper rejection: PID, <private>
No other information at all.
Both versions of the application are in the same Xcode project, just separate targets using the same signing profile.
Why does the Gatekeeper allow the first version but not the second?
MacOS 10.15.7, Xcode 11.6
