I'm looking for answer or documentation on gatekeeper and launching a MacOS app via a url scheme/custom protocol.
Our application is delivered via a zip file downloaded from the web. We utilize a url scheme. The act of extracting the app from the zip registers the url scheme with the OS.
From previous research/testing we found we had to break the gatekeeper lock (have the user move the app from the downloaded location) to ensure that the url is honored on first launch of the application. To ensure user compliance, we added a check to make sure that the lock has been removed by looking at the quarantine attribute.
This flow is not ideal. I am looking for alternatives and was previously under the impression that if we were to move to a DMG then that would provide the user a better user experience for moving it. However, now that I am getting around to looking into it, I am seeing some implied statements that this is not the case and that the quarantine bit will just be moved from the DMG to the app.
Questions:
- Does a DMG allow the app to be launched via custom protocol without prior launch or movement?
- With a notarized app, will the custom protocol work on a subsequent launch, even without prior movement?