Understand Mac software before you open it.

App Trust Preview turns macOS security metadata into a readable trust report for apps, installers, disk images, executables, and scripts.

Drop in a file, choose one from disk, inspect from Finder with Quick Look, or export a report from Terminal. See who signed it, what access it may ask for, whether it can reach the internet, what is packaged inside it, and which signals deserve review.

Download on the Mac App Store CLI guide
.app .pkg .dmg Executables and scripts Quick Look and CLI Local analysis
App Trust Preview showing a strong safety report and Apple safety checks for a signed sandboxed app.

What App Trust Preview checks

Identity and signing

See signing status, Team ID, bundle ID, version, distribution type, certificate chain, signing timestamp, and whether the signature still matches the file on disk.

Apple safety signals

Review Developer ID or Mac App Store distribution, notarization, certificate revocation, quarantine, sandboxing, hardened runtime, and network declarations.

Privacy access

Camera, microphone, screen recording, accessibility, contacts, calendars, reminders, photos, location, Bluetooth, local network, speech recognition, Apple Events, and other sensitive access are grouped into readable labels.

Saved permission decisions

When macOS allows the local privacy database to be read, App Trust Preview can show saved decisions such as allowed, denied, limited, add-only, not decided, or unknown.

Internet trust signal

Sandboxed apps without a network entitlement are shown as unable to make direct internet connections. Non-sandboxed software gets a clear explanation of why that entitlement alone does not restrict it.

Inside apps and disk images

Helper tools, login items, XPC services, extensions, frameworks, plug-ins, dynamic libraries, nested apps, architectures, minimum macOS target, and bundle size are surfaced in the report.

Packages, binaries, and scripts

Installer components, install locations, scripts, package payload files, Mach-O metadata, linked libraries, runtime search paths, code signatures, and readable script source previews are shown when available.

Technology and private API signals

Detect Electron, Chromium, CEF, Firefox, Gecko, ToDesktop, Tauri, Wry, WebKit, Qt WebEngine, SwiftUI, React Native, Flutter, Unity, Unreal Engine, Godot, Wine, CrossOver, Java, .NET, Python, Node.js, Mac Catalyst, iOS apps on Mac, Apple private framework links, URL schemes, associated domains, keychain groups, App Groups, and recognized entitlements.

Supported formats

Use the same readable report model across the files Mac users actually download, install, run, and review.

.app

App bundles

Inspect the main app, nested apps, helpers, extensions, frameworks, signatures, entitlements, privacy strings, technologies, and saved decisions.

.pkg

Installer packages

Review package identity, install location, authorization needs, components, payload paths, and install scripts when available.

.dmg

Disk images

Inspect packaged apps without opening them first, then review the app and helper signals inside the mounted image preview.

Mach-O

Binary executables

Check platform, architecture, minimum OS, SDK, linked libraries, runtime search paths, code signature data, and unusual binary indicators.

#!

Executable scripts

Preview readable script source and understand why app bundle signing, notarization, and sandbox signals may not apply to plain text scripts.

How it works

1

Choose a target

Drop in a file, choose one from disk, preview it with Quick Look, or pass a path to the CLI.

2

Local scan

Checks run on your Mac and load progressively, so available information appears while slower checks continue.

3

Read the report

Important findings appear at the top, good signs are shown as good signs, and sections expand when you want more detail.

4

Export or automate

Save PDF, PNG image, JSON, or plain text from the app, or export JSON and text from Terminal for workflows and AI analysis.

Use the right surface for the job

The main app, Finder Quick Look, Settings, and CLI all show the same intent in different workflows.

Main app

Drag, choose, rescan, expand details, copy fields, open System Settings shortcuts, and export reports.

Finder Quick Look

Press Space on supported files to inspect them before opening or installing them, then hand off to the full app when needed.

Settings

Configure Quick Look and the main report view, expand details by default, skip slower checks, reorder sections, hide sections, and manage allowed paths for automation.

Command line

Export JSON or text reports for a given app, package, disk image, executable, or script. Use it in workflows, shell scripts, review pipelines, or AI agent analysis.

App Trust Preview settings showing main app report options and report tile ordering.
Settings let you tune report detail, section order, section visibility, Quick Look, and allowed paths for automation.

What the report means

Strong safety signals

The main macOS checks look good, with valid signing, clear identity, expected isolation, and no major before-you-open findings.

A few things to know

Some signals need context, such as a non-sandboxed app, weaker network settings, sensitive permission requests, installer scripts, or saved decisions worth reviewing.

Some signals are weaker than usual

The report highlights stronger concerns such as invalid signatures, revoked certificates, unsigned helpers, private framework links, private symbol matches, or unusual runtime exceptions.

Not enough information

macOS could not confirm enough about the target from inside the current app environment to give a confident verdict.

App Trust Preview is not a malware scanner and cannot prove that software is safe. It gives practical context before trusting software.

App Trust Preview in action

Fresh screenshots showing supported formats, app reports, Quick Look, Settings, package inspection, disk image inspection, privacy decisions, and technology detection.

App Trust Preview start screen showing support for app bundles, disk images, installer packages, executables, and scripts.
Start from the main app with a file picker or drop target. Supported files include .app, .dmg, .pkg, plain executables, and scripts.
App Trust Preview report showing strong safety signals and Apple safety checks.
A readable top summary appears first, with good signs and detailed Apple safety checks available when you expand the report.
App Trust Preview report for Google Chrome showing privacy decisions, internet access, technology detection, and internal helpers.
Saved privacy decisions, internet access, Chromium detection, helper counts, and component warnings are shown in plain language.
Finder Quick Look preview showing an App Trust Preview report before opening Google Chrome.
Quick Look brings app, package, and disk image review into Finder before opening or installing the file.
App Trust Preview settings showing report section order and visibility controls.
Settings control the main report, Quick Look report, allowed paths, detail expansion, skipped checks, and report section order.
Quick Look package report showing package identity, payload file tree, and install scripts.
Installer packages show package identity, install location, authorization, payload paths, and install scripts when available.
Quick Look disk image report for WhatsApp showing privacy access, signing, internet access, and built with technologies.
Disk image inspection lets you review bundled apps, privacy access, signing, network capability, and technologies before mounting or opening.

Changelog

Latest App Trust Preview updates

Product release notes for new checks, clearer wording, and UI improvements.

Version 1.2.0

  • Added support for installer packages, disk images, binary executables, and scripts.
  • Added a command line interface for exporting reports from a given app, package, disk image, executable, or script. This enables powerful automation workflows and external AI analysis.
  • Added a Settings dialog for configuring Quick Look and the main app report view. You can now reorder sections and hide the sections you do not need.
  • Added multi-window support, so you can analyze more than one item at the same time.
  • Improved the interface, optimized trust signal detection, and fixed multiple report and analysis issues.

Version 1.1.2

  • Added support for 30 new languages: Bengali, Catalan, Croatian, Czech, Danish, Dutch, Finnish, Greek, Gujarati, Hebrew, Hindi, Hungarian, Indonesian, Kannada, Malay, Malayalam, Marathi, Norwegian Bokmål, Odia, Punjabi, Romanian, Slovak, Slovenian, Swedish, Tamil, Telugu, Thai, Turkish, Urdu, and Vietnamese.

Version 1.1.1

  • Added Sparkle framework detection.
  • Improved UI consistency and fixed visual layout issues.

Version 1.1.0

  • Improved wording across the app for easier understanding.
  • Added many new security and privacy signals.
  • Added translations for 12 languages.
  • Improved notarization detection.
  • Added display of user-granted permissions for the scanned app.
  • Added quick buttons to open the relevant System Settings privacy sections.
  • Added framework detection, including Electron and Chromium-based apps.
  • Added app architecture and bundle size details.
  • Added many smaller improvements and fixes based on community feedback.

Version 1.0.0

  • First release

Privacy. Local-first by design.

App Trust Preview inspects software on your Mac across the main app, Finder Quick Look, and command line workflows.

  • The Mac app sends no network requests of its own.
  • The inspected software is not uploaded.
  • The inspected software is not launched.
  • The inspected software is not modified.
  • Reports are generated on your Mac.
  • Certificate revocation uses macOS own trust service, not an App Trust Preview server.

Why I made App Trust Preview

As a developer, I understand hardening, sandboxing, entitlements, signing, notarization, helper tools, package scripts, and internal executables. Most Mac users should not need to learn all of that just to decide whether downloaded software deserves caution.

I built App Trust Preview to translate technical macOS signals into human-readable indicators that are visible before software is opened or installed.

It does not prove that software is safe, and it is not an antivirus scanner. It gives practical context so users and reviewers can make a more informed trust decision.

Built by Ihor July

App Trust Preview is made by Ihor July, a macOS developer, cybersecurity expert, and reverse engineer focused on practical, privacy-respecting Mac utilities.

Ihor also made Parall and DockLock Pro. App Trust Preview follows the same approach, with native macOS behavior, clear user control, and careful handling of security-sensitive details.

ParallMulti-instance app launcher for independent Mac app shortcuts. DockLock ProMac Dock utility for controlling Dock behavior across displays.

FAQ

Does App Trust Preview detect malware?

No. It is not antivirus and cannot prove an app is safe or malicious. It shows verifiable macOS trust signals so you can decide what deserves trust, context, or caution.

Which files can I inspect?

App Trust Preview can inspect .app bundles, .pkg installer packages, .dmg disk images, binary executables, and executable scripts.

How can I inspect software?

Use the main app with drag and drop or Choose, select a supported file in Finder and press Space for Quick Look, or export JSON and text reports from Terminal with the command line interface.

Does it launch or modify the software I inspect?

No. App Trust Preview reads local metadata but does not open, run, modify, grant permissions to, revoke permissions from, or upload the inspected software.

How do I use the command line interface?

Run '/Applications/App Trust Preview.app/Contents/MacOS/App Trust Preview' --help from Terminal to see the current options. The CLI can export JSON or text reports for apps, packages, disk images, executables, and scripts. See the CLI guide for examples.

Can an AI agent analyze apps with App Trust Preview?

Yes. First open Settings in App Trust Preview and add the folders the app may read. /Applications already has read-only access. You can add folders such as ~/Downloads and ~/Applications for files you want an AI agent to inspect. Then tell the agent to run '/Applications/App Trust Preview.app/Contents/MacOS/App Trust Preview' --help, read stdout, avoid the --json argument, inspect the target files, read report output from stdout, and summarize the findings for you. Add an output folder with read and write access only when you want saved report files.

Why is Location shown as Unknown?

macOS stores Location authorization outside the privacy database App Trust Preview can read. The app can show that software declares Location access, but the saved Location decision is Unknown by design.

What does sandboxed mean?

A sandboxed app is limited by macOS and cannot freely access files, devices, other apps, or the network unless it has specific permissions or entitlements.

The report says an app ships helpers that are not sandboxed. Is that bad?

It depends. Some apps use unsandboxed helpers for legitimate work, such as updating themselves outside the Mac App Store. It is still worth reviewing because anything the main app hands to an unsandboxed helper can run outside the sandbox limits.

What are internal components?

Many apps include helper tools, app extensions, XPC services, login items, frameworks, dynamic libraries, or plug-in bundles. App Trust Preview checks each bundled or runnable component for signature and sandbox status.

What are detected technologies?

The report identifies common app stacks such as Electron, Chromium, CEF, Firefox, Gecko, ToDesktop, Tauri, Wry, WebKit, Qt WebEngine, SwiftUI, React Native, Flutter, Unity, Unreal Engine, Godot, Wine, CrossOver, Java, .NET, Python, Node.js, Mac Catalyst, and iOS apps running on Mac when they can be confirmed.

What can I export?

The app can export PDF, PNG image, JSON, or plain text reports. The command line interface exports JSON or text for automation and AI analysis.

Does it work without internet?

Yes. The main scan is local and sends no network requests of its own. Certificate revocation uses macOS own trust service. If the system cannot answer, that field can read Could not check while the rest of the report still works.

Image

Ready to inspect software before opening?

App Trust Preview is available on the Mac App Store.

Download on the Mac App Store
macOS 10.13+