The pain of publishing free desktop apps in 2026

Blog: 15-Feb-2026

Once upon a time you could knock out a desktop app (known as a program back then) and give it to a friend to play with. You could attach it to an email or pass it over to them on a USB stick. Maybe even upload it to some site somewhere and send them a link. Sadly, that age of innocence is long gone, for which we can thank the barely human scum who punt out malware with the express aim of ruining people's lives.

a woman surrounded by monsters — *Scumware authors surround another victim*

I hadn't thought about this in years, but I recently built a really basic Mac and Windows desktop app while learning how to develop with AI, and I thought idly to myself: "Why not put it up somewhere in case someone else could make use of it"? Seemed like a good idea. Oh, how naïve I was! I soon discovered that hobbyist desktop devs at Microsoft and Apple are about as welcome as a foreskin at a Bar Mitzvah. So I thought I'd write about the path of pain you have to crawl down to publish a free desktop app for Mac and Windows in 2026 (and yes, I know you can do anything you like on a Linux desktop, but that's still too niche for most people, so I'm ignoring it here, sorry!)

two elephants and a mouse looking at laptops — *"Don't forget me!"*

Firstly, let me say that I completely understand why Apple and Microsoft have to defend their users from the myriad unprincipled pricks out there. And no doubt they don't want their stores full of Hello, World apps written by kids trying to impress grandma. But I fear the bar is so high now that only real die-hards will persevere.

To be clear, you can distribute uncertified apps on both platforms if you ask your users to bypass built-in safety features. Apple still officially supports bypassing Gatekeeper for Macs, but they strongly advise against doing so. And though I couldn't find an equivalent MS official source on how to bypass SmartScreen warnings, you can google ways to do so. But those workarounds amount to asking your users to take a drunken midnight walk in London with their iPhone in one hand and their wallet in the other. You just know it ain't gonna end well. So here's how to go about getting your free Mac and Windows desktop apps safely published. Be warned: It's not pretty.

two ugly wrestlers fighting — *Two not-pretty desktop users debate operating systems*

Publishing free Mac desktop apps

You will need to have a Mac for all of the following steps because the process requires Mac-specific tooling and certification. What Apple want (what they really really want) is for you to use the XCode magic carpet process to publish your app on the App Store. But there's a problem here: You have to pay $99 annually to keep it in the store. That's a lot of money if you aren't charging for your app. So the cheapest poor-man's way of publishing a free app is to pay the $99 penalty just once. This gives you access to the necessary Apple developer's certificate and tooling. Then you have to do this:

code sign the app with the certificate to prove it was written by an Apple-approved developer
notarize the app with a timestamp (this can take minutes, hours, or fail completely)
staple the notarization to the app (to allow offline installation)
create a .dmg (disk image) and put the app in it for distribution
notarize and staple the .dmg

You can do the initial code sign and notarization in XCode, but you have to use external tools for packaging it in a .dmg. The free utility create-dmg is very good for making an attractive .dmg which enables users to drag the app into the Applications folder (which Mac users will be very familiar with). Then you use the CLI utility notarytool to notarize it. Apple could have automated all this in XCode , but they really really want you to use the App Store. You can actually script the whole process without using XCode at all, but you will need to install the Command Line Tools for Xcode package to do so. I did this a couple of years ago with a Rust CLI app. You need the detective abilities of Hercule Poirot and the patience of a saint to get it all working, but it can be done.

The notarization timestamp is the key to longevity and will allow your app to still be installed even if your Apple developer membership expires. It proves that the app was valid at the time of notarization. So, provided that you don't change the app (or the .dmg it comes in), it will last for years. Of course, if you release an update, you will need a valid Apple cert to go through the whole process again.

However, notarization is famously prone to random failures. I have currently been waiting for over two weeks to get a resolution from Apple dev support for the well-known failure message: Team is not yet configured for notarization. Others have waited months to get this fixed. And you can't publish your app without it. It worked for me a couple of years ago. It's failing for me now. It's a show-stopping PITA and a long-running mess which no-one at Apple seems interested in fixing.

a man knocking angrily on Apple's door — *How Apple Dev Support handle an unhappy dev with notarization issues*

But assuming the notarization lottery worked for you, then: Congratulations! You can now offer up your .dmg for people to download and safely install your app, and it only cost you $99 (I hear the sound of hollow, despairing laughter).

So, having given Apple a bashing, how does Microsoft fare in comparison?

Publishing free Windows desktop apps

What MS want (what they really really want) is for you to use the Windows Store. For reasons I'm unclear about, the Windows Store gets a lot of flak from most terminally online commentators, possibly because it requires an MS account to use it. But then so does the Apple App Store, and no-one cares about that? Anyhow, MS have a similar process to Apple in that they require code signing whether in-store or elsewhere, but nothing like notarization. But getting around the SmartScreen warnings is mystifying and only partially documented.

Firstly (and weirdly), there are two levels of code signing certs:

EV (Extended Validation)
OV (Organization Validated)

You can buy these from numerous vendors, but you can only buy the EV type if you are a registered company with at least three years of trading history. They are also eye-wateringly expensive; think $500 upwards annually. OV certs used to cost around $100 annually but have risen recently to low hundreds of dollars, so they are also very expensive. But here's the kicker: you still get SmartScreen warnings for a new app using an OV cert! SmartScreen will only trust your app once it has gained sufficient reputation by getting installed by an undocumented number of users over an undocumented time frame. MS won't divulge any details of this process; they just nudge you to use the Windows Store instead. So buying an OV cert is simply pissing away your hard-earned cash for zero measurable benefit—unless you don't mind waiting months to gain reputation from the 5% of your potential users who were curious and brave enough to actually install your app despite the SmartScreen warnings.

But ... Microsoft to the rescue! Perhaps in response to the egregious scumbaggery of the greedy certificate vendors, MS recently introduced Artifact Signing. This was previously known as Azure Code Signing. The downsides of it are that it is currently only available to individual developers in the USA and Canada, with no date set for the rest of the world. And it is brutally obscure and impenetrable to sign up to. The entire site is dripping in either screeds of useless marketing blurb or incomprehensible Azure system terminology. But eventually you discover that you can pay $9.99 a month to get access to code signing certs, which sounds great! But two blindingly obvious questions remain:

do you still end up with a rebranded OV cert that pops up SmartScreen warnings? (I'm guessing: Yes)
can you sign up for just one month or dip in and out occasionally? (I'm guessing: No)

Naturally these are not answered in the FAQ. Have a read of Scott Hanselman's article about doing this, then have a large scotch to recover. What's interesting about this service is that the certs only last for a few days. But (as with Apple) if you timestamp the app signing process with a valid cert, then it will work for years—or at least until you want to publish an update, when you will need to re-sign it with a fresh certificate. But it's inaccessible right now for an individual like me who lives outside of the North American continent. And there's no hint or sign of it ever coming our way.

But ... Microsoft to the rescue again! There is currently one little-advertised MS option which is currently free to publish a Windows app! You have to:

wrap your app as an MSIX package
publish it to the Windows Store

MS will then code sign and publish it for free for you! You do have to enrol as a developer for Microsoft Store which is currently also free to join. Then there is a bit of messing around in Visual Studio to get the MSIX package system set up, but it's not bad. And the Windows Store application form is wordy but straightforward. So grab it while it's hot! This is no doubt a sweetener to get devs to move over to the MSIX package format instead of delivering traditional .exe files in endless varieties of custom installers. However, MSIX does have plenty of advantages:

platform-independent packaging format
uninstalls cleanly leaving no remnants
no duplication of shared of files across apps
supports updates and runtime fixes
can packaging existing Windows apps

The one downside is that it only works with Windows 10 1809 (October 2018 Update) and above. I have sympathy for anyone having to run an OS that's now well over seven years old, but not so much that I'm going to to spend hundreds of dollars to buy a code signing certificate to give them a free app.

a young woman and an old man laughing at an old computer — *Sympathy only stretches so far ...*

I think Microsoft are heading in the right direction here though. You may not care for MSIX apps and the Windows Store, but (unlike Apple) they do at least give developers some sort of option to give away free apps in a supported manner without charging them. Until recently MS would have charged you a one-off $19 to join their Store development program, but in late '25 they dropped the fee altogether. This is a great step forward. In an ideal world, they would also open up the Artifact Signing service to everyone and offer a one-month purchase option for non-commercial devs.

Conclusion

Publishing any type of free Mac or Windows desktop app in 2026 is hard work. There's a lot of ball-ache on both platforms, thanks to:

the confusing, hard to find, and incomplete documentation on both platforms
the form-filling for getting on the stores
the tricky and failure-prone CLI rituals you have to endure on Macs
the cost of codesigning (other than MSIX apps on the Windows Store)

But at least MS offer one way of doing it for zero cost, so props to them! I don't think anyone at Apple has any concept of free though. The whole notion would no doubt astonish them. It would be (to steal Jackson Lamb's glorious line from Slow Horses) like explaining Norway to a dog.