Stack Overflow
Stack Overflow

Questions tagged [osx-gatekeeper]

Gatekeeper is a new feature in OS X Mountain Lion that helps protect users from downloading and installing malicious software. Signing your applications, plug-ins, and installer packages with a Developer ID certificate lets Gatekeeper verify that they are not known malware and have not been tampered with.

Gatekeeper makes it safer to download apps by protecting you from inadvertently installing malicious software on your Mac. The safest place to download apps for your Mac is the Mac App Store. Apple reviews each app before it’s accepted by the store, and if there’s ever a problem with an app, Apple can quickly remove it from the store. When you download software from any other place on the Internet, Gatekeeper makes that safer, too. Developers can get a unique Developer ID from Apple and use it to digitally sign their apps. The Developer ID allows Gatekeeper to block apps created by malware developers and to verify that apps haven’t been tampered with. If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.

126 questions
1
vote
2 answers

Checking if macOS App Has Ever Been Un-Quarantined and Fully Launched

I'm trying to check whether an app downloaded from the internet has ever been fully launched. I'm trying to use xattr -p com.apple.quarantine for this, but the return value from this command, doesn't appear to be consistent. On one Mac, I get these…
William Gustafson
  • 526
  • 2
  • 13
1
vote
0 answers

How to bypass gatekeeper on macOS Catalina for only one particular program?

I don't want to find some disabling of gatekeeper where I just turn it off completely. However, I use SQLiteStudio probably more often than majority of the applications on my computer, but every single time I open it (which I try to avoid and just…
dblover
  • 11
  • 1
1
vote
1 answer

Determine if an app is allowed to launch in macOS

Is there a way to programmatically determine whether an app is allowed to be launched in Security & Privacy settings in macOS? I am trying to silently launch an .app that is downloaded from the web from within a Cocoa application, but if the user…
Dmitry Serov
  • 861
  • 11
  • 22
1
vote
0 answers

OSX gatekeeper not reject third party app

I have built my java application as .app bundle for mac os with simple script to run my jar file. I have sign code with command codesign -s "My company" my-app Verify with codesign --verbose=4 my-app and get myapp: valid on disk myapp: satisfies its…
Dung Nguyen
  • 13
  • 3
1
vote
0 answers

Webarchive (Safari) file placed inside my sandboxed app's folder gets damaged. What permissions do I need?

Now this is an interesting case. You save a webarchive file from Safari to your desktop. It works fine, Safari can open it. No problems. If you drag&drop this webarchive into my app, the file will be moved to my app's container folder with…
UJey
  • 1,442
  • 11
  • 15
1
vote
0 answers

Signing a Mac App Store app with Developer ID for test release

I've got a Mac App Store app for which I distribute ad-hoc betas using Slack. These betas rely on the Sandbox Testing environment and provisioning profiles for authentication (and that way my Mac App Store receipt validation gets tested in the beta…
Dov
  • 15,530
  • 13
  • 76
  • 177
1
vote
0 answers

Xcode Automatic Signing for macOS Developer ID

I'm trying to sign a macOS app with Developer ID / Gatekeeper using Xcode 8 or 9. In the past, I've always done this by scripting codesign. But now I want to add a iCloud entitlement, and that seems to require signing by Xcode. The page on…
Jerry Krinock
  • 4,860
  • 33
  • 39
1
vote
0 answers

What com.apple.quarantine value should I set to mark a file as potentially malicious?

I'm making a desktop application which will open files (of the LHTML format) and which can save files (of whatever format) to a user's computer. In other words, a user might: Download something.lhtml from an email they receive Open…
iffy
  • 719
  • 1
  • 4
  • 20
1
vote
1 answer

Is it possible to disable mac gatekeeper by extension?

I want to be warned by Mac gatekeeper whenever I attempt to use an app for the first time that is not signed through the store. However, I'm having trouble using LibreOffice Vanilla by clicking on files with relevant extensions (eg .ods, .odt). It…
Joe Murray
  • 585
  • 5
  • 21
1
vote
1 answer

Gatekeeper Path Randomization for Developer signed DMG?

We are packaging our app for drag and drop installation DMG as following: Application Name/Application.app Application Name/Readme Application Name/Examples/... Application Name/Documentation/... And user is supposed to d&d Application Name Folder…
IvanG
  • 31
  • 2
  • 6
1
vote
1 answer

Problems verifying signature of OSX app for GateKeeper (Sierra) ["the code is valid but does not seem to be an app"]

I am building my app and signing with a valid code signing certificate (Developer ID Application...) via: codesign --force --verify --verbose --sign "Developer ID Application:..." My .app/Contents/MacOS folder has a natively compiled…
spartygw
  • 3,289
  • 2
  • 27
  • 51
1
vote
1 answer

Cannot sign OS X app with Developer ID certificate properly

I've read almost anything and everything there is about signing Mac Application for distribution outside the Mac App Store. Basically - I have a valid "Developer ID Application..." certificate (created a new one just in case) and I made sure all…
djogon
  • 281
  • 2
  • 3
1
vote
1 answer

How to sign APP installer on OSX using productsign?

I got an installer certificate from Apple, my installers are custom APPs (no pkg or something). Now if I run productsign —sign "Developer ID Installer: xxxx" /DATA/Install/xxx.app /DATA/Install/xxx.app.sign it just says this: Usage: productsign…
mrzacek mrzacek
  • 308
  • 2
  • 12
1
vote
1 answer

What does the console record "... kernel[0]: AppName[a number] Unable to quarantine: 1" mean?

Lately, I have been trying to sandbox one of my Cocoa apps. Other things are fine, except that I keep getting the information as in the title in the console for my app. The record seems to appear at the moment of my file read/write operation. But…
Terry
  • 337
  • 2
  • 9
1
vote
1 answer

Signed abc.pkg passes spctl control and fails check-signature control. Consequences of the check-signature tool failure?

We have created an abc.pkg installer which contains two different packages; a def.mpkg(bundle style) and a ghi.pkg(flat package). The installer supports OS version 10.5 and above. We have digitally signed the abc.pkg installer and based on Apple's…
KoKa
  • 797
  • 1
  • 14
  • 31
1 2 3
8 9