A Day Without Business – Charlie Monroe

On Aug 4, 2020 I woke up to a slightly different world – I had lost my business as it seemed. Full inbox of reports about my apps not launching (crashing on launch) and after not too long I found out that when I sign into my Apple developer account I can no longer see that I would be enrolled into Apple’s developer program – au contraire – it shows a button for me to enroll, which I tried clicking, but only got a message that I can’t do that.

After more investigation, I found out that the distribution certificates were revoked. Each macOS app these days needs to be codesigned using an Apple-issued certificate so that the app will flawlessly work on all computers. When Apple revokes the certificate, it’s generally a remote kill-switch for the apps.

I got really frightened as all of sudden, no user was able to use my apps anymore. Though interestingly, I was still able to connect to my App Store account and my apps were there and working. As it was 7AM (all times are CET), Apple’s contact information only showed the option to send them an email – so I did. At 9AM, I went for the phone option that became available at last. When I finally talked to someone they said they have no idea what’s going on, there was no note or any additional information associated with my account. I was told they would pass the issue to the internal team and get back to me.

At this point you no longer know whether you have a business or not. Should I quickly go and apply for a job? Or should I try to found another company and distribute the apps under it? What should I do? The most damaging to me is the message shown to user:

This is the message that macOS shows to all users who tried to launch my apps. That it will damage their computer with a checkbox to report malware enabled. Average user immediately goes nuts. I fully understand that the entire idea here is that Apple can remotely kill malware and to keep the user on the safe side, but in case of a false-positive, as in this case, the message is damaging to the developer’s reputation.

Fortunately, possibly thanks to the traction the story got and all the support I received from everyone (for which I am infinitely grateful), after almost 24 hours after 10PM, I got my account re-instated. Apple has called and apologized for the complications. The issue was caused by my account being erroneously flagged by automated processes as malicious and the account was put on hold.

Here is a quote from Apple:

We appreciate your patience while we continued our investigation into why your Developer ID certificate was erroneously revoked and to examine ways in which we could assist you. We determined that your app Downie 4 was erroneously identified as malicious due to invalid logic in our malware detection system. This triggered the revocation of your certificate under Section 5.4 of the Developer Program License Agreement. This should not have happened and teams across Apple have been working diligently to figure out a solution. 

Earlier today, we successfully un-revoked your Developer ID certificate. Users who were affected by the initial revocation will have app functionality restored when their OCSP cache refreshes (typically within 2 hours).

We are grateful to have you as a member of the Apple Developer Program and want to reiterate our deep apologies. We are taking action to make sure this doesn’t happen in the future. 

Thank you for choosing to develop for Apple platforms and for being a member of our vibrant developer community.

I hereby thank everyone at Apple for working on this and getting the certificate un-revoked which is really really great news. This generally means that for many people, the applications will continue working as before without the need to re-install, but unfortunately, if your computer was online and running between Aug 4, 2020 and Aug 7, 2020, chances are that macOS has marked the application as malicious and it caches this information without refreshing it on launch. This means that you will still get the message about the application potentially damaging your computer.

What to do next?

I am really sorry for all inconvenience this has caused to my users. I fully understand that many of you use my apps on daily basis and they are in your everyday workflow. I really wish I could have gotten you up and running sooner, but it’s still honestly sooner than I thought.

You will need to redownload your copies of Downie, Permute, Eon and UctoX from my website (https://software.charliemonroe.net/) and Setapp users will get updated copies via Setapp.

Older versions (Permute 2 and Downie 3) are available on their respective websites under the FAQ section – you can access it by clicking on FAQ button on the right side of your screen.

Here are direct links for your convenience:

• Downie 4: https://charliemonroesoftware.com/trial/downie/v4/latest/
• Downie 3: https://charliemonroesoftware.com/trial/downie/v3/latest/
• Permute 3: https://charliemonroesoftware.com/trial/permute/v3/latest/
• Permute 2: https://charliemonroesoftware.com/trial/permute/v2/latest/
• Eon: https://charliemonroesoftware.com/trial/eon/latest/
• UctoX: https://charliemonroesoftware.com/trial/uctox/latest/

Total Post Views 28,916