Personaly I don’t like the .pkg files. During the installation process the .pkg installer asks for my sytem password and when I enter it, the installer could to strange and for me hidden changes on my system. I prefer to use sandboxed apps and copy the app file into the application folder.
It would be great if the system installer asks for every single additional permission which I then could grant if I think it is necessary. It’s not a good idea to allow the .pkg file to install the app with all rights after entering the system password.
I also HATE pkg files and mostly do not install when this is used. DMG should be used only imo
The hackers used the open source and added malware , compiled it, codesigned it with their own Apple ID (which is already blocked by Apple now), uploaded their compiled Transmission app to the original Transmission server.
When your app isn’t open source this way of working is not applicable to you. Of course they can still hack your server and do nasty things.
A PKG file, is the most unfavored, we use it for updates, because it can be verified by it’s code signature and it auto replaces a Sandboxed application.
The way I understood, is that it was re-signed by the naughty people with a different code signature, who checks to see if Transmission was signed by “Transmission Project” or that App Wrapper is signed by Ohanaware Co., Ltd.?
I guess in our applications, we should be checking that our apps are signed with our certificates, unless it’s downloaded from the App Store, in which case it’s Apple problem.
I guess in our applications, we should be checking that our apps are signed with our certificates, unless it’s downloaded from the App Store, in which case it’s Apple problem.[/quote]
Can this be done in-app with declares? If yes, how?
So presumably they would have removed the check for ‘signed by my own certifcate’ at the same time?
If someone replaces MyApp with MyApp (hacked or otherwise) on the server, then the thing you download isn’t going to use your built in checks.
Code signing should prevent an app being modified after you have it on your system.
But if the thing you download isnt the thing you thought it was, no amount of checking done by ‘the real thing’ is going to stop ‘the fake one’ from causing trouble.
In this case, a test needed to be done at the server end to ensure that what the developer uploaded still matches what is on the developer’s machine.
I like very much the idea of verifying that the digital signature is intact, and if not, stop execution with a prominent display of where to find the original and report the incident. Now, how can this be achieved ? Sam, Christian, any suggestion ?
It seems it is possible to check if the codesign is broken or not. See code below.
But it would be better to see if the codesign is yours (name check?). Anyone?
Declare Function SecCodeCopySelf Lib "Security" (flags as integer, byref proc as ptr) As Integer
Declare Function SecCodeCheckValidity Lib "Security" (code as ptr, flags as integer, requirement as ptr) As Integer
dim myProc as ptr
dim res As integer
if res<>0 then
// codesigning is broken
It’s absolutely possible to verify the name of the leaf certificate.
What I think we should is to verify the team I’d, as this remains the same no matter if you deploy via App Store or on your own site. I’m on holiday at the moment, but I can use code I’ve written for App Wrapper 4 to verify this.
The other thing I considered was verifying that your executable is the main executable of the bundle. It’s trivial to check, however if the signature is broken or not yours, I don’t see this step as needed. What do you think?
Will get the OS to validate that the trust of the signature is intact, in our case GatKeeper would do this before the app launches, it does force a Internet connection, so I don’t think this is needed.
Checking if the codesigning is still intact after it has been downloaded is usefull. This way you can check if something changed (patched etc…) the bundle after the initial download.
If we can also check the name, we can make sure the app is yours or codesigned by someone else.