2

I have created an app that captures time and mouse/keyboard events using Electron. It works fine on Windows. However, it’s being blocked on Mac OS (see prompt below).

enter image description here

Because of this, Mac users won’t be able to use our app - unless they enable it by going to settings > securty & privacy. This is not a good user experience because ideally, we want them to be able to use our app after installation (like how other apps would behave)

I’ve read that this is common for apps that track mouse and keyboard events because it’s similar to a keylogger. To clarify, we did not create a keylogger but a time tracking software like Hubstaff.com

Is there a way to bypass the securty & privacy step so they can use the app immediately after installing?

By the way, we have one option that we haven't tested yet: -Get the app verified through the EV code signing certificate like https://www.instantssl.com/extended-validation-code-signing-certificate.html

We'd love it if you can help us get in the right direction.

P. James
  • 415
  • 4
  • 15

1 Answers1

1

Is there a way to bypass the securty & privacy step so they can use the app immediately after installing?

No. Applications which use accessibility features are a security risk to the user; the OS will always require the user to explicitly approve them.

You will need to look into alternative methods to gather this data which do not use accessibility features. I believe the IOHID HIDIdleTime property may fall into this category; you will probably need to write a custom Electron plugin to use it.

By the way, we have one option that we haven't tested yet: -Get the app verified through the EV code signing certificate…

This won't work. Apple only honors developer certificates issued through the Apple Developer ID program. Code signing certificates issued by other CAs, like InstantSSL, are not honored by macOS -- an application signed with such a certificate will display a "can't be opened because it is from an unidentified developer" error, just as if it were unsigned.