I've been trying to submit an application made with the Electron framework (electronjs.org) to the Mac Apple Store, but when launched an alert dialog appears with the text:
"App Name Helper (Renderer)" differs from previously opened versions. Are you sure you want to open it? Opening "App Name Helper (Renderer)" will allow it to access data from previously used versions of "App Name Helper (Renderer)".
...this is preventing my Mac App Store submission. I've looked at troubleshooting information related to Gatekeeper and entitlements, etc. but I have not been able to determine which Apple subsystem (App Sandbox? Gatekeeper?) this particular alert comes from so I can possibly carve out an exception for it, or otherwise figure out how to fix it.
"App Name Helper (Renderer)" is an agent process. Checking the App Store build results in:
> spctl -a -t exec -vvv App\ Name.app/Contents/Frameworks/App\ Name\ Helper\ \(Renderer\).app
App Name.app/Contents/Frameworks/App Name Helper (Renderer).app: rejected
origin=Apple Distribution: Kevin Hughes (MYTEAMID)
...for App Store submission, is it expected that all agent processes should be signed with the Apple Distribution certificate? And is it OK that nothing is notarized before submission? If everything should be notarized, which certificate should be used? Does the App Store verification process check for this kind of thing regarding agent processes? Should it?
Note that I can build, install, launch, and fully execute an Apple Developer ID-signed and notarized binary with a hardened runtime (and Apple Development profile) myself on my local machine as well as other macOS Sonoma 14.3.1 systems without any issues. The entitlements for my App Store build are:
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.assets.movies.read-only</key>
<true/>
<key>com.apple.security.assets.music.read-only</key>
<true/>
<key>com.apple.security.assets.pictures.read-only</key>
<true/>
<key>com.apple.security.automation.apple-events</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.debugger</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.files.downloads.read-only</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
