App Translocation in Ventura

Howard Oakley:

Most recently, Quinn “The Eskimo!” of Apple’s Developer Technical Support has explained: “The exact circumstances where the system translocates an app is not documented and has changed over time.”

[…]

Surprisingly, the third condition, of not moving the app or the folder it’s enclosed in, is no longer required for App Translocation to occur. In testing both within a VM and a regular Ventura system, translocation frequently occurs on quarantined apps even after they have been moved to the main Applications folder. It’s not entirely consistent, though: one app downloaded from the internet didn’t undergo translocation, while two others did, so there appears to be a random element involved.

The first condition also failed: apps that had successfully cleared quarantine underwent translocation repeatedly, even though they were being run from the Applications folder and the quarantine flag had been cleared.

You want to avoid translocation because, even if all your app’s resources are within its bundle, it will interfere with automatic updates. The app is mounted on a read-only volume, and “there is no supported way to determine the original (untranslocated) path.” You can avoid these problems by distributing your app in a disk image instead of in a ZIP archive. Apple says:

To provide secure execution, code sign your disk image itself using the codesign tool, or distribute your app through the Mac App Store.

DropDMG can also help with this.

Previously:

• MacStealer Malware
• App Movement Monitoring
• macOS 10.14.5 Requires New Developers to Notarize
• “Untranslocating” an App
• Gatekeeper Path Randomization

Update (2024-05-16): Howard Oakley:

One shortcoming is that Apple’s user documentation doesn’t seem to mention this anywhere, such as in its latest account of Gatekeeper. Even its Platform Security Guide only mentions it in passing: “When necessary, Gatekeeper opens apps from randomized, read-only locations. This is designed to prevent the automatic loading of plug-ins distributed alongside the app.” The only explanation provided for developers is in these notes in Apple’s Developer Forums, where we’re told that “the exact circumstances where the system translocates an app is not documented and has changed over time.”

This article attempts to explain how App Translocation or GRP work as of macOS 14.4.1 Sonoma.

Update (2024-05-17): Howard Oakley:

Although macOS has been happily translocating apps since Sierra, nearly eight years ago, the process can still bring problems, particularly when an app appears to have cleared quarantine, and is run not infrequently. Any problems that can cause might appear odd: it may be slow to launch, never update, not work properly with software firewalls, and can even be unstable and crash. So how can you tell whether an app is running in translocation?

Code Signing Disk Image DropDMG Gatekeeper Mac macOS 13 Ventura macOS 14 Sonoma Security

1 Comment RSS · Twitter · Mastodon

Leave a Comment

Name

E-mail (will not be published)

Web site

Δ