Outside of professional Mac developers, few people in the world appear to understand macOS code signing. Unfortunately, this ignorance extends to the news media. As reported by multiple news outlets, some Logitech mouse driver software on the Mac stopped working the other day, and Logitech was forced to release an emergency fix. The news reporting on this incident included misinformation about how macOS Developer ID code signing works.
Cult of Mac: “macOS treats an expired certificate as a hard failure. So, the app can’t authenticate or run as intended. This also explains why the problem is limited to macOS.”
MacRumors: “The Developer ID certificate is the digital signature macOS uses to verify legitimate software. When Logitech allowed its certificate to lapse, the company's apps lost verified authenticity. As such, macOS refused to run them”
The Verge: “The issues only impacted Mac users because macOS prevents certain applications from running if it doesn’t detect a valid Developer ID certificate”
These stories place the blame on macOS for refusing to run apps with expired Developer ID code signing certificates, but this is false! Apple documents the behavior on its certificates support page:
If your certificate expires, users can still download, install, and run versions of your Mac applications that were signed with this certificate. However, you’ll need a new certificate to sign updates and new applications.
In other words, the valid dates of a code signing certificate apply specifically to signing executable code, not to executing the code. If the certificate was valid at the time that the app was signed by the developer, then the app will continue to run forever, unless Apple revokes the certificate. Most cases of Developer ID certificate revocation are due to malware. The Apple developer documentation reiterates this point:
Gatekeeper will evaluate the validity of your Developer ID certificate when your application is installed. As long as your Developer ID certificate was valid when you compiled your app, then users can download and run your app, even after the expiration date of the certificate. However, you'll need a new certificate to sign updates and new applications.
The documentation does mention how an expired provisioning profile can prevent a Mac app from running:
If your Mac application utilizes a Developer ID provisioning profile to take advantage of advanced capabilities such as CloudKit and push notifications, you must ensure your Developer ID provisioning profile is valid in order for installed versions of your application to run.
Gatekeeper will evaluate the validity of your Developer ID certificate when your application is installed and will evaluate the validity of your Developer ID provisioning profile at every app launch. As long as your Developer ID certificate was valid when you compiled your app, then users can download and run your app, even after the expiration date of the certificate. However, if your Developer ID provisioning profile expires, the app will no longer launch.
Nine years ago, there was a runtime issue with expiring Developer ID code signing certificates:
Developer ID certificates are valid for 5 years from the date of creation and Developer ID provisioning profiles generated prior to February 22, 2017, are valid until your Developer ID certificate expires.
Nonetheless, this issue was long since solved and would not affect a Developer ID certificate that’s now expiring in 2026:
To simplify the management of your Developer ID apps and to ensure an uninterrupted experience for your users, Developer ID provisioning profiles generated after February 22, 2017, are valid for 18 years from the creation date, regardless of the expiration date of your Developer ID certificate.
In other words, there’s nothing to worry about until the year 2035 at the earliest, though admittedly it’s a bit troubling that these apps have a ticking time bomb, so to speak. On the other hand, Developer ID provisioning profiles are optional, used only for a few features such as iCloud support, so many or even most Developer ID signed Mac apps have no provisioning profile, and thus no expiration.
So what happened with the Logitech mouse software? The blame here lies entirely with Logitech and not with macOS or Developer ID. The Logitech software performed some additional, custom validation, which failed after the Logitech Developer ID code signing certificate expired. That was an unforced error by Logitech, and the issue will not affect other Mac developers, regardless of when their Developer ID certificates expire. My own valid Developer ID certificate expires in 2027, and that will not stop my old apps from running. Indeed, I had a previous Developer ID certificate that expired in 2021, and its expiration didn’t stop any of my old apps from running either. That’s not how macOS works. That’s not how code signing works.
Don’t even get me started on Mac app notarization, which hardly anyone understands. What people fail to realize is that notarization is simply an extension of the preexisting Developer ID program (created in 2012), one additional requirement rather than something entirely new.
More news outlets have repeated the myth. Is there no fact checking in the media?
iPhone in Canada: “The root cause was an expired Apple Developer ID certificate that the company uses to digitally sign its macOS software. These certificates are required by Apple’s security framework to verify that an app is authentic and safe to run. Once the certificate expired, macOS began refusing to load the affected apps, effectively blocking them from running and disabling any customization features that rely on them.”
The Mac Observer: “macOS uses a Developer ID certificate to verify that software is legitimate. When Logitech allowed its certificate to expire, its apps lost that verification. Because of that, macOS blocked them from running.”
Macworld: “In macOS, some software needs to have a Developer ID certificate to run. The certificates are good for five years, after which they need to be renewed with Apple. If not, then the app will stop working.”