How can Mojave let you open an app with signature errors?

The differences between a full Gatekeeper check, an AMFI check for integrity, and a normal app open, and why signature errors can be tolerated.

App signatures are always checked on launch, but serious errors may be ignored

Whenever an app is opened in 10.14.2, its signature is checked asynchronously, often several times. But in many cases, macOS doesn’t act on any errors returned.

Last Week on My Mac: Weed control in the walled garden

Another worthless piece of “security theatre” about bundle signatures. I wouldn’t bother reading it, or downloading the new version of Signet.

How thoroughly does Gatekeeper check existing apps?

Is checking bundle signatures a waste of time once they have passed their ‘first run’ check? Does macOS ever do that?

Mojave happily runs apps with revoked signatures, and more

Has your Mac got any old apps and other bundles on it? Have their signing certificates been revoked, or are they perhaps unsigned? Here’s a new app to help you find out.