All apps now undergo Gatekeeper assessment, but only some have XProtect checks for malware, and the unfortunate few get translocated too.
LaunchServices
Details of the chain of information, from the UTI of the file to be opened, through LaunchServices’ database of document types. How to deal with problems.
Using lsregister to clean up the Open With menu only works temporarily, and it’s populated by apps found anywhere local to your Mac. That’s not good for VMs sharing the Applications folder.
Odd problems with Sonoma: every old app now listed in the Open With popup menu in the Finder, and lsregister that reports errors, and gets System Settings into trouble.
After the dataless file, we get the codeless app, in the form of Sonoma’s new Web Apps. These sidestep issues of code-signing with their linked UUIDs and ad hoc signatures.
A fuller account with log extracts to show what happens when a user creates a Web App, and when they run it.
What is a Web App? How to create and use them, and how they run without any executable code. Could crafted Web Apps turn malicious?
What if, when you double-click a document, the wrong app tries to open it, or maybe the right app but wrong version? Includes command tool use.
launchd, LaunchServices, RunningBoard, TCC, CFPrefsd, and other macOS services that manage and control your apps.
I’m browsing images in the Finder, when my software firewall tells me macOS is trying to phone home to one of Apple’s servers. We all know what that means, don’t we?