I have an electron app that is signed and notarized. If I zip the app and send it to myself (AirDrop, Dropbox, etc.) it is quarantined (as expected) and it is unable to read files/directories outside of itself. The app has an external config folder that it must read: Parent_Folder (Unzipped) |- CONFIG |- myApp.app When I launch the app, I don't receive a prompt to allow access to the downloads folder, and as a result, it can't read the CONFIG folder. However, I can fix it in one of two ways: Move the .app file (anywhere) and then move it back. xattr -d com.apple.quarantine myApp.app After I complete either one of these steps, I can launch the app and then I receive the prompt to allow access. After that, smooth sailing. What am I missing? I expected that once the user clicks "Open anyway" when presented with the quarantine prompt that it would work. I have no problems launching the app, but it doesn't have the required permissions until I complete step 1 or 2. Edit: Even if the permission is already granted (from a previous attempt) it doesn't work until I complete step 1 or 2.

I have an app that uses some third party libraries. On Big Sur and higher, I get: Library Validation failed: Rejecting '/private/var/folders/z6/brj_stf93c324m65z2qcjt_c0000gp/T/ffifq082P' (Team ID: none, platform: no) for process 'The Core TG Cont(22729)' (Team ID: <MY_TEAM_ID>, platform: no), reason: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed. But if I add the following to entitlements, it works: <key>com.apple.security.cs.disable-library-validation</key> <true/> On 10.15 and below, it fails regardless of that entry for entitlements with: default 12:18:49.451209-0500 kernel Library load (/private/tmp/ffiSMMmHE) rejected: library load disallowed by system policy The app bundle is signed and notarized, and I signed all of the library files within the app: find "myApp.app" -iname '*.so' -or -iname '*.dylib'| while read libfile; do codesign --remove-signature "${libfile}"; done; find "myApp.app" -iname '*.so' -or -iname '*.dylib'| while read libfile; do codesign -s "$IDENTITY" --timestamp --options=runtime --entitlements "${ENTITLEMENTS}" "${libfile}"; done; codesign -vvv --deep --strict "myApp.app" returns: myApp.app: valid on disk myApp.app: satisfies its Designated Requirement So despite the fact that I've signed all of the libraries in the app bundle, something is still registering as unsigned somehow. And since the library name is converted into an unintelligible string, I don't know how to proceed with troubleshooting which library is causing problems. Furthermore, is there a reason that disabling library validation works on Big Sur+, but not on 10.14 and 10.15?