Wednesday, May 29, 2024

App Store Apps Can Be Translocated

Howard Oakley:

This article demonstrates that the last of those isn’t necessarily true, and what happens when an App Store app ends up being translocated.

The combination of an App Store app with a quarantine xattr is a particular problem for users, as those apps are installed direct to their intended final destination, and their permissions discourage the user from trying to move them from there. That combination therefore defaults to satisfying all three requirements for app translocation to occur, which it will every time that app is run.

Without using Terminal’s command tools or third-party utilities like xattred and Mints, there’s no way for the user to discover whether an App Store app has a quarantine xattr, nor to check whether the app is being translocated. As (almost?) all other App Store apps don’t have a quarantine xattr and aren’t translocated, the user is unlikely to suspect those might be occurring, and could account for problems with that App Store app. In this case, purchasing and using the App Store version of UTM puts the app and its user at significant disadvantage compared to obtaining the app direct.

It’s not clear to me how the App Store download got the quarantine attribute. My guess was that this could happen if you do a direct download, don’t move it to /Applications, and then the App Store updates it to a newer version. In other words, the quarantined app becomes the App Store version. But that doesn’t seem to be what happened here.

Howard Oakley:

When you run an iOS/iPadOS app on an M1 Mac, if it has been downloaded from the App Store (currently the only supported method, as sideloading is forbidden), it doesn’t have a quarantine flag. Not only that, but app translocation has only occurred with apps undergoing their first run: once that flag has been unset, further translocations don’t occur. Thus, under the original rules for app translocation, there’s no way that it should occur in this case.

I’m going to look in more detail at how macOS launches and runs iOS/iPadOS apps in future articles, but here I’ll show some relevant log entries which demonstrate what happens, including the translocation.

John Smith:

iOS apps are translocated on macOS because of the possibility of spaces in app names (and in “Group Containers”). Some iOS apps expect GUID-based names and may not properly escape spaces, hence the translocation, whose name has no spaces.

Pico:

[Another]/related factor is that the user could rename the apps, which is something that isn’t allowed or accounted for when run on iOS.

Previously:

2 Comments RSS · Twitter · Mastodon


Randy Saldinger

"It’s not clear to me how the App Store download got the quarantine attribute."

As discussed in the comments of Howard's post, it sure *smells* like the quarantine EA arrived in the package installed by the App Store. The timestamp field of the EA is especially suspect, because it corresponds to the day after that version of UTM was released on GitHub (I can't tell exactly when that version was posted on the App Store, since it uses those helpful relative dates everywhere). This timestamp is almost a month before Howard did his test install from the App Store.

I verified that, if you package up an app that has a quarantine attribute (at least using the default productbuild incantation), that attribute will get restored upon install. I'd've expected the backend App Store processing to strip any quarantine EAs before re-assembling the (re-signed) package to deliver through App Store.app, but maybe that's not happening...


Leave a Comment