Hi everyone,
I have a macOS application that uses Screen Recording permission. I build my app with an adhoc signature (not with a Developer ID certificate). For example, in version 1.0.0, I grant Screen Recording permission to the app. Later, I build a new version (1.1.0) and update by dragging the new app into the Applications folder to overwrite the previous one. However, when I launch the updated app, it asks for Screen Recording permission again, even though I have already granted it for the previous version.
I don’t fully understand how TCC (Transparency, Consent, and Control) determines when permissions need to be re-granted. Can anyone explain how TCC manages permissions for updated builds, especially with adhoc signatures? Is there any way to retain permissions between updates, or any best practices to avoid having users re-authorize permissions after every update?
In general, macOS tracks code identity using the code’s designated requirement. Ad hoc signed code does not include a stable DR, and thus macOS is unable to tell that version N+1 of your app is the ‘same code’ as version N.
I talk about this in great detail in TN3127 Inside Code Signing: Requirements.
any best practices to avoid having users re-authorize permissions after every update?
Sign your code with a stable code-signing identity, ideally one issued by Apple. That means:
- Apple Development, during development
- Apple Distribution, for submission to the App Store [1]
- Developer ID, for direct distribution
Ad hoc code signing has its place — for example, it’s great for open source tooling like Homebrew — but it will cause problems if you’re building a Mac app that you intend to distribute widely.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] The App Store will re-sign your app as part of the submission process. See TN3161 Inside Code Signing: Certificates.