Suspicious Package

An Application for Inspecting macOS Installer Packages

Every macOS Installer Package Looks the Same

Consider a few macOS Installer packages:

4 packages that don't look any different

Which one is which? ¯\_(ツ)_/¯ The answer in macOS has traditionally been “install it and find out!”

The built-in security features of macOS — such as Gatekeeper, package signing and most recently, notarization — might rule out malware ... if you're lucky. But there's still a huge gray area between that and a well-designed package.

Look Inside Them with Suspicious Package

With Suspicious Package, you can open a macOS Installer package and see what's inside, without installing it first.

Where does it come from?
package info features
  • See who signed it
  • Check where it was downloaded from
  • See if Apple notarized it
What does it install?
installed file features
  • Browse installed files
  • See versions and other metadata
  • Open text files and property lists
  • Export individual files or folders
What else does it do?
scripts and other features
  • See scripts it will run
  • Examine installer “receipts”
  • Review potential issues

Or Get a Quick Look

Suspicious Package also includes a plug-in for the macOS Quick Look feature.

So you don't even have to open the app for the basics; just select a package and hit the spacebar: Quick Look preview

Want to Know More?

Download Suspicious Package here, or learn more here.

(No, this is not the same thing as Show Package Contents in Finder. It's also safer and more comprehensive than Show Files in the macOS Installer.)