AppToolsWhite_512x512.png

Apple / Windows Certification Requirements

Last Updated Jul 1, 2025

For the past several weeks, I've been working on fixing bugs, deployment for Mac and the app store, as well as deployment for Windows. Apple has a LOT of rules. Incorporating those rules takes a lot of time. Here are the 'rules' in a nut-shell.

    For Apple deployment an app will have the following:
  1. Appropriate Icons and several required sizes.
  2. An acceptable .plist file.
  3. Use security scoped bookmarks.
  4. List all entitlements that the app needs and in addtion,
  5. Entitlements must have an appropriate category.
  6. Entitlements must have an appropriate version sequence acceptable to Apple.
  7. Be hardened
  8. Be sandboxed
  9. Must be signed by an appropriate developer certificate for distribution on a website
    or
    Must be signed by an appropriate developer certificate for the app store.
  10. Must pass first layer checks and be notarized by Apple's automatic notarization service.
  11. Must be stapled.
  12. For App Store deployment - app must be submitted for review and can be rejected for any reason.
  13. Apple does not allow an app to send you to a website except *maybe* for help files
  14. Apple's app store requires you to NOT use a third party payment vendor.

    Herein lies another rub. I have spent years of spare time making a processing app to do just that.

    Let me explain.

    As soon as payment is received, the vendor notifies my server. The server builds a license for the product purchased against the email submited and sends it to the user immediately.

    With these extra requirements to not use a third party vendor, and restrict which pages I can send the user to externally, I'm most assuredly writing another version specific for the app store AND writing another vendor processing app specifically for Apple's app store.

    To keep in-line with Apple's just works strategy, the app should self register. That means the processsor will have to be very different and possibly it will also be very different for the app store. Plus it will take time to figure out the app store's api. All of these things create more delays generally not in the range of hours or days, but for me in the range of months and sometimes years. I guess I'll get started.

Windows Deployment - pending

Last update Jul 2, 2025

Windows has a much different process for apps. First off, they don't require you to use their app store. This is a good thing since I have already written software to automate the purchase process. They also re-sign the app using their own code-signing keys, another good thing.

HOWEVER, and there is always a big gotcha moment - I must sign the app first. I figured no problem, I'll just create a small local cert and sign it. NOPE, that won't work.

The certificate must come from a software authority. That makes sense to me. And the certificate can't be downloaded or stored on any of my own devices. After doing some digging, I now realized why this is. It ensures the chain of command. After spending several months looking for a certificate supplier, in what I thought would be my good price range, I've narrowed it down to a few. AND I've had to change the budget to accommodate this new pricing - more delays. I'll have to save up a bit more just to get the cert.

If your still reading this, I had tried one cert company a couple of months ago. They had a fairish price and the certs would work everywhere. After working with them for a couple of weeks, gathering my documents, uploading etc..., they replied back that I had not been officially in business long enough. Per their documentation, there would have to be a longer and more permanent 'paper trail'. An example would be articles of incorporation or other similar government proof. Well I'm just a small sole proprietor. So no need for me to do all off that. I was back looking for a new cert provider. I was begining to loose all hope.

Here I have done all this work, for all these years, and now I can't sell my software becuase I don't have the money to process all of these extra steps. I've been stuck before and it's just a matter of time before another opportunity presents itself.

I began the cert search again, this time using ChatGPT and asking the questions in different ways. I found several certification companies but the prices are much higher.

I confirmed yesterday [Jul 1, 2025] with one company that I do indeed meet all of their requirements. So I could begin the process of certification with them. There is one or two other companies I want to check before proceeding. I've temporarily disabled the download links since the software is not signed, it would put up nasty error messages about the world ending until it is completely ready and signed. Plus I keep updating it.