[Mac App Store] Sudden increase in "<App> is damaged and can't be opened" errors when launching Mac App Store app

Hi,

I've recently observed a sudden increase in support requests for one of my apps on the Mac App Store, reporting the error "<App> is damaged and can't be opened. Please re-download it from the Mac App Store", all on different systems: macOS 12, macOS 13, and macOS 15 Sequoia. Re-downloading does not resolve the issue most of the time.
One user reported that being connected to the internet resolved it - perhaps this is an OCSP issue again?

I myself cannot reproduce this issue.

Has there been a change in code-signing recently? Have some certificates changed? Anything else I should be aware of?

What is the best course of action to have users take who experience this, when re-downloading the app from the Mac App Store does not work?

Thank you,
– Matthias

What is the best course of action to have users take who experience this, when re-downloading the app from the Mac App Store does not work?

Do other Mac App Store apps fail? Or just yours?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I cannot say - my customers only report to me about my app failing. Let's assume it's just mine.

I haven't changed anything in my receipt validation code in quite a while, so it's weird that all of a sudden these reports come in, is it not? And not just for macOS 15, but for older systems as well?

I haven't changed anything in my receipt validation code in quite a while

Yeah, receipt validation was gonna be my next port of call.

I’m not aware of any changes from our side in that space [1], but it’s not really my field.

My general advice on this front is that you add a log point to you receipt validation code. That way you can easily tell whether your code ran and failed receipt validation, or other mysterious failures.

See Your Friend the System Log for general info about the system. Make sure you use a unique subsystem and category so that you can give your customers an easy way to check whether this is the problem.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Certainly nothing like the SHA-256 change described in TN3138 Handling App Store receipt signing certificate changes.

Thank you, I'll try that.

I have a few other questions regarding receipt validation:

  1. Does Sequoia's MAC address randomization affect receipt validation, when using IOKit to get the kIOEthernetInterfaceClass objects and their addresses?
  2. Using AppTransaction, does that require the customer to be always online for it to work?
  3. Is the data AppTransaction needs automatically downloaded during the app install from the Mac App Store, or only on first launch (requiring an internet connection)?
  4. Once that data has been downloaded by AppTransaction, is it cached until the app's next update, or is that data cleared at some time during the version's life and needs to be re-downloaded (therefore requiring an internet connection during launch)?

– Matthias

I don’t have immediate answers to any of those questions. Sorry. As I said above, receipt validation isn’t really my jam.

Regarding questions 2 through 4, AppTransaction is a StoreKit API and I recommend that you start a new thread in the App & System Services > StoreKit with those questions.

Regarding question 1, there are two parts to that:

  • Does MAC address randomisation affect the I/O Kit interface?

  • If so, how does that affect receipt validation?

The second part is, again, more for the StoreKit experts. The first part is something I should know. If you open a new thread in App & System Services > Networking, I’ll take a look.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thank you, Quinn.

Should I re-post this original question in App & System Services > StoreKit, or can I move it there?

can I move it there?

DevForums doesn’t let you move threads.

In this case my advice is that you create a new thread, one focused on the AppTransaction API questions you had in your follow-up post.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

The original issue remains, however, that I'm suddenly getting multiple reports daily of some of my apps (ScreenFloat, Yoink), suddenly being shown as damaged and needing to be re-downloaded from the Mac App Store.

Happening on macOS 15, 14, 13, 12, 10.14 so far.

What puzzles me is that this is not a Sequoia-only thing, where I'd understand if suddenly my receipt validation code would fail due to changes, but it's happening on older systems, too, where receipt validation has never been a problem before.

Perhaps it has to do with this log message a customer shared with me:

standard	12:58:40.391649+0200	storelegacy	StoreLegacy: Failed to perform in-line receipt renewal for application at path /Applications/Yoink.app : '(null)'

I'm starting to think it's not my receipt validation code that's responsible here, as it works on all my Macs, all on different systems, all downloaded from the Mac App Store. So, any pointers highly appreciated - thank you.

[Mac App Store] Sudden increase in "&lt;App&gt; is damaged and can't be opened" errors when launching Mac App Store app
 
 
Q