Good. The other day the App Store was down and I couldn't use half of my downloaded apps because they failed "verification". I'll be happy as a clam to see more developers move their apps off of the App Store.
Steam does this to me as well sometimes. Why can't these stores use some kind of encryption that can just validate "Yes at some point in the past this has been purchased on this computer" and leave it at that. Always online frankly seems excessive.
It varies with different games on Steam. Steam doesn't require its DRM, so some games have no DRM, even when installed by Steam, which is great. More critically, though, Steam also doesn't require its DRM be exclusive so some games are protected both by Steam's DRM and something else, where that something else may have its own weird requirements before launching a game.
Can confirm. I bought Goat Simulator from Steam about a year ago, have uninstalled Steam, and even moved the application between OSs and devices without any issue.
That's not true. Apple issued a new root certificate using the latest OpenSSL standard. The apps that "expired" were using an out-of-date version. They technically shouldn't have worked in the first place, but Apple kept renewing the old SHA-1 certificate alongside the current one which allowed these apps to validate, despite using a cert that was obsolete since 2005.
Which is to say, that's exactly what Apple's scheme does, except in one crucial point where it does not, which malfunctioned and caused a bunch of havoc.
Why does a purchase receipt need to have an expiration date at all? It's stupid. This stuff should be once-and-done.
Do apps really contact the App Store to approve each launch? That would be a lot of tracking data that could be collected. How could it work if the endpoint is not connected to a network?
No, they don't contact the app store to approve each launch. Apple has a root CA that expired, during this "event" apps wouldn't launch because they couldn't verify the code signing certificate. Apple updated their certificate, and all apps started working again.
I already responded to you in another thread here, but this isn't true. The apps wouldn't launch because they were using an old, outdated version of OpenSSL that's been updated since 2005. They were referencing an old, out of date root certificate, not the current one.
But as the top comment says: The actual issue was that some developers used an old version of OpenSSL, which couldn't handle the SHA2 cert. Apple apparently "deprecated" their SHA1 cert and started to use an SHA2 cert. IIRC some apps were still working because they used the right OpenSSL version.
I guess Apple didn't communicate enough with the developers that they'll start using SHA2.
> I guess Apple didn't communicate enough with the developers that they'll start using SHA2.
Understatement of the year right there. Apple didn't communicate this at all. The first time anybody outside of Apple found out about this was when apps started failing to launch.
If Apple had merely told developers a month ahead of time, "Hey, we're switching to SHA-2 certificates, make sure your receipt validation code handles it," this whole thing could have been avoided.
In a crazy hypothetical world where Apple's app store team actually gives a shit about third party developers, they could have even tested SHA-2 certificates against the apps in the store, and directly contacted affected developers to tell them to get stuff fixed.
Not all apps, some older apps (e.g. Tweetbot 1.xx) stopped working permanently & can't be fixed, because Apple doesn't allow old versions to be re-downloaded from the Mac App Store. It's convinced me to stop using the MAS and I've been re-buying my MAS apps direct from the developer wherever possible.
Thanks for this info. I don't think I fully appreciated this aspect of the MAS before, although I'm sure all the pieces were lodged in the back of my mind, nagging away. I'm not going to buy any software from the MAS ever again.
Something like that. It's ridiculous. I could not use 1Password until the App Store came back up, which was pretty inconvenient. Tweetbot also had the same problem and the developer tweeted about the situation: https://twitter.com/tapbot_paul/status/664668084146339840 (and more tweets around that timeframe).
I found this tweet from the Tweetbot developers even more significant, there was no way they could upload a patched old version to the Mac App Store to fix it:
