Distribute Mac App for Testing without Developer ID

Hello, I'm an admin in our development team and want to distribute an app (to our tester) in the way that

- I don't want to sign it with the developer profile to have to register all Macs of all testers, but

- because I'm not the agent i can't sign it with the Developer ID

Is there a way to do it (with Xcode 8) or how do i an app signed where the user has to select "Anywhere" in Gatekeeper?

Replies

To tidbits:

  • Be aware that Gatekeeper’s Anywhere option was removed from macOS 10.12.

  • A user always has the option to override Gatekeeper via the Open on the contextual menu.

With regards your actual issue, I think you need to talk this over with your team agent. If you are distributing the team’s code, there should be a way to get it officially signed. Anything else runs counter to the central idea of code signing, that is, folks should be able to identify the origin of any code on their system.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

oh, i wasn't aware that the Anywhere option was removed... so was my described way to distribute the app possible prior to Sierra?


Now, are the two options to distribute the app for me is either to tell my team's agent to do it or that we have to exchange the private key for the Developer ID so that both of us can distribute the app signed?

… so was my described way to distribute the app possible prior to Sierra?

You should not encourage folks to switch Gatekeeper to Anywhere, regardless of the OS version they’re running. If you want a user to run an app that doesn’t pass Gatekeeper — and, again, this isn’t something I encourage in general — have them do it via the Open contextual menu item. That’s much safer than disabling Gatekeeper as a whole.

Now, are the two options to distribute the app for me is either to tell my team's agent to do it or that we have to exchange the private key for the Developer ID so that both of us can distribute the app signed?

It’s correct that you have those two options. There are also lots of others. For example, you could have the team agent set up a service that signs apps on demand, authenticated using some other credential, like your company’s internal ID system.

I don’t have an opinion as to what you should do; you’ll have to discuss this with your team agent to see what they’re comfortable with.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

there are no restrictions from my team's agent. We are currently searching together for a solution that works for our team.


Does Apple has a list of possible solutions or do you no any other best practices source where i can have a look on?

Does Apple has a list of possible solutions or do you no any other best practices source where i can have a look on?

From Apple’s perspective your Developer ID allows someone to publish code that looks and acts like official code written by your company. As such, the mechanisms you use to protect your Developer ID are intimately tied to your company’s security policy, and I’m not going to offer concrete advice about that.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

ok, thanks for being clear in that way!

Can someone tell me why there can be multiple users in iTunes Connect to upload Mac App Store releases while there can be only one Team Agent in the Developer Portal to sign an app with the Developer ID for distribution outside of the Mac App Store?

I am also looking for this. You got any solution?