My team is distributing a cross-platform app outside the Mac App Store via ZIP file. The app works perfectly on Windows, but on macOS, while the ZIP downloads and extracts without issue, the app refuses to open. Users see either the app appear in the dock then immediately disappear or a Gatekeeper prompt saying the developer cannot be verified. We suspect the root cause is related to code signing and/or notarization, but we're not entirely sure where the breakdown is occurring.
We have a few questions as we work through this. For ZIP-based distribution outside the Mac App Store, is both a Developer ID certificate and Apple notarization required on current macOS versions? We've also seen references to using ditto instead of Finder's built-in Compress option when packaging the ZIP. Is that necessary to properly preserve the app bundle structure and extended attributes?
Any guidance on where this process might be going wrong would be hugely appreciated. Thanks!