How checks differ when an app is launched from a new path, and the effects of gross changes to the Resources folder, and small changes to code.
amfid
Why signature checks are so complex, and a walk through log entries of a notarized app launching normally in macOS 10.14.5.
Look in Activity Monitor or the log, and you won’t find anything named Gatekeeper, is its a team of different systems, each of which can work on its own. Here’s the detail and a diagram.
App signatures are only checked on app first run – it may once have been true, but is no longer accurate. But can you bypass those additional checks? Is this a vulnerability?
Apple Mobile File Integrity is a combination of a KEXT and a LaunchDaemon which check app signatures, entitlements, and provisioning profiles.
The differences between a full Gatekeeper check, an AMFI check for integrity, and a normal app open, and why signature errors can be tolerated.
A detailed examination of what happens during the first few minutes after starting your Mac up. Vital for anyone trying to diagnose problems in that period.
The Eclectic Light Company 