0

Can someone please clarify below behaviours from security point of view: Please note, application will be distributed outside AppStore.

  1. I built mac application (.app) and I have not signed the same with developerid. If I open the app one some other Mac where Security & Privacy setting is Allow downloads from – Mac App Store and identified developers . In this scenario, will this app supposed to run? As I understand from the security, it should not. But it is running fine without warning.

  2. If I build dmg file with the app and both dog and app are not signed. How should be the behaviour in this case when I click on dmg?

  3. If I sign dmg file not app. What should happen when I click on dmg file and later app? Only signing dmg is enough?

Ramaprasad Upadhyaya
  • 457
  • 4
  • 16

1 Answers1

3

  1. The Gatekeeper security policy only applies to "downloaded" files. When some apps (e.g. Safari, Mail, Messages, etc) download a file, they apply a com.apple.quarantine extended attribute to the file, marking it as being in quarantine because it was downloaded from an untrusted source. When you open the file, several quarantine-based security policies are applied, including the Gatekeeper policy.

    If the file was never placed in quarantine because it was not "downloaded", the Gatekeeper policy will not be applied. Note that copying files via USB disks, AFP or SMB file sharing, etc do not apply the quarantine attribute (see this Apple.SE question).

    If you want to test the quarantine behavior, you can create your own com.apple.quarantine attribute with either of the procedures described here.

  2. If the disk image is quarantined, the quarantine will be applied to its contents and running the app will apply the Gatekeeper policy. If the disk image is not quarantined, Gatekeeper will not activate.

  3. Under older versions of OS X (through 10.11), signing the disk image is irrelevant. If the disk image is quarantined, the app contained in it will be as well, and so the app must be signed to run.

    [UPDATE] Starting in macOS Sierra (10.12), signing the disk image is sometimes required in addition to signing the app. The details are complicated, so for simplicity's sake I'll just recommend signing your disk images. But be sure to do the signing under 10.11.5 or later; that's when Apple added the ability to embed a signature in a disk image in a way that won't be lost when it's downloaded.

Community
  • 1
  • 1
Gordon Davisson
  • 118,432
  • 16
  • 123
  • 151
  • Excellent up to the point answer. Thank you. Can you also clarify me, lets say I download dmg over http -> right click and run the dmg in finder -> App will gets installed on the /Application folder -> Now, If I run the app, will it prompt again with Gatekeeper message? – Ramaprasad Upadhyaya Apr 16 '14 at 03:49
  • It depends on how the "App will gets installed on the /Application folder" step happens. If you use the Finder to copy the app from the disk image to /Applications, it'll copy the quarantine attribute (along with other file properties), so you'll get the Gatekeeper message when you run the app. On the other hand, if you supply an installer package (.pkg file), the Gatekeeper policy (quarantine check and signature check) gets done on the .pkg file, and if that passes the .app is installed without a quarantine attribute. – Gordon Davisson Apr 16 '14 at 05:42
  • BTW, right-clicking the .dmg file doesn't do anything special, since Gatekeeper's policy doesn't apply to .dmg files -- instead, it applies to the files inside the .dmg. – Gordon Davisson Apr 16 '14 at 05:43
  • Thanks.So, If I accept opening of package then "confirmation" will be applied to apps (which are inside package) that installer package will copy. – Ramaprasad Upadhyaya Apr 16 '14 at 08:02