How can i see a list of developers I have allowed for apps on my Mac (Mojave)

macos mojave gatekeeper

Solution 1:

Techinically approving an app from an developer is known as adding a "GateKeeper exception". However this is not done based upon the actual name of the developer (such as "Mega Super Software Ltd.") but rather based on certificates and so called code directory hashes.

You can use the Terminal to review the list of GateKeeoer exceptions you've added with a command like this:

sudo spctl --list --type execute

And you can remove a program from the list of exceptions by running a command like this:

sudo spctl --remove /Applications/AnApplication.app

where AnApplication.app is the app you want to no longer have approved.

As you can see the list of exceptions is hard to read as it doesn't include company or personal names, but rather these hash values and references to certificates.

Usually you'll see certificate rules being based on "anchor apple" (which means that the certificate chain of the app starts with Apple's own certificate) and that specific fields such as 6.2.6 and 6.1.13 are present, which means that it should be an Apple Developer certificate. Sometimes you'll also see that the leaf certificate (the last certificate in the chain) needs to have a specification OU (organizational unit) - for example WYH8F23PA3 or similar. This is Apple's internal code number given to organizations that have developer accounts.

The rules that are given using code directory hashes looks like 'cdhash H"1b9a8384...."' or similar. A code directory hash is a 256-bit number that can be calculated from the contents of the app, is almost guaranteed unique for a specific app and which ensures that if the app code is altered (for example to introduce malicious code) then the code directory hash will no longer match the app.

There's no publically available central storage of which actual company names / personal names corresponds with which cdhashes or certificate values. However you can inspect the files on your system to lookup the values for them.

You can inspect an application and find the above mentioned values, by running this command in the Terminal:

codesign -d -r- -vvvv /Applications/AnApplication.app

It will output a lot of information, amongst these the cdhash as well as certificate information and the actual company or personal name of the developer ID.

Note that if you haven't got the actual application anymore, you cannot easily find its cdhash or certificate information. Therefore you can have exception rules stored in GateKeeper for which you cannot find a matching cdhash or certificate.

Related

BBEdit: find / replace in selection
"su - non-root" arises "su sorry"
MacOS "Manage Storage" usage information does not add up [duplicate]
How can I make the draggable titlebar file icon always appear at the top of files in Big Sur?
Monterey: mirror iPad screen on Mac in separate window
How to get unique key from Dataset Spark [duplicate]
How to get all days in current month?
Oracle Apex - calling a process from a dynamic action
How to understand the usage of #define directive in this code example?
How to debug a failed systemctl service (code=exited, status=217/USER)?
How should you do matrix transformations?
Get one elements inside <tb> with Python