[0.16.51 demo for Mac] is from an "unidentified developer"

Anything that prevents you from playing the game properly. Do you have issues playing for the game, downloading it or successfully running it on your computer? Let us know here.
Post Reply
EnerJi
Long Handed Inserter
Long Handed Inserter
Posts: 66
Joined: Thu Aug 16, 2018 2:32 am
Contact:

[0.16.51 demo for Mac] is from an "unidentified developer"

Post by EnerJi »

[Note: also confirmed with the 0.16.36 demo for macOS.]

For some reason the demos are not signed with an Apple Developer ID, and thus throw a security error when I go to open them. See attached file for a screen shot of the error, and see this Apple site for more details on Developer ID: https://developer.apple.com/developer-id/

I am eager to try Factorio but as a general rule I do not install software from "unidentified developers" for security reasons, so I hope this can be remedied for the next (or at least a future) demo. This is easily remedied and in fact the signing process can be automated in your build process to make it very easy if not completely seamless to perform automatically for future releases of Factorio.

Please let me know if there are any questions or if I can help in any way.
Attachments
Screen Shot 2018-08-15 at 9.52.43 PM.png
Screen Shot 2018-08-15 at 9.52.43 PM.png (134.65 KiB) Viewed 3729 times

User avatar
HanziQ
Former Staff
Former Staff
Posts: 630
Joined: Fri Mar 27, 2015 7:07 am
Contact:

Re: [0.16.51 demo for Mac] is from an "unidentified developer"

Post by HanziQ »

I've been meaning to fix this for a long time, even the full game is not signed. I will add this for 0.17.

posila
Factorio Staff
Factorio Staff
Posts: 5202
Joined: Thu Jun 11, 2015 1:35 pm
Contact:

Re: [0.16.51 demo for Mac] is from an "unidentified developer"

Post by posila »

HanziQ wrote:I've been meaning to fix this for a long time, even the full game is not signed. I will add this for 0.17.
I've assigned 55063 to you. I'd like to start signing Windows binnaries too, because Windows' Smart Screen also blocks Factorio from launching.

nuhll
Filter Inserter
Filter Inserter
Posts: 923
Joined: Mon Apr 04, 2016 9:48 pm
Contact:

Re: [0.16.51 demo for Mac] is from an "unidentified developer"

Post by nuhll »

You dont add any security by only running apps from identified developers... just btw.

More important is "what" from "where".

EnerJi
Long Handed Inserter
Long Handed Inserter
Posts: 66
Joined: Thu Aug 16, 2018 2:32 am
Contact:

Re: [0.16.51 demo for Mac] is from an "unidentified developer"

Post by EnerJi »

HanziQ wrote:I've been meaning to fix this for a long time, even the full game is not signed. I will add this for 0.17.
Thank you! I look forward to trying 0.17 with this inclusion when it ships. Do you still expect it to ship before year-end?

EnerJi
Long Handed Inserter
Long Handed Inserter
Posts: 66
Joined: Thu Aug 16, 2018 2:32 am
Contact:

Re: [0.16.51 demo for Mac] is from an "unidentified developer"

Post by EnerJi »

nuhll wrote:You dont add any security by only running apps from identified developers... just btw.

More important is "what" from "where".
Btw, that's not accurate IMHO. Digitally signing apps is one layer in a security model. It doesn't address all threats, but it does address some. I'm not familiar with Microsoft's implementation, but I'm guessing it tackles similar threats as Apple's. For example, an inexhaustive list includes:

[*]The code being modified by a malicious actor after the developer posts it. This is a not uncommon attack, e.g. by hacking the website to redirect the user to an infected version. Popular games have previously been used as a vector for this type of attack.

[*]A malicious developer purposefully adding malware to their software. This has happened many times with mobile apps and browser extensions which reach a certain level of popularity, sell to a (malicious) third party, who then loads malware. With Identified Developer, this can happen just once before the developer is banned from the platform.

[*]Third party "fan" sites can be created by malicious actors which purport to link to the software, but instead link to malware.

[*]If users are used to needing to bypass these safety checks for legitimate software, it opens them up to installing completely unrelated malicious software. On the other hand, if users are conditioned to never install software from unidentified developers, they would be suspicious and less likely to install malware when they realize it's not digitally signed.

[*]Importantly, existing malicious versions of the software (however they came about) can have their certificate revoked to protect unsuspecting future users who might accidentally download from an unofficial site.

And so on.

Post Reply

Return to “Technical Help”