How to prevent even root users from uninstalling or tampering the application on macOS

macos security sip anti-virus gatekeeper

Solution 1:

The aim is to prevent even root users from uninstalling our app on their mac.

You as a 3rd party developer can't prevent the root user or users with root privileges from uninstalling apps that they, technically, can install themselves. What one one admin can do another can (un)do.

The core OS is protected by SIP and if using Catalina or later, the system volume is read only. This is implemented at the very base layer and not at the application layer where you operate.

IT, however, can manage permissions, rights, and roles through the use of MDM (Mobile Device Management) software. Once a device is enrolled, IT will be able to create and enforce policies allowing/disallowing software use and installation.

This is for IT to manage, not the developer.

Solution 2:

you're gonna have to disable SIP by rebooting into recovery opening up a terminal window and "csrutil disable" (then reboot into the OS) and proceed to unload and delete the remaining kext files. As of 10.15(catalina) kernel extensions have been put on the /System/Library folder and only mirrored(or symlinked) into the /Library folder. Thus, in order to change the system parameters; you'll have to disable the /System's folder protection (SIP) and then proceed to unload whatever kexts you're not gonna use.

Be sure to re-enable csrutil (Same method as before though; utilize the command > csrutil enable)

Also, a while back(El capitain or sierra [don't remember right now and its been a while since i've disabled the unecessary garbage that comes preloaded with OSX]); anyhow; -- it used to be possible to disable kexts thru the same terminal on which you could disable SIP (recovery mode) or Single User Mode. In order to enter single user boot with cmd+s in order to enter recovery boot with cmd+r

I advice caution whenever dealing with System Parameters; some may render the system unoperational; or at least...some of the services that are offered could be severly hampered.

Another possible route would be thru the installation of "Provisioned Configuration Profiles" which bypass/block internal processes (as if they'd be installed by an organization or an MDM).

Related

macOS crashes on any sound
"Play on" UPNP/DLNA device from OSX
External iSight camera with M1 Mac?
tar: Error opening archive: Failed to open when upgrade using brew
Find files with comments in Finder search?
How do I read developer responses to my app reviews?
Where can I find the APFS format documentation / volume specification?
Finder preferences are ignored
How can I get more items in pop-up list of recent projects of Dock icon in VSCode?
com.automator.runner.xpc is not allowed to send keystrokes
Is there a command similar to Linux's command-not-found?
Reminders: prevent app quit on CMD+W