Using your university’s free Apple Developer account to eliminate the “Unknown Developer” Error in your 3rd-party-developed macOS App

If you work for a university and have developed a macOS app (as a part of your academic job) using 3rd party software (e.g. a Java app developed with Eclipse and built with Gradle), you’re probably familiar with telling your users how to deal with the annoying “Unidentified Developer” error they get when they double-click your app:

negcontrol.png

They get a window saying “<your app> can’t be opened because it is from an unidentified developer“.  The user is given no clear option on how to run the app except a vague reference to “security preferences”.

There are things the user can do to get around this error without you becoming an “identified developer”.  A user can perform a one-time bypass by right-clicking the app and selecting open or they can muck around with their Security & Privacy System Preferences settings.  They can even execute some commands in the Terminal to reveal a setting that has been hidden in the past few versions of macOS to always allow apps from anywhere.  But what would be nicer is to eliminate this error so that the user doesn’t have to do any of that.  Normally that involves giving Apple money to pay for membership in their developer program, but if you’re in academia, Apple has free such accounts for “Educational Institutions”.

Chances are, your university has already enrolled in this program and all you have to do is hook into that resource.  But be aware that universities have an image to uphold and that digital identity extends into the App Store, so they’re not likely to welcome any app to sit alongside their custom campus, reunions, and transit apps.  You can belay their fears about your app by noting that you intend to distribute your app outside of the App Store.  Users who download your app won’t even ever see the university’s name unless you added it to your app yourself.  All you need is a certificate that will allow you to code-sign your app so that Apple can know who you are.

It took me awhile to navigate this system.  I initially ran off on this tangent trying to create a free “education” Apple Developer account by digging up and supplying my University’s D-U-N-S number, official address, etc… and ran into a form that asked me to assert that I could commit the university to legally binding agreements, at which point I realized that I was on the wrong path.  Free educational institution Apple Developer accounts aren’t per person, faculty, or department.  They’re 1 per university.  I already had a couple of official university apps on my iPhone, so I knew there already existed an account, and made a number of calls before I got put in touch with the Apple Developer Account “holder”.

Those in charge of the Apple Developer Account here were only familiar with iOS app development, so they didn’t know how to advise me on accomplishing what I wanted to accomplish.  My sole goal was to eliminate the “Unidentified Developer” error.  No-one knew whether that meant I had to distribute my app on the app store or what, and they were of course concerned about the app showing up alongside all their campus-centric apps.  I managed to convince them that I wouldn’t be distributing on the app store and that I believed all I needed was a code-signing certificate.  Since no-one here knew how to do that, I called Apple again.

Apple really pushes their developers into Apple’s canned development resources (XCode) to do their development.  In fact, even their developer support team members tend not to know anything about code-signing and certificates, because it’s all handled in the background behind XCode.  I had numerous phone calls with Apple Developer Support and they proclaimed that it sounded like I was “speaking a different language”.  They weren’t even familiar with the “Unidentified Developer” error and immediately referred me to the makers of the 3rd party development apps I was using, implying it was a problem with their software.  I persisted however, because I had already tried code-signing using apple’s codesign command line utility and managed to get them to at least confirm that what I suspected was happening was happening.  And that is, that not any certificate will do… but I’m getting ahead of myself.

Here, I will walk you through, in detail, the steps I took to eliminate the error from my latest app (TreeView3)… Continue reading

Advertisements