A future version of macOS (?10.16) will check code signatures more thoroughly than at present. Here’s what to do to start preparing for that.
Validating signatures isn’t straightforward. GUI apps are limited, and command tools confusing and prone to user error.
Now can check apps (bundles with the extension .app) to determine whether they’re notarized, from Apple, App Store, etc.
What does an error -67030 mean? How does one signing error lead to another? Helpful detail for interpreting results from checking signatures.
Auto-update, text sizing, and proper Build numbers make for a worthwhile update.
Crawls selected folders checking all app signatures. Reports all signatures which have problems, including unsigned apps.
This page is for your support questions and comments on my free utility Signet, for checking app signature […]
The differences between a full Gatekeeper check, an AMFI check for integrity, and a normal app open, and why signature errors can be tolerated.
Whenever an app is opened in 10.14.2, its signature is checked asynchronously, often several times. But in many cases, macOS doesn’t act on any errors returned.
Another worthless piece of “security theatre” about bundle signatures. I wouldn’t bother reading it, or downloading the new version of Signet.