Hi,
I am testing the behavior of my app if I change it's app bundle content.
I created an app with a script within it's Resources folder.
I signed the app and verify that the code sign is accepted with the spctl
command.
Then I modify the script within the app bundle and spctl
gives me a sealed resource is missing or invalid
which was expected.
However I thought that I wouldn't be able to launch the app bundle now that it is compromised but I was able to execute it.
Do I need to make it go through GateKeeper by first downloading the app from a server? In that case if I download an non-modified app, launch it successfully then modify it, would subsequent launch fail or not?
The app will be delivered through MDM and I think that GateKeeper does not verify MDM-delivered apps.
Is it possible to make the app non-launchable if the files within its Resources folder have been modify/compromised?
Edit: The app won't be installed to /Applications/
but to a specific folder
Thank you in advance!