Suspicious Package

An Application for Inspecting macOS Installer Packages

Every macOS Installer Package Looks the Same

Consider a few macOS Installer packages:

4 packages that don't look any different

Which one is which? ¯\_(ツ)_/¯ The answer in macOS has traditionally been “install it and find out!”

The built-in security features of macOS — such as Gatekeeper, package signing and most recently, notarization — might rule out malware ... if you're lucky. But there's still a huge gray area between that and a well-designed package.

Look Inside Them with Suspicious Package

With Suspicious Package, you can open a macOS Installer package and see what's inside, without installing it first.

Where does it come from?
package info features
  • See who signed it
  • Check where it was downloaded from
  • See if Apple notarized it
  • Check for Apple Silicon support
What does it install?
installed file features
  • Browse installed files
  • See versions and other metadata
  • Preview items with Quick Look
  • Open text files and property lists
  • Export individual files or folders
What else does it do?
scripts and other features
  • See scripts it will run
  • Examine installer “receipts”
  • Review potential issues
  • See macOS Full Installer details

Or Get a Quick Look

Suspicious Package includes an extension for the macOS Quick Look feature. Get a preview of the package right from the Finder: Quick Look preview

Want to Know More?

Download Suspicious Package here, or learn more here.

(No, this is not the same thing as Show Package Contents in Finder. It's also safer and more comprehensive than Show Files in the macOS Installer.)