Gatekeeper quarantine issue with certificate

Question

Our app has been code signed. Our Apple certificate is up to date. Previous versions of our app have run just fine.

However, when the DMG is downloaded by the users, on

Answer 1

Gordon Davissons answer is quite extensive and should help in most cases. In my case, it did not.

Besides the two gatekeeper error messages that he mentions, there is a third one and that is the one from your question:

".app can’t be opened because the identity of the developer cannot be confirmed."

In my case this message came up, when an embedded third party framework had a bad run path setting: LD_RUNPATH_SEARCH_PATHS in build settings did reference something that it was not allowed to.

Apple documents this here https://developer.apple.com/library/content/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG207

If an app uses @rpath or an absolute path to link to a dynamic library outside of the app, the app will be rejected by Gatekeeper.

And they even state:

Neither the codesign nor the spctl tool will show the error. The error will only appear in the system log.

The solution was to modify the third party framework to something standard like this:

$(inherited) @executable_path/../Frameworks @loader_path/Frameworks