lihaoyun6
Sign QuickRecorder App for Homebrew Cask
Summary
Can you add a signature to the QuickRecorder app? It needs to be signed to be allowed to be uploaded as a cask formula to Homebrew Cask.
Issue Description
Someone created a PR to upload it over here (homebrew/homebrew-cask#174357). And the bot auto-closed the issue because the app isn't signed and that's a macOS/homebrew policy now. I'm not sure if this is possible without paying for a license from apple, but i think it is now.
Thanks!
I don't think there is a way to get a trusted certificate without paying Apple. The only way is let brew sign the QuickRecorder with an ad-hoc certificate on every Mac. But this will break QuickRecorder's built-in auto-update module 🥲
When I get the $100 donation, I will pay Apple and apply for notarization
If it's purely a financial issue, I'd be happy to send over half the cost if someone else is happy to do the other half. Check over the dev info to see the apps built in such a way it would pass notarisation etc https://developer.apple.com/help/app-store-connect/distributing-apps-in-the-european-union/submit-for-notarization/
For what it's worth, most genuinely good malware / info stealers have found various routes to be "notarised." It's a good step but perhaps overrated as a security measure, that is, if you want a high degree of assurance: https://eclecticlight.co/2019/04/24/theres-more-to-notarization-than-that/
I would happily contribute as well. Any updates? Where are we in the notarization process?
I would happily contribute as well. Any updates? Where are we in the notarization process?
Right...
I'd much prefer this thing to be running within the boundaries of the Apple OS sandbox. As one example, the updater (using a software update framework called 'Sparkle') is listed as v2.6.0 in the code for this app (here).
running within some sort of Sandboxing etc considering the stack it relies upon is not updated according with vendor issued security updates. E.g. within the code here
Sparkle versions prior to 2.6.4 are subject to a High Risk vulnerability rated 7.3 out of 10 risk. "CVE-2025-0509."
Specifically "This issue allows an attacker to replace a legitimate signed update with a malicious payload, thereby bypassing Sparkle's (Ed)DSA signing checks and potentially installing unauthorized software on the user's system." The risk becomes much more inflated in the absence of Notarization. Pushing this via the App Store could do away with Sparkle entirely, as one example.
This app is not too different from Screen Studio in many ways it's less annoying. This is used widely in the West. It has a perpetual licence (pay once) of $229. I've seen it in enterprise more than once. https://screen.studio/#pricing
Once an app's in the App Store and Notarised, it gains visibility of a much broader market. It can also be acquired via Apple Business Manager / integrated into say JAMF for enterprise. The ability to charge a small fee (e.g. lifetime license for $X / a low monthly rolling cost becomes realistic and the app will begin generating side income on its own). The notion that Apple developer cost of $99 is too high fails to recognise quite how wonderful and in-demand these sorts of tools are. If you offered this with 14 days trial & then a onetime $15 charge, it would quickly gain attention and awareness.
I'm a bit concerned that despite the offers from both @hey-august and @lalaRLH, there's no response to this thread. I've been using this app for the past few months but choosing for alternates until this thread is responded to.
