An Application for Inspecting macOS Installer Packages
Every macOS Installer Package Looks the Same
Consider a few macOS Installer packages:
- One contains a useful and well-designed product, which can't be easily installed using drag-and-drop.
- One contains well-intentioned software that will nevertheless splatter pieces all over your startup disk.
- One contains a vital component — like a scanner driver — but will also install a handful of annoying, unwanted applications that the driver vendor distributes in return for “promotional consideration.”
- One contains malware that will infest your system and your network, and probably ruin your week.
Which one is which? ¯\_(ツ)_/¯ The answer in macOS has traditionally been “install it and find out!”
The built-in security features of macOS — such as Gatekeeper, package signing and most recently, notarization — might rule out malware ... if you're lucky. But there's still a huge gray area between that and a well-designed package.
Look Inside Them with Suspicious Package
With Suspicious Package, you can open a macOS Installer package and see what's inside, without installing it first.
Where does it come from?
- See who signed it
- Check where it was downloaded from
- See if Apple notarized it
What does it install?
- Browse installed files
- See versions and other metadata
- Open text files and property lists
- Export individual files or folders
What else does it do?
- See scripts it will run
- Examine installer “receipts”
- Review potential issues
Or Get a Quick Look
Suspicious Package includes an extension for the macOS Quick Look feature. Get a preview of the package right from the Finder: