Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple-issued developer certificate expires, causing crashes in 1Password and other apps

Last updated

The consequences of an Apple-issued security certificate expiration combined with a change made by Apple, is leading to some apps purchased outside the app store like 1Password, PDFpen, and Soulver for Mac to require reinstallation with a new version before coming back to life — but the issue may have lasting consequences for some software.

Over the weekend, a certificate issued by Apple required to access iCloud services expired, as expected. However, the immediate issue induced by the problem, coupled by a change in how Apple handles a lookup of apps allowed to perform certain functions, called "entitlements," had unforeseen side effects.

As a result, leading users of 1Password, PDFPen, and Soulver, amongst others, discovered that the apps relying on the certificate were crashing on launch. Apple's change in handling the variable meant that simply renewing the certificate wasn't sufficient to restore functionality.

"We knew our developer certificate was going to expire on Saturday, but thought nothing of it because we believed those were only necessary when publishing a new version," said the 1Password developers in a blog post. "Apparently that's not the case. In reality it had the unexpected side effect of causing macOS to refuse to launch 1Password properly."

A combination of factors led to 1Password not launching after simply updating the certificate, as the installer didn't recognize the new certificate as valid.

The "crash" turned out to be a feature of macOS in PDFPen's case. According to TidBits, the "taskgated-helper" system app examines a code signing certificate and compares it to the "entitlements" list. Should the the provisioning profile be linked to an expired certificate, macOS blocks the app with the expired certificate from launching.

Soulver, PDFPen, and 1Password have been updated by the developers to rectify the problem, and all users need to do is download an updated version and install it. However, other apps not updated as frequently, or abandoned by developers, may stop working with no recourse by users to get them to start working again.

Apps sold through the Mac App Store are signed by Apple, and not by the developer. Because of that, only apps sold outside the app store, needing "entitlements" are impacted by the problem.

While this issue is limited to apps purchased outside the Mac App Store, Apple has had its own problem with certificate expiration and unforeseen consequences. In Nov. 2015 an upgrade to SHA-2 certificate encryption caused issues in conjunction with a Mac App Store issue storing outdated certificate information on user Macs, which rendered many apps non-functional.



19 Comments

osmartormenajr 11 Years · 286 comments

crowley said:
Very shoddy work by Apple. 

Very dumb post by Crowley.

ericthehalfbee 13 Years · 4489 comments

So a developer I'm supposed to trust with my passwords just lets a certificate expire, and even admits they knew it was going to expire but didn't think it would matter?

SpamSandwich 19 Years · 32917 comments

crowley said:
Very shoddy work by Apple. 

Such a comment by you is not unexpected. The developer failed to do their homework. It's their fault for not querying Apple.

lkrupp 19 Years · 10521 comments

crowley said:
Very shoddy work by Apple. 

Blah, blah, blah, blah, shoddy, blah, blah, blah, blah, doomed, blah, blah, blah, Steve is dead, blah, blah, blah, no innovation, blah, blah, blah, blah, blah, blah...