Favicon

You are here: Home > Device Management > Apple > macOS > Troubleshooting > App Code Requirements

App Code Requirements

Learn how to retrieve the code requirement of a macOS app using the codesign command. Essential for configuring secure MDM profiles and privacy preferences.

3 min read

TL;DR

Learn how to use the `codesign` command to retrieve a macOS app's code requirement, which is essential for secure MDM configuration.

A code requirement is a constraint that must be satisfied for the code to be considered valid for a specific purpose. It outlines the conditions necessary for the system to evaluate the code’s signature and determine whether the code can be trusted as secure. If the code does not meet these requirements during evaluation, the validation of the code signature will fail.

You can include the code signature requirement and the bundle ID for an App to allow access to protected user data. Specifying the bundle ID and code requirement strengthens the security of the Privacy Preferences payload. You can retrieve the code signature requirement for the App by executing the codesign commands.

Finding the Code Requirement of an App

To find the code requirement of an App installed on the Mac, run the following command in the terminal:

codesign -dr - "path/Bundle ID"

For example:

codesign -dr - /System/Applications/Maps.app

Replace the path/Bundle ID with the path or Bundle Identifier of the App. You can find the code requirement starting after the text designated =>.

Output example:

Executable=/System/Applications/Maps.app/Contents/MacOS/Maps designated => identifier "com.apple.Maps" and anchor apple
Warning

It is advisable to manually validate the script execution on a system before performing a bulk action.

Key Takeaways

  • Code requirements are essential for validating app security.
  • The `codesign` command is used to retrieve code requirements on macOS.
  • Code requirements are used in MDM profiles to control app access to data.