Apple Responds to Developers Regarding Expired Mac App Store Security Certificates

Last week some users and developers experienced an issue that displayed a "damaged" error when attempting to open select apps from the Mac App Store, including popular apps like 1Password, Tweetbot and Byword. Today, Apple has sent an email to developers explaining what happened and how to fix their apps.

CUDcjswUsAAiKe-
In the email, which developer Donald Southard Jr. shared on Twitter, Apple explains that the company issued a new security certificate for the Mac App Store in September in anticipation of the expiration of the old certificate. The new certificate used a stronger SHA-2 hashing algorithm instead of the old SHA-1 algorithm. Hashing algorithms are used by certificate authorities to sign security certificates.

However, two issues caused users to experience errors when starting up apps. The first issue, according to Apple, is that there was a caching issue with the Mac App Store that required users to restart their computers and re-authenticate with the Mac App Store to clear out the old cache. Apple says it's working on a fix for this in an upcoming OS X update. The other issue is that some apps were running an older version of OpenSSL that didn't support SHA-2. Apple says it replaced the SHA-2 certificate with a new SHA-1 certificate last Thursday night.

Finally, Apple says that "most of the issues are now resolved", but that some apps might still experience problems if the apps make "incorrect assumptions" about the Mac App Store's security certificates. Apple asks developers to make sure their code adheres to the Receipt Validation Programming Guide and to resubmit apps for expedited review if necessary. The AppleCare support team has also been briefed with the latest troubleshooting information for users.

Top Rated Comments

Bubba Satori Avatar
81 months ago
With all the ills in the world, you have time to be this bothered about this. Consider that for a moment.
This is not illsintheworldRumors.
Consider that for a moment.
Score: 15 Votes (Like | Disagree)
Ankou_Sabat Avatar
81 months ago
Actually this response does nothing about a much larger issue on the App Store.

Take the Tweetbot issue which I had hit me. They had released a new version, Tweetbot 2.1.1, right before this issue happened on Oct 15. This updated version is incompatible with Mac OS Mavericks (10.09) so those running Mavericks were stuck with the previous version. This means that for all those running an OS older than 10.10, you're only able to run Tweetbot 1.6.2. If you go to the App Store and try to update it, or even re-download on such an older OS it explicitly tells you of the incompatibility and says that it will download the "old" version for compatibility.

That would be fine, except the old versions are still signed with the EXPIRED CERTIFICATE! So even if you follow the directions to "re-download the damaged app" it will refuse to run because the certificate signed is expired. So the only "fix" is to upgrade your OS to 10.10. Sure it can be argued to upgrade to the latest version, but there are quite a few instances where this is impossible to do and as such, Apple has just put an expiration date on older software preventing you from running it by linking it to this certificate and not providing developers a way to re-sign those submissions with an updated cert. Neither does the App Store itself provide such a facility.

So if by the current expiration date which I believe now is 2 years from now, if your computer is unable to be upgraded to current OS and the current version is unsupported on your system, then you are completely out of luck and stuck with no app that you paid for. This makes the "download old version" feature in the App Store completely flawed if they provide no way to back sign older provided version on the store front.
Score: 11 Votes (Like | Disagree)
sw1tcher Avatar
81 months ago
Software is like that. It's always just about to fall down around our ears, except usually someone is there trying to stop that from happening. Sometimes there are screw ups.
Software purchased through the MAS is like that. From what I read, people who purchased the same software directly from the developer or through other means didn't have to deal with this nonsense.

In the good ol' days, prior to the existence of the MAS, online activation, and subscription services, I'd install a program and it would just work™ until it got replaced or the computer died.
Score: 9 Votes (Like | Disagree)
gijoeinla Avatar
81 months ago
Did someone at Apple win a prize for drafting a note with the most use of "issues" in the first paragraph? How did this letter get by Apple PR?

If Apple normally does one thing well, it's strong apologies once they've completed an investigation into a problem. This letter is not that.

Yes let's tear apart the letter for next 30 posts shall we. Let's question Apples integrity over it.

Oh my god. Get over it!
Score: 7 Votes (Like | Disagree)
applerocks Avatar
81 months ago
Did someone at Apple win a prize for drafting a note with the most use of "issues" in the first paragraph? How did this letter get by Apple PR?

If Apple normally does one thing well, it's strong apologies once they've completed an investigation into a problem. This letter is not that.
Score: 5 Votes (Like | Disagree)
alphaod Avatar
81 months ago
Maybe it'll get some developers to finally update their apps.
Score: 5 Votes (Like | Disagree)

Popular Stories

intel vs m1 max chip purple

Benchmarks Confirm Intel's Latest Core i9 Chip Outperforms Apple's M1 Max With Several Caveats

Wednesday January 26, 2022 8:56 am PST by
Benchmark results have started to surface for MSI's new GE76 Raider, one of the first laptops to be powered by Intel's new 12th-generation Core i9 processor. Intel previously said that its new high-end Core i9 processor is faster than Apple's M1 Max chip in the 16-inch MacBook Pro and, as noted by Macworld, early Geekbench 5 results do appear to confirm this claim, but there are several...
General Dropbox Feature

macOS 12.3 Will Include Cloud Storage Changes Affecting Dropbox and OneDrive

Tuesday January 25, 2022 3:31 pm PST by
Dropbox today announced that users who update to macOS 12.3 once that software version becomes available may temporarily encounter issues with opening online-only files in some third-party apps on their Mac. In a support document and an email to customers, Dropbox said it is actively working on full support for online-only files on macOS 12.3 and will begin rolling out an updated version of...
Apple Watch Red Yellow Green Feature 1

Apple Launches Black Unity Braided Solo Loop With 'Unity Lights' Watch Face

Wednesday January 26, 2022 6:05 am PST by
Apple today announced the Black Unity Braided Solo Loop for the Apple Watch, as well as a new downloadable watch face, to celebrate Black History Month. Following the launch of the limited edition Black Unity Apple Watch Series 6 and Sport Band in 2021, Apple today launched the Black Unity Braided Solo Loop as part of its celebrations for Black History Month this year.Apple is launching a...
ios 15

Apple Releases iOS 15.3 and iPadOS 15.3 With Fix for Safari Bug That Leaks Browsing Activity

Wednesday January 26, 2022 10:00 am PST by
Apple today released iOS 15.3 and iPadOS 15.3, the third major updates to the iOS and iPadOS 15 operating systems that were released in September 2021. iOS and iPadOS 15.3 come almost two weeks after the release of iOS and iPadOS 15.2.1, minor bug fix updates. The iOS 15.3 and iPadOS 15.3 updates can be downloaded for free and the software is available on all eligible devices over-the-air in ...
iOS 15

Everything New in iOS 15.4 and iPadOS 15.4: Face ID With a Mask, Emojis, Apple Card Widget, Universal Control and More

Thursday January 27, 2022 12:08 pm PST by
Apple today seeded the first betas of iOS 15.4, iPadOS 15.4 to developers for testing purposes, adding a slew of new features to the latest iOS operating systems. iOS 15.4 is the biggest update that we've had to iOS 15 to date, and it brings Universal Control, Face ID with a mask, new emojis, and tons more. Face ID With a Mask With iOS 15.4, there is now an option to unlock your iPhone...
mobeewave

Upcoming iOS Update Will Allow iPhones to Accept Credit Cards Directly Using NFC

Wednesday January 26, 2022 6:00 pm PST by
Apple is working on a new payments service that will allow iPhones to accept payments directly on device with no additional hardware, reports Bloomberg. Right now, iPhones can accept credit cards with add-ons like the Square Reader, but Apple's new technology will eliminate the need for a third-party product. Individuals and small businesses will be able to accept payments with the tap of a...
macOS Monterey on MBP Feature

Apple Releases macOS Monterey 12.2 With Safari Vulnerability Fix

Wednesday January 26, 2022 10:19 am PST by
Apple today released macOS Monterey 12.2, the second major update to the macOS Monterey update that launched in October. macOS Monterey 12.2 comes over a month after the release of the 12.1 update, which brought SharePlay support. The ‌‌‌macOS Monterey 12.2‌‌ update can be downloaded on all eligible Macs using the Software Update section of System Preferences. Apple has also...