Release History

The table below summarizes the released versions of Apparency, and what fixes and enhancements were made to each version. You can determine the version you have installed from Apparency > About Apparency.

Release History for Apparency
Version Changes
1.7 (316) Released on November 5, 2023
  • Enhanced the Launch Information inspector to show implicit launch constraints, which are those associated with the components of macOS itself. Open a macOS component in Apparency, and use Component > Show Launch Information to see the constraints that apply. Use Window > Implicit Launch Constraints to see all of the implicit constraints defined by macOS. Props to Csaba Fitzl for reverse-engineering and documenting this mechanism.
  • Improved the handling of components that are ad hoc-signed by the macOS linker. The linker does this signing to meet the Apple Silicon requirement that all executables have a code signing digest, or cdhash. This used to be shown as having Conflicting signatures, which was technically accurate (because the Intel code is usually unsigned) but was nevertheless confusing. Now, in the most typical case of linker signing, the Signed By will be Linker (Ad-Hoc).
  • Enabled the Show Code Signature button (on the toolbar or the info pane) for more cases of Conflicting signatures, especially those involving ad-hoc signatures. This allows you to see the details for each processor architecture. For example, this can be useful on certain apps exported by Script Debugger's Export Run-Only command.
  • For macOS Sonoma “web apps” — created in Safari using File > Add to Dock — Apparency now shows a Kind Detail of “Safari Web App” in the info pane.
  • Fixed a bug where certain macOS frameworks wouldn't open correctly, showing the error bundle format is ambiguous (could be app or framework). This could happen after a macOS update, if the framework now resides on a a “cryptex” rather than on the Signed System Volume. (This can happen with Rapid Security Response updates, but also with updates like Safari, which installs new versions of WebKit and related frameworks.) Apparency will now correctly recognize the special status of macOS system frameworks, even on the cryptex volume.
  • Fixed a bug where opening a component using the “appy” command-line tool could silently fail, especially if the given path happens to be a symbolic link, such as /Applications/ (which links to a path on a “cryptex” volume). Apparency will now properly open the target of the symlink — or will show an error if it can't do so.
  • Removed support for macOS 11 (Big Sur).
1.6.1 (294.3) Released on October 20, 2023
  • Fixed a bug that could cause Apparency to crash on startup, if you happened to have an installed launchd job in which the definition plist has a Program key with an unexpected type. Apparency reads all of the launchd job definitions to associate them with components, for showing in the Launch Information inspector. However, it dealt badly with some technically-out-of-spec keys that don't seem to bother launchd. Now Apparency is more circumspect.
1.6 (294) Released on September 23, 2023
  • Compatibility updates for macOS 14 (Sonoma).
  • Added new Launch Information inspector, which shows:
  • The info pane now shows the number of Launchd Jobs that reference the selected component; if there are any, you can click the link button to open the Launch Information inspector for more details.
  • Improved the Kind Detail (in the info pane) for a number of newer App Extension types, and fixed a few types that had been incorrectly described.
  • When inspecting an Info Property List, Entitlements or a Launchd Job Definition, you can Control-click on an item (dictionary key or array item) to copy various bits to the clipboard: the key, the value or a new property list with just that item, in XML format. For Info Property List files, you can also copy the plutil(1) or PlistBuddy(8) command that would extract that value from the property list, for pasting into Terminal or using in scripts.
  • When searching an Info Property List, Entitlements or a Launchd Job Definition, recent search terms will now be preserved across components and app launches.
  • Added support for opening an xcframework: this allows you to inspect the code signature on the xcframework itself (encouraged with Xcode 15 workflows), and examine the individual frameworks that it contains for each platform.
  • When generating Quick Look previews, Apparency will now skip verification of the code signature if it might take any meaningful amount of time. Previously, the Quick Look preview used the same heuristics as the app, but it is just too easy to trigger an unwanted preview request for a large app, just by clicking around in the Finder or an Open panel. You might click away immediately, but macOS doesn't notify us that the preview was cancelled, and so our Quick Look Preview extension process — which, in Activity Monitor, might be called Open and Save Panel Service (Apparency) or Apparency (Finder) — can churn through a lot of CPU to produce a preview that nobody wants! This might result in some Quick Look previews — ones that you do want — showing Skipped verification due to size; if this occurs, click Open with Apparency to see the verification results in the app.
1.5.1 (285) Released on April 4, 2023
  • Added the required (minimum) macOS version to the info pane (and also to the Quick Look preview). This is extracted from the Info.plist, or failing that, the Mach-O binary deployment target version. If there are different requirements for different architectures, Apparency will show the oldest supported version: if you require more detail, you can use Component > Show Info Property List, and/or Component > Show Executable Information. [Read More]
  • Improved explanation for a code signature with an expired certificate: we no longer claim the certificate is “not trusted by macOS” since it clearly is (for some purposes), but instead explain that macOS mostly doesn't care. We also show the expiration date more prominently.
  • Added Component > Open Component With Archaeology, for when you need a lower-level view of a bundle or Mach-O executable.
1.5 (277) Released on October 22, 2022
  • Compatibility updates for macOS 13 (Ventura), including:
    • Recognize new bundled helper daemons and agents (managed via the new SMAppService API) If Apparency finds launchd plists in Contents/Library/LaunchAgents or Contents/Library/LaunchDaemons, it will ensure that the referenced helper binary is shown as a component, with a kind of “Background app service agent” or “Background app service daemon.” If you select such a component, you can use Component > Show Launchd Configuration to view the associated launchd job definition plist.
    • Fix a problem where opening a system framework (whose binary has been moved to the DYLD Shared Cache) would produce a “bundle format is ambiguous” message. (Apple changed the bundle structure of these system frameworks again, so that now instead of missing a top-level binary symlink, as on Big Sur and Monterey, they have a broken symlink at that location.)
    • Stubbornly refuse to let our Preferences menu item be renamed to “Settings.” Sure, it's very generous of Apple to to automatically change this one string for us, but the menu item is referenced in dozens of other places in our alerts and documentation, and we just don't see the value in changing every one of those and having them be wrong for users on Monterey and Big Sur...
  • Fixed a bug where a code signature might have been incorrectly reported as valid if the executable was corrupted (or tampered with) only for an inactive processor architecture. For example, if you were running Apparency on an Apple Silicon Mac, and select a component that has both Apple Silicon — 64-bit and Intel — 64-bit support, and if the Apple Silicon part was valid but the Intel part was corrupted, Apparency would show the signature as verified. Now it will properly report Can't verify signature in this case. Use Component > Show Code Signature to see details for each architecture.
  • Fixed a bug where a code signature from an expired certificate was properly shown as such, but the Gatekeeper status was evaluated as if the signature was trusted, which was confusing. Now the Gatekeeper status is shown as Can't evaluate in such cases.
  • Added Component > Quick Look Component to show an inline preview of the selected component. Although this isn't especially useful for bundles and Mach-O executables (where it tends to produce a preview generated by Apparency itself), it can be useful when an app contains script components that are previewable as text. (You might need to enable searching in de facto “code places” in order to see such scripts.)
  • When requesting Quick Look previews, Apparency tries to “convince” macOS to choose a better preview extension for some files, by making a temporary copy with an adjusted file name. For example, a Perl script named installcli might be uselessly previewed as a Unix Executable File, but Apparency knows it's a Perl script (from the #! directive) and will ask Quick Look to preview it as instead -- thus showing the actual source text of the script. When this trick is used, Apparency will show a pencil icon next to the file name at the top of the preview: click this for details about the file kinds that Apparency inferred and how it renamed the temporary copy.
  • When holding down Option to use Component > Show Executable in Finder, or Edit > Copy Path for Executable, the executable path for a framework will be resolved of symlinks, so that one gets directly to the versioned executable.
  • Tweaked the validation of App Store receipts so that the Receipt Verified status — shown in Component > Show App Store Receipt — more closely matches the result of modern Apple sample code.
  • Removed support for macOS 10.15 (Catalina).
1.4.1 (218) Released on March 14, 2022
  • Added File > Show Entitlements for All Executables (Command-Control-A) to show a single “merged” view of all entitlements across all components of an app. You can also select an entitlement and copy the identifying information for all components that request it, in a form that can be pasted directly into a PPPC Profile. [Read More]
  • Tries harder to avoid showing “stale” component information — especially version strings — when an app has been recently updated. This was an issue with macOS caching of bundle information. The Quick Look preview was especially susceptible, since the lifetime of our app extension process is completely under the control of the Quick Look mechanism. We believe that stale info is less likely to appear now, but there may still be circumstances where Quick Look previews themselves are cached.
  • Make the Quick Look preview activate for more file kinds, including App Extensions (such as those for sharing, photo editing or widgets), Network Extensions, Endpoint Security Extensions and DriverKit Extensions. These are mostly only buried inside app bundles, but it can still be useful to Quick Look them from Suspicious Package.
  • Find components in Contents/Library/LaunchServices — these are usually “privileged helper tools,” which the app can install (with password authorization) via the ServiceManagement framework. If such a component has an embedded launchd plist — as is required by ServiceManagement — this can be viewed using Component > Show Launchd Configuration.
  • Find components in Contents/Applications as an additional de facto “code place”.
  • More standard Info.plist and entitlement keys are linked to Apple documentation, via Open Apple Documentation for Key button.
  • Recognize apps with TestFlight signatures as Apple-signed code, akin to App Store signing.
  • Addition of “appy” command-line tool, for quickly opening an item in Apparency from the Terminal. See Help > About the Command-Line Tool for installation instructions.
1.4 (175) Released on December 7, 2021
  • Make the Quick Look preview activate for more file kinds, including standalone (old-style) Quick Look generators, (old-style) Spotlight importers, generic bundles and kernel extensions. [The latter works only on macOS 11 (Big Sur) or later, since kernel extensions finally got a system-defined UTI in the same release that deprecated them!]
  • Show the component Kind in the Quick Look preview, and fix several issues around the display of the icon, executable information and sizing for certain standalone executable types, such as Mach-O dylibs and shell scripts.
  • Various fixes to make Quick Look previews from Suspicious Package more clear and useful, and to ensure that items exported from a package are presented properly, even if found in a temporary directory -- as will be the case for items auto-exported by Suspicious Package for previewing, and then opened in Apparency proper.
  • Added an option to look for components in de facto “code places”.
  • The attributes on the info pane are more universally selectable and copyable. [Read More]
  • Improved handling when opening the main executable of a bundle directly, e.g. opening instead of
  • Improved handling of certain Apple-signed software where the code signature couldn't be verified due to “custom omit rules.”
  • Additional detail for Component > Show Notarization Ticket, including the actual notarized hashes and how they map onto architecture-specific components within the app.
  • Removed support for macOS 10.14 (Mojave).
1.3 (130) Released on August 28, 2021
  • Compatibility updates for macOS 12 (Monterey), including:
  • In the info pane, allow the Identifier, Version and Signed By values to be selected and, therefore, copied.
  • Fixed a bug where an app's main executable might show up as a separate component. (This would happen only when the app was on the data volume of a system volume group other than the booted one.)
  • Fixed a bug where the Edit and Component menu items related to shared app group containers might not be visible through the Accessibility interface — which could also impact apps such as Many Tricks Menuwhere.
  • Fixed a bug where the search field in the Entitlements inspector could stop working after changing processor architectures.
  • More quickly stop any running code signature verification when closing an Apparency window. Unfortunately, the code signing API limits how efficiently we can stop verification that is already under way, but Apparency is now better about not starting irrelevant verification work after the window is closed.
  • Squashed some memory leaks in the determination of Gatekeeper policies.
1.2 (118) Released on March 7, 2021
  • Runs natively on Apple Silicon Macs.
  • Improved compatibility with macOS 11 (Big Sur), including:
    • Adopted the new “unified” style for the toolbar, and updated the icons to fit in better with the general Big Sur “design language” — especially when the toolbar is configured for Icon Only mode.
    • Updated to a new iOS-style Big Sur-style app icon. We're still not fans, but since our app icons were all circles before, we can't get too snotty about them all being “squircles” now. Having every icon on the system be the same shape seems a dubious improvement to macOS, but our icons aren't going to change anything.
    • Fixed other display and icon issues throughout the app.
  • Added Component > Show Provisioning Profile, which will be enabled for certain apps that use iCloud or other services and features that Apple restricts more tightly, at least outside of the App Store. (A provisioning profile is also used to restrict an app to running on specific devices, but this much less likely for macOS apps than for iOS ones.)
  • Where an app has a provisioning profile, Components > Show Entitlements will show which entitlements are provisioned and which are not (and which do not require provisioning). This appears as an icon in the last column.
  • Added Component > Show App Store Receipt, which will be enabled for any app installed from the Mac App Store. This allows you to see attributes of the receipt, including original purchase attributes, and to examine the validity of the receipt and the Apple signature thereon. If a receipt is found, File > Show in App Store will show the product page for the app in the App Store.
  • Added handling of a notarization ticket, where one is “stapled” to the main app bundle. Where this is found and verified, you'll see the Notarization given as Granted — Stapled Ticket for the component called out in the ticket. You can also use Component > Show Notarization Ticket to examine the Apple signature on the ticket.
  • Added Component > Show App Container in Finder, and Edit > Copy Path for App Container, for apps and other components that use the App Sandbox. The app container can also be revealed using the new Show Container toolbar button.
  • Added Component > Show Group Container in Finder, and Edit > Copy Path for Group Container, for components that opt into shared app groups.
  • Added recognition of System Extensions (such as Network Extensions and Endpoint Security extensions) as components that can exist inside an app bundle, and improved determination of the Kind Detail for various extension kinds.
  • Improved checking and reporting of the trust associated with code-signing certificates. Component > Show Code Signature now describes the category of certificate, from amongst the various types that can be issued or used by Apple, as well as other signature- and certificate-related attributes. It also more clearly shows when certificates have expired (in the absence of a verified signing time).
  • From the Executable Information sheet, allow Edit > Copy of a selected Dynamically Linked Library, Runtime Search Path or DYLD Environment row. (For a library, the original library install path is copied.)
  • Made the Signature column more clear for certain cases, such as where Gatekeeper would reject a verified (but insufficient) signature.
  • Made the Quick Look preview more usable from the Finder's preview pane, i.e. View > Show Preview. Since the preview pane is typically much smaller, and since some information is shown directly by the Finder at the bottom of that pane, Apparency now uses a more compact format here. When using View > as Gallery, or the classic separate window of File > Quick Look Item, Apparency still creates a larger preview. Unfortunately, Apple provides no proper way for us to detect what context we're being shown in, so there's a bit of guesswork involved here, but we think it at least works better than it did.
  • Fixed some bugs in the handling of the toolbar, including the fact that changes made via View > Customize Toolbar did not get saved, and that items pushed into the trailing “overflow” section of the toolbar did not get enabled properly.
1.1.1 (75) Released on November 6, 2020
  • Updated for general compatibility with macOS 11 (Big Sur) — albeit with some caveats.
  • On Big Sur, when opening a system framework on the new sealed system volume, Apparency finds the executable in the DYLD shared cache so that the Executable Information is still available. Also, Apparency no longer shows a bunch of errors about the now-broken code signature on such system frameworks. See more info here.
  • If a component is signed by a now-revoked certificate, allow Show Code Signature, so one can see the details of the certificate and/or export it for further analysis. (In this situation, codesign(1) does not provide useful certificate details nor allow it to be exported.)
  • Enable a standalone Mach-O binary to be opened even if it lacks an executable bit, at least via drag-and-drop or from another app — like Suspicious Package, which intentionally strips the executable bit from Mach-O binaries in the installer scripts but still ought to be able them in Apparency!
1.1 (66) Released on August 21, 2020
  • Enhancements for opening “universal” apps that support more than one processor architecture, such as an app updated for the new Apple Silicon Macs, or an older one that still has 32-bit support.
    • Added the Executable type to the Info pane: this shows the supported processor architectures. Click on this text to see the underlying symbolic names for the architectures, such as x86_64 or arm64.
    • Enhanced the Executable Information sheet to show the processor architecture, and to allow choosing from among the architectures provided by the app or component.
    • Show the new Apple Silicon processor architecture where supported, in both the info pane and the Executable Information sheet. [This doesn't mean that Apparency itself is a “universal” app: see more info here.]
    • Enhanced code signature handling to examine every supported architecture — there is a distinct signature for each one — and flag any differences between them: see more info here.
    • Added the supported architectures to the Quick Look preview on macOS 10.15 (Catalina) and beyond.
  • Added Downloaded details to the Info pane, when available: click to cycle amongst the download date, app and kind.
  • Enhanced Executable Information sheet to show the target platform, which is usually simply macOS but can sometimes be something else, like UIKit for Mac (“Catalyst”).
  • Added option in Preferences > General to show the code signing options in the Info pane.
  • Added Edit > Copy Code Signing Identity (Cmd-Ctrl-C) to copy the designated requirement of the component, such as for pasting into a PCCC profile.
  • Improved handling of components with non-Mach-O executables (such as interpreted scripts).
  • Enhancements in performance and responsiveness, especially when opening large apps.
  • Added an Internet Access Policy to Apparency: this is a mechanism defined by Objective Development, the makers of Little Snitch. If you use Little Snitch, you'll get more useful information about Apparency's network connection attempts — which are for one purpose only: the periodic checking for an updated version of the app.
1.0 (43) Released on June 27, 2020
  • Initial release of Apparency.