Successful notarised Mac OS app : Unable to make an API request, retrieve json data and write to Excel

Question

Created Apr ’22

Replies 2

Boosts 0

Participants 2

Hi there,

I built a Mac OS desktop utility app that will make an API request, retrieve json data and write the data to an Excel file.

This app was scripted in python 3.10, compiled with pyinstaller 4.10, codesigned with entitlements, hardened runtime and notarised successfully in Mojave 10.14.6. Every step was successful and without any errors.

This app was tested in Mojave, Catalina, Big Sur and Monterey. In all 4 OS's, the notarised app worked perfectly. The issue seems to stem from running the app in an OS that is not logged in with my primary Apple ID.

When tested in seperate Mojave and Catalina and Big Sur (Intel) machines that were logged in with different Apple IDs, the app isn't able to execute the API request, retrieve json data, and write to file.

I'm running out of leads here but think it could be something to do with the entitlements in the entitlements.plist or something that I am unaware of such as additional permissions that are neccessary.

These are the entitlements that I added in the plist.

<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>

I have tried adding this : "com.apple.security.app-sandbox" but the app would end up bouncing in the dock so this was left out.

I have also tried using this line alone : "com.apple.security.cs.allow-unsigned-executable-memory" and this would also cause the app to not work.

As I have been working on this issue for quite a while now and at my wits end, any heads up would be very much and greatly appreciated.

Thanks in advance, Justin

Answered by DTS Engineer in 711851022

The issue seems to stem from running the app in an OS that is not logged in with my primary Apple ID.

Well, that’s weird. Honestly, I don’t think this is a trusted execution issue. The trusted execution system, Gatekeeper and so on, is independent on the logged in Apple ID. You get the same checks regardless of which Apple ID is logged in, or indeed if no Apple ID is logged in.

I suspect that something in your code is triggering this issue. Before you start debugging that, however, my advice is that you tighten up your testing to confirm that the logged in Apple ID is really the issue and that there’s not something else in play.

Consider the setup I outlined in Testing a Notarised Product. With this setup, you can run a test like this:

Restore your VM to a ‘clean’ snapshot.
Download and run your app; it should fail, because of the Apple ID issue.
Restore your VM to a ‘clean’ snapshot.
Log in with your Apple ID.
Download and run your app; it should work.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Apr ’22

Accepted Answer

The issue seems to stem from running the app in an OS that is not logged in with my primary Apple ID.

Well, that’s weird. Honestly, I don’t think this is a trusted execution issue. The trusted execution system, Gatekeeper and so on, is independent on the logged in Apple ID. You get the same checks regardless of which Apple ID is logged in, or indeed if no Apple ID is logged in.

I suspect that something in your code is triggering this issue. Before you start debugging that, however, my advice is that you tighten up your testing to confirm that the logged in Apple ID is really the issue and that there’s not something else in play.

Consider the setup I outlined in Testing a Notarised Product. With this setup, you can run a test like this:

Restore your VM to a ‘clean’ snapshot.
Download and run your app; it should fail, because of the Apple ID issue.
Restore your VM to a ‘clean’ snapshot.
Log in with your Apple ID.
Download and run your app; it should work.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

Ohnitsuj OP

Jul ’22

Hi,

sorry for the extremely late reply. Too many things happening in the world...

You are absolutely right. Something in my python script code was causing the issue. Long story short, I used a mac that doesn't support Catalina. Although everything worked perfectly and it produced the intended results, it gave a false impression that the issue wasn't my code and I didn't know how else to troubleshoot if the "answer" is right.

I purchased a legitimate Intel mac that could run Catalina and lo and behold, Terminal spitted out the errors of my script and I am able to rectify it. How very strange...(regarding the hacked mac machine).

My app runs fine now and all the testing after notarisation is good.

Thanks for your help.

Cheers mate!

0