Apps that are submitted to the macOS App Store have to fulfill a number of requirements and pass a review process by Apple. While install4j can help you to prepare an artifact that will be accepted by the App Store, you first have to make yourself familiar with the submission process by studying the Apple Developer documentation.

Configuring a media file for App Store submission

To prepare a package that can be uploaded to App Store Connect, start with a media file of type "macOS single bundle archive" and select the ".pkg for App Store submission" option on the "Installer options" step of the media wizard. Right below that option you have to select a provisioning profile file.

This file is created in the "Profiles" section of your Apple Developer account and determines the Apple distribution channel which must be set to "App Store Distribution". When creating the provisioning profile, you will have to select the App Identifier and a certificate of type "Distribution" or "Mac App Distribution". The App Identifier and the certificate have to be created in the Apple Developer account before the provisioning profile can be created.

However, the above certificate is not the only certificate that is required. The PKCS #12 certificate file for code signing in the macOS section of the "General Settings->Code signing" step has to contain both the "Mac App Distribution" certificate as well as a certificate of type "Mac Installer Distribution". As explained in the chapter on code signing, you can export multiple certificates by selecting them in the Keychain Access app together with their private keys. If you also have media files for standalone distribution on macOS, you can add the certificate of type "Developer ID Application" as well, so that there are 3 certificates in a single .p12 file.

Configuring the launcher for App Store submission

One requirement for macOS App Store submission is that the App icon contains images in the formats 16x16, 32x32, 128x128, 256x256 and 512x512 as well as their Retina variants with double the resolution. On the "Icon" step of the launcher wizard, add the files for the non-Retina formats, the icon compiler will try to pick up Retina files with an "@2x.png" ending and the same base name.

By default, install4j will generate a bundle identifier for your launcher that is written to the Info.plist file. In case of an App Store submission, you have to explicitly set the bundle identifier to the same value that you have configured in the App ID Configuration in your Apple Developer account. This is done on the "Executable info->macOS options" step of the launcher wizard.

Another requirement for the App Store is that the LSApplicationCategoryType key for the application category is set in the Info.plist file. You can also do that on the "Executable info->macOS options" step of the launcher wizard. Possible values for this key are listed in the Apple Developer documentation.

Finally, App Store apps have to run in a sandbox. This is enabled by the "com.apple.security.app-sandbox" key in the entitlements file that install4j adds automatically. Your app may need further entitlements, like the ability to read and write user-selected files. In that case, you have to include an entitlements file on the "Executable info->macOS options" step of the launcher wizard with content like

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
    "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
  </dict>
</plist>

For a list of all available entitlements, see the Apple Developer documentation.

Testing the sandboxed App

install4j will create a .pkg file that contains your application bundle. This is the kind of archive that is required for App Store submission. The App Store will install the .pkg file silently. To test your installation before submission you can also double-click the generated .pkg file and follow the instructions in the wizard to install the application bundle to the /Applications folder.

The installed application bundle will run in a sandbox just like the app that end users will download from the App Store. If some functionality in your application does not work as expected, it may be missing entitlements. Use the "Console" app to record logging output and find the cause of a failure.

Submitting the App to the App Store

The most convenient way to upload the generated .pkg file to App Store Connect is through the "Transporter" app that can be installed from the App store. For signing in, use the Apple ID of the Apple Developer account where the App is configured.

Before uploading the .pkg file, it is checked for issues that will result in a rejection. After you fix all these issues in your application, the .pkg file is uploaded and a more thorough check is performed that may take a couple of minutes. If that check does not pass, you will get an email with the list of issues that resulted in the rejection. If your app passes these checks, it will be selectable as a build in the App configuration in App Store Connect.

Another way to upload the app is with the Xcode command line tools:

xcrun altool --upload-app --file <file name>.pkg --type osx
      --user <user> --password <app-specific password>

Note that the password is not the password for the Apple ID but an app-specific password that you can create in your Apple Developer account.

To validate your app beforehand, replace --upload-app with --validate-app.