1 Reply
      Latest reply on Jan 14, 2020 2:37 AM by eskimo
      ivanivan1 Level 1 Level 1 (0 points)

        Hi all,

         

        I'm building an app that is updated and launched from a launcher app. The problem that I'm encountering at the moment is that the app cannot download and patch an app that is inside the /Applications folder.

        Do I need request special permission for this to work?

        Is this even possible to do?

         

        Is it allowed to download and install apps and patches in the /Library/Application Support folder?

         

        Thank you in advance.

         

        Ivan

        • Re: Self updating app
          eskimo Apple Staff Apple Staff (12,725 points)

          /Applications is only writable by admin users:

          % ls -ld /Applications
          drwxrwxr-x+ 65 root  admin  2080 10 Jan 08:02 /Applications

          If you want to install or update apps there, you’ll need to either limit yourself to running as an admin user [1] or implement some sort of privilege escalation.

          IMPORTANT Modifying apps is a tricky business:

          • Never work on the in-place copy of the app.  Rather, make a copy, work on that, and then replace the original with your copy.

          • You have to make sure that your final version is correctly signed and notarised.


          /Library/Application Support is not writeable even by admin users.  You’ll definitely need to escalate privileges to operate there.

          % ls -ld /Library/Application\ Support 
          drwxr-xr-x  25 root  admin  800 29 Dec 13:21 /Library/Application Support

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

          [1] I don’t recommend that.  A common pattern is for folks to create an admin account and a standard account and then run as the standard user day-to-day.  If they need to do admin-y stuff, they simply authenticate using their admin account.