Privacy Policy

App Trust Preview is privacy-first by design. The Mac app inspects app bundles locally on your Mac, sends no network requests of its own, and does not upload, launch, or modify the apps you inspect.

App inspection

When you inspect a .app bundle, App Trust Preview reads local bundle metadata and macOS security properties so it can show a report before you open the inspected app.

  • The main app sends no network requests of its own.
  • The inspected app bundle is not uploaded.
  • The inspected app is not launched.
  • The inspected app is not modified.
  • Reports are generated on your Mac.

Optional helper

The optional inspection helper is installed only if you choose to set it up. It is read-only and enables two additional checks: a live notarization result using Apple's local macOS tooling, and saved privacy decisions when you grant Full Disk Access.

  • The helper does not launch inspected apps.
  • The helper does not modify app bundles.
  • The helper does not grant or revoke privacy permissions.
  • The helper does not upload inspected apps or reports.

Report data

Inspection reports are generated by reading the inspected .app bundle and macOS's own signing and trust metadata for it. A report may include:

  • App metadata from the bundle's Info.plist — name, bundle identifier, version, minimum system version, document types, URL schemes, application category, copyright string, App Transport Security configuration.
  • The report verdict, verdict tier, and the most important before-you-open findings derived from the report signals.
  • The signing certificate chain — subject and issuer names, serial number, validity dates, SHA-1 and SHA-256 fingerprints, public-key algorithm, signature algorithm — and its revocation status as reported by macOS's trust evaluator.
  • Code-signing properties — signing identifier, Team ID, designated requirement, implicit designated requirement, signature flags, CDHashes, digest algorithms used, and the RFC-3161 signing timestamp if present.
  • The full entitlements dictionary, and the structured capability classification derived from it (Internet, Files & folders, Privacy, Apple Events, iCloud, Keychain, App Groups, Associated Domains, Hardened Runtime exceptions, and so on).
  • Sandbox status, Hardened Runtime status, and the distribution channel inferred from the signing identity (Mac App Store / Developer ID / Development / Ad-hoc / Unsigned).
  • Privacy request indicators found in the bundle, including purpose strings in Info.plist, entitlements, and related metadata for services such as Camera, Microphone, Location, Contacts, Calendar, Photos, Accessibility, Screen Recording, Bluetooth, Apple Events, and similar.
  • Saved macOS privacy decisions for supported permissions when the optional helper is installed and granted Full Disk Access. Location authorization is always reported as Unknown because macOS stores it separately.
  • The embedded provisioning profile, if one is present — its name, UUID, team, expiration, devices, and entitlements.
  • Every internal executable component — nested apps, app extensions, XPC services, login items, helper executables, frameworks, dynamic libraries, plug-in bundles, dock tile plug-ins — each with its own signing status, sandbox state, and entitlements.
  • Private Apple framework links, private symbol or selector name matches, and symlinks that point outside the app bundle when detected.
  • Mach-O metadata for the main executable and its components — supported architectures, UUID, deployment target and SDK version, linked libraries, runtime search paths, and whether the binary is position-independent or has an encrypted segment.
  • Detected technology signals such as native toolkits, web wrappers, browser engines, cross-platform frameworks, runtimes, and game engines when they can be confirmed.
  • The com.apple.quarantine extended attribute, if present (the marker macOS attaches to files downloaded from the Internet).
  • Bundle size and file dates as reported by the file system.

Any text or JSON export is created locally by the app. You decide where to save it and whether to share it.

Certificate revocation check

The signing certificate revocation status shown in the report is provided by trustd, the macOS trust evaluator service, through a local inter-process call. App Trust Preview does not connect to any revocation server itself and does not contact apptrustpreview.com to perform the check. If trustd needs to refresh its cache, the network request comes from the operating system, not from this app.

Website analytics

The App Trust Preview website uses privacy-friendly analytics powered by Plausible. The analytics script helps understand aggregate website usage, such as page views and referrers. It is not used to inspect app bundles and it is separate from the Mac app. The Mac app itself sends no network requests of its own.

Plausible is used because it is designed for website analytics without tracking cookies, persistent identifiers, cross-site tracking, or advertising profiles.

Support

If you email support, the information you choose to include in that email will be used to respond to your request. Avoid sending inspected app bundles unless support specifically asks for a file and you are comfortable sharing it.

Questions about this policy can be sent to support@apptrustpreview.com.

Changes

This policy may be updated as App Trust Preview changes. The current version is published on this page.