A macOS security tool that detects and neutralizes suspicious overlay applications

Mirror is a simple macOS application designed to identify and terminate suspicious overlay applications that may be used for cheating, monitoring, or other malicious purposes. It scans active windows on your system and flags applications with suspicious characteristics like hidden layers, transparency, or missing window titles.

• 🔎 Intelligent Detection: Automatically scans and identifies suspicious overlay applications using advanced window analysis
• 📊 Risk Scoring: Categorizes detected apps by risk level (High, Medium, Low) based on multiple factors
• ⚡ Real-time Monitoring: Continuously monitors your system for suspicious applications
• 🛡️ Apple App Filtering: Automatically excludes legitimate macOS system applications
• 🎯 One-Click Termination: Instantly neutralize detected suspicious applications
• 🖼️ Visual Identification: Displays app icons and bundle information for easy identification
• 💾 Persistent State: Remembers your onboarding preferences using SwiftData

• macOS: 13.0 (Ventura) or later
• Xcode: 15.0 or later
• Swift: 5.9 or later

1. Clone the repository

   git clone https://github.com/ajagatobby/mirrow
   cd mirrow

2. Open the project in Xcode

   open Mirror.xcodeproj

3. Build and run

   • Select your target Mac as the build destination
   • Press ⌘R (Cmd + R) or click the "Run" button in Xcode
   • The app will build and launch automatically

1. Navigate to the project directory

   cd mirrow

2. Build the project

   xcodebuild -project Mirror.xcodeproj -scheme Mirror -configuration Release

   Note: If you encounter code signing errors, see the Code Signing section below.

3. Run the built app

   open build/Release/Mirror.app

When building from the command line, you may encounter code signing errors like:

error: No signing certificate "Mac Development" found: No "Mac Development" signing certificate matching team ID "..." with a private key was found.

The easiest way to avoid signing issues is to build directly in Xcode:

1. Open Mirror.xcodeproj in Xcode
2. Go to Signing & Capabilities in the project settings
3. Select your Team (or choose "Sign to Run Locally" for development)
4. Build and run using ⌘R

For local development builds, you can disable code signing:

xcodebuild -project Mirror.xcodeproj -scheme Mirror -configuration Release CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO

Warning: This creates an unsigned app that may have limited functionality. For production use, proper code signing is required.

Sign with your Apple ID for local development:

xcodebuild -project Mirror.xcodeproj -scheme Mirror -configuration Release CODE_SIGN_IDENTITY="-" CODE_SIGNING_REQUIRED=YES CODE_SIGNING_ALLOWED=NO

Mirror requires certain permissions to function properly:

When you first run Mirror, macOS will prompt you to grant Screen Recording or Accessibility permissions. This is required for the app to:

• Access window information on your system
• Detect overlay applications
• Identify suspicious processes

To grant permissions manually:

1. Open System Settings (or System Preferences on older macOS versions)
2. Go to Privacy & Security → Screen Recording (or Accessibility)
3. Find Mirror in the list and enable the toggle
4. Restart Mirror if it's already running

Mirror needs permission to terminate processes. If you encounter permission issues:

1. Go to System Settings → Privacy & Security → Full Disk Access
2. Add Mirror to the list if required by your macOS version

1. Welcome Screen: On first launch, you'll see an animated welcome screen
2. Onboarding: The app will guide you through its features
3. Auto-Detection: After onboarding, Mirror automatically performs its first scan

1. Automatic Detection: Mirror automatically scans for suspicious apps when launched

2. Manual Detection: Click the "Detect" button to perform a new scan anytime

3. View Results: Detected applications are displayed in a list with:

   • App icon
   • Application name
   • Bundle identifier
   • Process ID (PID)
   • Risk indicators (alpha transparency, missing titles, etc.)

4. Terminate Apps: Click the "Kill" button next to any suspicious app to terminate it

   • The button changes to "Neutralized" after successful termination
   • Uses SIGTERM followed by SIGKILL if needed

Right-click on any detected app to access:

• Copy Bundle ID: Copy the app's bundle identifier to clipboard
• Copy PID: Copy the process ID to clipboard
• Show in Finder: Reveal the app's location in Finder

Mirror uses macOS's Core Graphics framework to enumerate all active windows on your system. It then applies a sophisticated scoring algorithm to identify suspicious applications:

1. Window Enumeration: Scans all on-screen windows using CGWindowListCopyWindowInfo
2. Risk Scoring: Assigns scores based on:
   • Window Layer: Higher layers (especially ≥20) indicate overlays (+2 to +3 points)
   • Transparency: Alpha < 1.0 suggests hidden windows (+1 point)
   • Missing Titles: Empty window titles are suspicious (+1 point)
3. Filtering: Excludes:
   • Apple system applications (com.apple.*)
   • Applications in system directories (/System/, /Library/, /usr/)
   • Low-risk applications (score < 1 or layer < 1)
4. Sorting: Results are sorted by risk score, layer, and application name

• 🔴 High Risk: Score ≥ 5
• 🟡 Medium Risk: Score 2-4
• 🟢 Low Risk: Score < 2

Mirror/
├── Mirror/
│   ├── MirrorApp.swift          # App entry point
│   ├── Models/                  # Data models
│   │   ├── Item.swift
│   │   ├── OnboardingState.swift
│   │   ├── RiskLevel.swift
│   │   └── WindowAppRow.swift
│   ├── ViewModels/              # Business logic
│   │   └── DetectorViewModel.swift
│   ├── Views/                   # UI components
│   │   ├── ContentView.swift
│   │   ├── MainAppView.swift
│   │   ├── Components/
│   │   │   ├── AppRowView.swift
│   │   │   ├── EmptyStateView.swift
│   │   │   └── SkeletonRowView.swift
│   │   └── Onboarding/
│   │       ├── OnboardingView.swift
│   │       └── WelcomeView.swift
│   └── Mirror.entitlements      # App entitlements
└── README.md

1. Open Mirror.xcodeproj in Xcode
2. Select the Mirror scheme
3. Choose your Mac as the build destination
4. Build using ⌘B (Cmd + B)

xcodebuild test -project Mirror.xcodeproj -scheme Mirror

This project follows Swift's standard formatting conventions. Consider using:

• SwiftFormat for automatic formatting
• SwiftLint for code quality checks

Contributions are welcome! Please feel free to submit a Pull Request. Here's how you can help:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

• 🐛 Bug fixes
• ✨ New features
• 📝 Documentation improvements
• 🎨 UI/UX enhancements
• ⚡ Performance optimizations
• 🧪 Test coverage

Mirror is a security tool designed to help identify potentially suspicious applications. However:

• Use at your own risk: Terminating processes can cause data loss if used incorrectly
• False positives: Some legitimate applications may be flagged
• Not a replacement: This tool should not replace proper security software
• Educational purpose: Intended for educational and security research purposes

Always verify applications before terminating them, especially if you're unsure about their purpose.

This project is licensed under the MIT License - see the LICENSE file for details.

• Built with SwiftUI
• Uses SwiftData for persistence
• Icons and assets created for Mirror

• Issues: GitHub Issues
• Discussions: GitHub Discussions

Made with ❤️ for the macOS community