Apple Mac Users Furious As Expired Security Certificate Breaks Mac Store Apps
Apple's App Store choked when security certificates expired on a predetermined date and time of Nov. 11, 2015 at 9:58PM.
Security certificates are issued by the Mac App Store when apps are legally bought and paid for so they can run user's Macs. The certificates are also used to protect users from installing malware via Apple's developer credentials.
Unfortunately, someone at Cupertino forgot to update the ticking deadline for those security certificates. As a result, Apple's customers who tried to open apps they bought from the App Store after the deadline were told that their apps were "damaged and can't be opened" and were asked to delete the apps and download them again from the App Store. Naturally, tons of Apple's customers were outraged over the outage.
Popular apps like 1Password, Tweetbot, and DaisyDisk were affected because of the bug. In fact, it was a developer from Tweetbot's software house, Tapbots, who discovered the root of the issue. On Twitter, Paul Haddad, discovered the out-of-date security certificate on Wednesday night which had already expired earlier the same day.
"Whenever you download an app from the Mac App Store, the app provides a cryptographically-signed receipt. These receipts are signed with various certificates with different expiration dates. One of those is the 'Mac App Store Receipt Signing;' that expires every two years. That certificate expired on 'Nov 11 21:58:01 2015 GMT,' which caused most existing App Store receipts to no longer be considered valid," explains Haddad.
As fast as it could, Apple patched the bug by releasing an updated security certificate. Unfortunately, the company couldn't act quick enough as many of its users had already gone through the arduous process of deleting and redownloading their apps. Even then, some apps still wouldn't launch so users had to resort to re-entering their Apple account credentials - a very difficult thing to do especially if you have a Mac app like 1Password to create and remember all your passwords - and performing a reboot of their machines.
Developers like Haddad received the initial wave of backlash caused by Apple from customers who bought their app. Assuming the problem was caused by the app maker and not related to the Mac App store, Haddad and many others had a customer service nightmare to deal with. Unfortunately, Apple's updated security certificate is only good until Oct. 23, 2017, so the same problem may just pop up all over again two years from now.
Photo: Bart Naus | Flickr