Is provenance tracking intended to make app launch times shorter despite new Gatekeeper checks, or is it trying to make it harder to cheat?
How the new tracking extended attribute is attached to apps, how it’s recorded in a security database, and how it’s checked. But for what purpose?
Ventura introduces a new extended attribute com.apple.provenance, used to mark successful clearance of quarantine. It’s protected by SIP too.