How can I verify my Electron app to avoid "developer cannot be verified" error on macOS?

I've developed a React Electron app and used electron-builder to package it. After installing the app on macOS, I encountered an issue where attempting to open it results in an error message: "My Electron App cannot be opened because the developer cannot be verified."

While I managed to bypass this error by temporarily adjusting security settings and clicking the "open anyway" button, my goal is to establish proper verification for the app. I want to ensure that when I share the app with others, they can install and run it without having to modify any settings or disable security features.

Could someone guide me through the steps to verify my Electron app so that it can be smoothly installed and launched on other macOS machines without encountering the "developer cannot be verified" obstacle? Your assistance will be greatly appreciated!

I've researched multiple sources and they recommend enrolling in the Apple Developer Program to address this issue.
https://developer.apple.com/support/app-account/

The "developer cannot be verified" error on macOS arises because of Apple's Gatekeeper security feature. To assure users that your app is safe, code sign and notarize it. Here's a step-by-step guide for verifying your Electron app:

1. Join the Apple Developer Program:
   You'll need to enroll in the Apple Developer Program to get access to necessary certificates and tools. It comes with an annual fee. enroll here

2. Obtain a Developer ID Certificate:
   Log in to Apple Developer Center.
   Navigate to Certificates, Identifiers & Profiles.
   Under macOS, select Certificates and then click the + button to create a new certificate.
   Choose Developer ID Application and follow the on-screen instructions.

3. Code Signing the Electron App:
   Use electron-builder which supports code-signing. Ensure you have your Developer ID Application certificate installed on your Mac.
   In your electron-builder configuration (usually in package.json), ensure you have.

<!-- begin snippet: js hide: false console: true babel: false -->

<!-- language: lang-js -->

"mac": {
  "category": "your.app.category",
  "entitlements": "./build/entitlements.mac.plist",
  "hardenedRuntime": true,
  "gatekeeperAssess": false,
  "type": "distribution"
},
"dmg": {
  "sign": false
}

<!-- end snippet -->
The entitlements.mac.plist is a file that defines permissions for your app. For a basic app, this might not be required but for apps using certain macOS capabilities, you'd need to specify entitlements.

4. Notarize the App:
   Starting macOS Catalina, apps need to be notarized by Apple. This is an automated process where Apple scans your app for malicious content.
   Adjust your electron-builder config:

<!-- begin snippet: js hide: false console: false babel: false -->

<!-- language: lang-js -->

"afterSign": "scripts/notarize.js"

<!-- end snippet -->
In your notarize.js:

<!-- begin snippet: js hide: false console: false babel: false -->

<!-- language: lang-js -->

require('dotenv').config();
const { notarize } = require('electron-notarize');

exports.default = async function notarizing(context) {
  const { electronPlatformName, appOutDir } = context;
  if (electronPlatformName !== 'darwin') {
    return;
  }

  const appName = context.packager.appInfo.productFilename;

  return await notarize({
    appBundleId: 'your.app.id',
    appPath: `${appOutDir}/${appName}.app`,
    appleId: process.env.APPLE_ID,
    appleIdPassword: process.env.APPLE_ID_PASSWORD,
  });
};

<!-- end snippet -->

1. Distribute the App:
   Once signed and notarized, distribute your .dmg or .pkg file to users. They shouldn't see the "developer cannot be verified" error anymore.

You are correct, identified developers are paid members of Apple's Developer Program. There are numerous legal and financial agreements and disclosures Apple Developers file in the system which help protect the security of software that gets distributed and run on other users' machines. The two components of ensuring this security require a Developer ID or Appstore Distribution certificate issued by Apple to members: certified codesign and notarization. I think the fee went up slightly recently, but it is only a token sum, around $100 or so per year.

Cf. https://discussions.apple.com/thread/7488189