Is that app signed?
Q I use Little Snitch as a software firewall, to protect from malware and apps phoning home. Sometimes it reports that an app I’ve been using isn’t correctly signed. Why’s that? by ANDY STOWELL
A When an app tries to make an outgoing connection from your Mac, Little Snitch detects that and, depending on the rules which you have set for such connections, will check details of that. Those include the remote server and the signature of the app which is trying to make that connection. This is because Apple revokes the certificate of any signed malware which it detects. If Little Snitch is unable to confirm that the code has been correctly signed, then it reports that, as it may well mean the app trying to make that connection is malicious.
Recent versions of macOS make the same checks on app signatures, which require connecting to Apple’s servers, so the whole process is complicated, and could give rise to a situation in which Little Snitch doesn’t get the right answer. If you’re in any suspicion that an app may not be correctly signed, check it yourself using a free tool such as What’s Your Sign? from bit.ly/ mac365yoursign, or ArchiChect from bit.ly/mac365archtct. They’ll give you a clear answer which lets you decide whether to remove that app and inform its vendor that it has a problem.