If you recall, last week we saw an issue that plagued some Mac users and developers that caused some apps downloaded from the Mac App Store to display a “damaged” error when they were opened. Apple has sent an email to developers explaining what happened, and how to fix their affected apps.
In the email, which developer Donald Southard Jr. shared on Twitter, Apple explains that the company issued a new security certificate for the Mac App Store in September in anticipation of the expiration of the old certificate. The new certificate used a stronger SHA-2 hashing algorithm instead of the old SHA-1 algorithm. Hashing algorithms are used by certificate authorities to sign security certificates.
There were actually two issues that caused issues when apps were started. Apple says the first issue involved a caching problem with the Mac App Store that required a computer restart and re-authentication with the Mac App Store to clear out the old cached information. Apple is working on a fix for this issue. The second involved some old apps that were running an older version of OpenSSL that didn’t support SHA-2. Apple notes it replaced the SHA-2 certificate with a new SHA-1 certificate last Thursday night.
Apple says that while “most of the issues are now resolved,” some apps might still experience issues if the apps make “incorrect assumptions” about the Mac App Store’s security certificates. Apple points developers to the Receipt Validation Programming Guide, asking them to make sure their apps adhere to the guide, and to resubmit their apps if necessary for an expedited review.
The full email can be seen in the screenshot below: