"Hey Siri" support and possibly wireless charging case alongside AirPower charging mat.
Apple Responds to Developers Regarding Expired Mac App Store Security Certificates
Last week some users and developers experienced an issue that displayed a "damaged" error when attempting to open select apps from the Mac App Store, including popular apps like 1Password, Tweetbot and Byword. Today, Apple has sent an email to developers explaining what happened and how to fix their apps.
In the email, which developer Donald Southard Jr. shared on Twitter, Apple explains that the company issued a new security certificate for the Mac App Store in September in anticipation of the expiration of the old certificate. The new certificate used a stronger SHA-2 hashing algorithm instead of the old SHA-1 algorithm. Hashing algorithms are used by certificate authorities to sign security certificates.
However, two issues caused users to experience errors when starting up apps. The first issue, according to Apple, is that there was a caching issue with the Mac App Store that required users to restart their computers and re-authenticate with the Mac App Store to clear out the old cache. Apple says it's working on a fix for this in an upcoming OS X update. The other issue is that some apps were running an older version of OpenSSL that didn't support SHA-2. Apple says it replaced the SHA-2 certificate with a new SHA-1 certificate last Thursday night.
Finally, Apple says that "most of the issues are now resolved", but that some apps might still experience problems if the apps make "incorrect assumptions" about the Mac App Store's security certificates. Apple asks developers to make sure their code adheres to the Receipt Validation Programming Guide and to resubmit apps for expedited review if necessary. The AppleCare support team has also been briefed with the latest troubleshooting information for users.
In the email, which developer Donald Southard Jr. shared on Twitter, Apple explains that the company issued a new security certificate for the Mac App Store in September in anticipation of the expiration of the old certificate. The new certificate used a stronger SHA-2 hashing algorithm instead of the old SHA-1 algorithm. Hashing algorithms are used by certificate authorities to sign security certificates.
However, two issues caused users to experience errors when starting up apps. The first issue, according to Apple, is that there was a caching issue with the Mac App Store that required users to restart their computers and re-authenticate with the Mac App Store to clear out the old cache. Apple says it's working on a fix for this in an upcoming OS X update. The other issue is that some apps were running an older version of OpenSSL that didn't support SHA-2. Apple says it replaced the SHA-2 certificate with a new SHA-1 certificate last Thursday night.
Finally, Apple says that "most of the issues are now resolved", but that some apps might still experience problems if the apps make "incorrect assumptions" about the Mac App Store's security certificates. Apple asks developers to make sure their code adheres to the Receipt Validation Programming Guide and to resubmit apps for expedited review if necessary. The AppleCare support team has also been briefed with the latest troubleshooting information for users.
Tag: Mac App Store
[ 43 comments ]
Top Rated Comments
(View all)
40 months ago
With all the ills in the world, you have time to be this bothered about this. Consider that for a moment.
This is not illsintheworldRumors.
Consider that for a moment.
40 months ago
Actually this response does nothing about a much larger issue on the App Store.
Take the Tweetbot issue which I had hit me. They had released a new version, Tweetbot 2.1.1, right before this issue happened on Oct 15. This updated version is incompatible with Mac OS Mavericks (10.09) so those running Mavericks were stuck with the previous version. This means that for all those running an OS older than 10.10, you're only able to run Tweetbot 1.6.2. If you go to the App Store and try to update it, or even re-download on such an older OS it explicitly tells you of the incompatibility and says that it will download the "old" version for compatibility.
That would be fine, except the old versions are still signed with the EXPIRED CERTIFICATE! So even if you follow the directions to "re-download the damaged app" it will refuse to run because the certificate signed is expired. So the only "fix" is to upgrade your OS to 10.10. Sure it can be argued to upgrade to the latest version, but there are quite a few instances where this is impossible to do and as such, Apple has just put an expiration date on older software preventing you from running it by linking it to this certificate and not providing developers a way to re-sign those submissions with an updated cert. Neither does the App Store itself provide such a facility.
So if by the current expiration date which I believe now is 2 years from now, if your computer is unable to be upgraded to current OS and the current version is unsupported on your system, then you are completely out of luck and stuck with no app that you paid for. This makes the "download old version" feature in the App Store completely flawed if they provide no way to back sign older provided version on the store front.
Take the Tweetbot issue which I had hit me. They had released a new version, Tweetbot 2.1.1, right before this issue happened on Oct 15. This updated version is incompatible with Mac OS Mavericks (10.09) so those running Mavericks were stuck with the previous version. This means that for all those running an OS older than 10.10, you're only able to run Tweetbot 1.6.2. If you go to the App Store and try to update it, or even re-download on such an older OS it explicitly tells you of the incompatibility and says that it will download the "old" version for compatibility.
That would be fine, except the old versions are still signed with the EXPIRED CERTIFICATE! So even if you follow the directions to "re-download the damaged app" it will refuse to run because the certificate signed is expired. So the only "fix" is to upgrade your OS to 10.10. Sure it can be argued to upgrade to the latest version, but there are quite a few instances where this is impossible to do and as such, Apple has just put an expiration date on older software preventing you from running it by linking it to this certificate and not providing developers a way to re-sign those submissions with an updated cert. Neither does the App Store itself provide such a facility.
So if by the current expiration date which I believe now is 2 years from now, if your computer is unable to be upgraded to current OS and the current version is unsupported on your system, then you are completely out of luck and stuck with no app that you paid for. This makes the "download old version" feature in the App Store completely flawed if they provide no way to back sign older provided version on the store front.
40 months ago
Software is like that. It's always just about to fall down around our ears, except usually someone is there trying to stop that from happening. Sometimes there are screw ups.
Software purchased through the MAS is like that. From what I read, people who purchased the same software directly from the developer or through other means didn't have to deal with this nonsense.
In the good ol' days, prior to the existence of the MAS, online activation, and subscription services, I'd install a program and it would just work™ until it got replaced or the computer died.
40 months ago
Did someone at Apple win a prize for drafting a note with the most use of "issues" in the first paragraph? How did this letter get by Apple PR?
If Apple normally does one thing well, it's strong apologies once they've completed an investigation into a problem. This letter is not that.
Yes let's tear apart the letter for next 30 posts shall we. Let's question Apples integrity over it.
Oh my god. Get over it!
40 months ago
Why is this coming from the anonymous "Apple Developer Relations", and why are customers not receiving an apology? Also, instead of fixing the SHA-2 issue, they decided to revert to a more insecure certificate? What? This letter should be coming straight from Eddy Cue. The guy needs to take responsibility for how badly he's running the software products under him.
40 months ago
Did someone at Apple win a prize for drafting a note with the most use of "issues" in the first paragraph? How did this letter get by Apple PR?
If Apple normally does one thing well, it's strong apologies once they've completed an investigation into a problem. This letter is not that.
If Apple normally does one thing well, it's strong apologies once they've completed an investigation into a problem. This letter is not that.
40 months ago
Software is like that. It's always just about to fall down around our ears, except usually someone is there trying to stop that from happening. Sometimes there are screw ups.
40 months ago
Why is this coming from the anonymous "Apple Developer Relations", and why are customers not receiving an apology? Also, instead of fixing the SHA-2 issue, they decided to revert to a more insecure certificate? What? This letter should be coming straight from Eddy Cue. The guy needs to take responsibility for how badly he's running the software products under him.
I don't even know where to begin with how delusional your statements are.
This is an issue that impacted a small number of users and a simple restart was all it took to resolve it. Stop acting like this was the largest problem to face humanity this week.
[ Read All Comments ]
Ubiquiti Networks' consumer technology brand, Ubiquiti Labs, began making a name for itself in late 2016 with the launch of the AmpliFi HD Wi-Fi Mesh Router. Similar to other mesh systems, the...
B&H Photo has kicked off a new holiday sale on numerous Apple devices, including iMacs, iPads, HomePod, Mac mini, MacBook Pro, MacBook Air, and more. Many of the sales represent the lowest-ever...
Popular to-do list iOS app Things today has been updated to version 3.8, which introduces full support for a new Dark Mode. Specifically, users will be able to chose between three appearances for...
Giphy today announced an update for its iOS app, bringing its GIF-sharing keyboard extension to any app that supports multimedia, including Mail, WhatsApp, Snapchat, Instagram, and more. The update...
Satechi today announced that its new USB-C hub for the 2018 iPad Pro is now available for purchase for $59.99 on the accessory maker's website and Amazon.
Designed for the new iPad...
In October, a report by Bloomberg claimed that spies working for the Chinese government had inserted microchips on Supermicro server motherboards to spy on customers, which Bloomberg reported as...
Two of Apple's largest suppliers have reported healthy jumps in monthly revenue, suggesting fears of weak iPhone demand may be overblown (via Bloomberg).
Asian firms TSMC and Foxconn (Hon...
Google today announced that it is expediting the closure of its Google+ social platform, which was previously set to end in August 2019 and will now be shut down in April 2019.
The company...
