Notarized mode blocks TestFlight apps #61
Comments
|
Aloha, Attached is an example of a WYS screen shot of a notarized app (note: "signed & notarized"): You can also test for notarization via: |
|
That was just an example, none of the TestFlight apps I can find have the notarized bit; do you know if it's possible to both notarize and distribute through TestFlight? Or is it just best to disable notarization checking when using TestFlight? I natively expected BB to treat TestFlight apps the same way it treats MAS-signed apps. |
|
Good point, let me dig into this more. |
|
Same Problem for Synology Note Station Client ... how to get the App Notarized? |
|
I'm using some app bundles as wrappers for command line tools, and the bundles are not notarized, but at least validly signed (dev certificate), for example to access location services. It would be nice to have a setting in BlockBlock that would allow (by setting rules for) scripts and command line tools, based on their code signature. Reasoning: you can in fact even codesign shell scripts, and the signature is stored as an extended attribute, so when an attacker changes a script or CLI, the signature wouldn't match the new app/script anymore, and then BlockBlock could alert the user that the script/CLI has changed. (Nota bene: if a script or CLI is not signed at all, or if a signature stored in BlockBlock's rules has changed, BlockBlock should always warn, of course.) I do like the extra security that Notarization Mode offers, but a solution for one's own scripts/CLIs, which are properly signed, would be great. 🙏 |
Something sort of odd I've noticed: Notarization mode blocks running Catalyst applications from TestFlight. This is weird, because they're fully-signed apps, so presumably shouldn't hit this flow at all.
I'm not sure if this is a Catalyst bug, a TestFlight bug, or a BlockBlock bug, but I figured I'd start here. This is all on Ventura (just confirmed it's still broken on 13.2).
The text was updated successfully, but these errors were encountered: