Don’t Run App Store Distribution-Signed Code

This thread has been locked by a moderator.

This post is part of a cluster of posts related to the trusted execution system. If you found your way here directly, I recommend that you start at the top.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Don’t Run App Store Distribution-Signed Code

App Store distribution-signed code is intended to be uploaded to the App Store. You can’t run it locally. Except when you can! To avoid confusing yourself, don’t attempt to run App Store distribution-signed code.

Intended Purpose

App Store distribution-signed code is intended to be uploaded to the App Store. When you upload code to the App Store, it checks the code’s signature as part of the distribution process.

App Store distribution-signed code is not intended to be run locally. That’s what development-signed code is for! If you want to test your App Store product before shipping it to users:

  • For day-to-day work, use Development distribution.

  • For limited testing, use Ad Hoc or Enterprise distribution (not available on macOS) or Developer ID distribution (only available on macOS).

  • For wider testing, use TestFlight.

Note Not all capabilities are supported by Developer ID distribution. For the details, see Developer Account Help > Supported capabilities (macOS).

macOS Gotcha

Most Apple platforms completely block you from running App Store distribution-signed code. The exception here is macOS, which runs distribution-signed code under some circumstances. Specifically, macOS runs distribution-signed code if the code claims no restricted entitlements.

If the code claims a restricted entitlement that claim must be authorised by a provisioning profile. It’s not possible to create a profile that does that:

  • A macOS App Development or Developer ID profile never authorises the certificate from your distribution signing identity.

  • A Mac App Store profile never authorises execution on your machine.

The lack of a valid profile means that the restriction entitlement is not authorised and your app will crash on launch. For more details on what that crash looks like, see Resolving Code Signing Crashes on Launch. For detailed information about provisioning profiles, see TN3125 Inside Code Signing: Provisioning Profiles.

Even though there are some cases where App Store distribution-signed code will run on the Mac, the general rule is the same there as it is for other platforms: Don’t run App Store distribution-signed code.

Revision History

  • 2022-06-01 Added App Store to the title to make the subject clearer. Made similar changes throughout the text.

  • 2022-05-31 First posted.

Up vote post of eskimo
1.3k views
Posted by
eskimo
Reply
Add a Comment