My free utility Taccy runs several checks which are valuable in both Mojave and Catalina. If you’re experiencing problems with privacy settings, it will not only inspect an app’s entitlements and other settings, but will browse the log helping you to troubleshoot the issue. It also checks whether an app is notarized and whether it’s hardened for extra security, both of which are relevant to 10.14.x and 10.15.
What it hasn’t been able to do, until now, is perform any signature checks on Installer packages. Those not only have to be signed with special developer certificates, but from June this year are also required to be notarized.
This new version of Taccy now checks the signature and notarization of Installer packages. Simply drag and drop them onto the app’s icon, or open them from within Taccy, and it will report whether they are signed or notarized. I was tempted to get more ambitious, and to start looking inside the package, but that’s a job better done with Suspicious Package or another tool.
Thanks to Roger for asking me to add this feature.