In Mountain Lion, I know that some applications, including all applications on the Mac App Store are digitally signed by the developer, so that if they are modified, the signature will not match, and it will raise all sorts of errors (and the situation will escalate with the next release of the operating system…).
My question is what parts of the .app bundle does the signature cover? If anything in Appname.app/Contents
changes (including metadata, like the modified date for the Contents
folder), does that break the signature? Is it just the binary in Contents/MacOS
? Are the .plists included in the signature? The Resources
? As an end user, what can I hack (if anything) without breaking the signature?
Best Answer
TL;DR It's up to the developer to pick which pieces of the app are signed and whether or not tampering with those pieces results in any actions when the app is launched. You have to use trial and error to figure it out on an app-by-app basis.
It is largely up to the developer to decide which components in their application bundle are represented in the seal that gets signed before they deliver their application. Anything in the seal is effectively tamper-proof as it's mostly impossible to modify these things without changing their hash signatures. But that's doesn't actually mean you can't tamper with them.
The Apple Developer guide has this to say about what you should sign:
Also from here it's not necessarily true that having an invalid signature for an application means it will fail to launch. The page says:
An application may choose to allow modifications.
Your best bet is a trial-and-error approach with any application you're trying to modify. It may work, it may not. There's no always-true answer that can be given.
If an app has been signed you can look for a
Contents/CodeResources
file or aContents/_CodeSignature/CodeResources
file in the bundle. This file lists all the signed components and their expected hash values in the bundle. It's a good place to start understanding what pieces of the application a developer deems critical enough to watch for changes.