While doing some troubleshooting recently, I noticed that the
.pkg installer for macOS of the PurpleAir Utility app is not signed. It’s really not a great idea to have folks bypass the security precautions on their systems to use this app, asking them to blindly trust that the app hasn’t been tampered with is not a good idea. What I found was
- the installer isn’t signed at all
- the app itself does appear to be signed by a Developer ID, but
- the app hasn’t been taken through the macOS App Notarization process (Notarizing macOS software before distribution | Apple Developer Documentation)
as a macOS app developer, I know that jumping through these hoops is a bit of a PITA, but once it’s done once, it’s a lot easier subsequent times and can even be automated.
Thanks so much for all the great work y’all do!