FAQ

No. It is not antivirus and cannot prove an app is safe or malicious. It shows verifiable macOS trust signals so you can decide what deserves trust, context, or caution.

No. App Trust Preview reads the app bundle but does not open, run, modify, grant permissions to, revoke permissions from, or upload the inspected app.

Use the main app with drag and drop or Choose App, or select a .app in Finder and press Space for Quick Look.

A small read-only helper you install intentionally. It enables a live notarization check and, with Full Disk Access, lets App Trust Preview read saved macOS privacy decisions. It does not launch apps, modify bundles, change permissions, or upload anything.

Only to read saved privacy decisions from macOS privacy databases. Without it, App Trust Preview still shows what the app can request, but not whether you previously allowed or denied that request.

macOS stores Location authorization outside the privacy database App Trust Preview can read. The app can show that an app declares Location access, but the saved Location decision is always Unknown by design.

A sandboxed app is limited by macOS and cannot freely access files, devices, other apps, or the network unless it has specific permissions or entitlements.

It depends. Some apps use unsandboxed helpers for legitimate work, such as updating themselves outside the Mac App Store. It is still worth reviewing because anything the main app hands to an unsandboxed helper can run outside the sandbox's limits.

Many apps include helper tools, app extensions, XPC services, login items, frameworks, dynamic libraries, or plug-in bundles. App Trust Preview checks each bundled/runnable component for signature and sandbox status.

The report identifies common app stacks such as Electron, Chromium, CEF, Flutter, Qt, SwiftUI, AppKit, Java, Python, .NET, Godot, JetBrains, browser engines, and other runtime/framework signals when they can be confirmed.

The full report can be exported as plain text or JSON for notes, support, automation, or comparison later.

Yes. The main app's scan is local and sends no network requests of its own. Certificate revocation uses macOS's own trust service; if the system cannot answer, that field can read "Could not check" while the rest of the report still works.