Applications that strictly comply with Apple’s software design guidelines for macOS and don’t need to be deeply integrated into the operating system, are usually installed by a simple “drag and drop” operation. This means no actual installation is necessary, you just drag the application icon into one of your application folders and can launch it immediately.
For “Apps” bought from the Mac App Store, new, modified rules apply: Apps are installed automatically and they should be removed with the Launchpad application only.
However, macOS automatically creates additional files when you work with a new application, for example files to store the personal preference settings for each user, or cache folders for download files, when applications are accessing the Internet to search for automatic updates, etc. You can simply “uninstall” a drag-and-drop application by dragging its icon to the Trash. This won’t remove all the aforementioned other support files, however. This is were the uninstallation assistant of TinkerTool System can help.
Let TinkerTool System search for components
It is possible to let TinkerTool System search for software components automatically, offering the potential candidates for the uninstallation assistant. The found components will be listed in a table with their names, icons, paths, version numbers, and the dates of last usage. TinkerTool System can search for the following categories of software:
macOS applications, installed in any of the standard Application folders
To use the search, perform the following steps:
Select the tab item Uninstallation Assistant of the pane Applications.
Set or remove the check marks (Available for) where the search should be performed. You can select the private home folder of the current user account (User), the folders offering software for all users of the current computer (This Computer), or the item macOS Network to search in the shared Applications and Library folders of an macOS Server used as a central repository for that purpose.
Open the pop-up-button Search components and select one the software categories.
TinkerTool System will begin the search and list the found components in a table. You can select one of them and press the OK button even when the search is still running.
The job of the uninstallation assistant is to help you to identify all associated components that might have been created by the software component you want to remove. You can let TinkerTool System automatically remove the other files and folders as well, cleaning the entire computer. There are in fact four different levels of clean-up you can choose from:
You can restrict the search to components which have been created for your user account only.
You can search for components that have been installed for “computer-wide” usage by all users of the local computer and the personal items of your user account.
You can search for components which have been installed as personal items for all user accounts known to the local computer, including components which have been installed for computer-wide usage.
You can additionally include items which have been installed for “network-wide” usage. This is useful if you are using a central software distribution server and the management features of macOS Server which store information in the /Network/Applications and /Network/Library folders.
If you are using the search levels (3) or (4), TinkerTool System will allow you to delete files and folders which are owned by other users. This is a dangerous option which should be used by experienced system administrators only. Please verify each object carefully before you are actually going to delete it.
There are applications which completely hide where and how they store the data or documents you create when using that application (“shoebox apps”). Other applications may give you a choice to define individual file names for documents, but also use their own private area to store the files. Please keep in mind that the user documents created by such applications might be removed as well when you perform an uninstallation.
Before any object is removed, TinkerTool System will list each affected item. You can then decide for each single object whether you actually want to remove it. Perform the following steps:
Open the tab item Uninstallation Assistant on the pane Applications.
Drag the icon of the program you like to remove from the Finder into the field Select application or software component to remove. You can also click the button […] to navigate to the object, or click on the white area to enter the UNIX path of the object. You can also let TinkerTool System search for candidates using the feature mentioned in the section above.
If an application was selected, you have to choose between one of the four possible search levels discussed above, using the buttons at Deletion Level. This step is not necessary if you have selected a component which is not an application.
Press the button Prepare removal….
Note that nothing is going to be removed yet. TinkerTool System will always analyze your selection first and display the items which would be affected. The program will begin to search for these objects after you have pressed the Prepare removal… button. You can interrupt and cancel the search at any time by pressing the STOP button which will appear while the search is running. Note that a search run can take several minutes if your computer or your network hosts a high number of user accounts and you have selected one of the search levels affecting each user.
After the search has ended, all candidates for possible removal will be listed in a table. The table contains the following columns:
Remove: Set or deactivate the check mark to include or exclude the affected object from removal.
Object: Icon, name and path of the object which is suggested for removal.
Type: the role this object plays in respect to the software component you want to remove.
Owner: the short name of the user who owns this object. Be very careful if you are going to delete personal items of other users.
Size: the storage size of the object. This space will be freed when the object is going to be deleted.
Last change: date and time when the object was modified last.
Show: press the button in the Show column to display this object in the Finder.
The total number of selected objects and the total storage size is displayed right under the table. The two buttons in the lower left corner allow you to select
if you want to put the items marked for removal into your Trash, or
if you want to delete the marked items immediately.
TinkerTool System does not allow you to bypass the security features of macOS. Although this feature allows you to delete objects owned by other users, you cannot use it to spy out the contents of private files. For this reason, it is not possible to display detail information of files which are neither owned by you or by the operating system, or to move items to the Trash for which you don’t have access.
The selected objects will be removed when you press the Remove button. All objects remain untouched when pressing the Cancel button.
TinkerTool System automatically creates a detailed report on the components you are removing. It will be displayed after and while the removal takes place. After the operation has been completed, you can either save the report to a text file, or print it by pressing the respective buttons in the report sheet.
The list of objects suggested for removal is computed according to Apple’s software design guidelines for macOS. Please note that a few applications may not be fully compliant with these guidelines. In this case, the list of removal candidates might not be complete. This means there could be objects which have been created by the application in question, but have been omitted in the list. It could also occur (although this is very unlikely) that objects are included in the list but have actually not been created by the selected application, so they should not be deleted. Please verify each object carefully before using the removal function.
If you are removing an application which is member of your list of login items, it will be removed from the list as well without reporting this in the table of deletion candidates. For technical reasons, this clean-up is limited to the current user, even if you had selected a search level including all users.
TinkerTool System contains several security features that prevent you from removing important parts of the system. You cannot remove components which are official part of macOS. You also cannot remove applications which are currently running on the local computer.
You should never use this function for software components which have not been installed by a drag-and-drop operation. Applications that came with their own installers or have been using the macOS Installer, which includes Apps from the Mac App Store, usually had a technical reason to do so. In this case it is very likely that more than the usual components have been installed in the system, so they are not following the rules for self-contained applications. The Uninstallation Assistant cannot work as designed in that case. You should remove such applications following the instructions of their vendors.
To be protected against malicious software, macOS uses several different security techniques that complement each other:
the quarantine feature that detects Internet downloads and tracks all files which are part of the download or have been indirectly created by the download,
the code-signing technology which allows to recognize if a software component has been created by a known, trusted source, and which also detects possible subsequent modifications of files or memory pages by the use of digital seals,
the application sandbox which ensures that a protected program cannot get access to specific system functions unless both Apple and the original software developer have explicitly granted such access. Each permitted type of access is called an entitlement. Programs protected in such a way come with an attached list of entitlements, digitally sealed in the application bundle. macOS launches such a program only after putting it into a sandbox first, enforcing compliance with Apple’s restrictions of the sandbox and the specified entitlements. The entitlements are basically exceptions that give the application running in the sandbox a certain right it doesn’t have by default.
the Gatekeeper component, technically known as security assessment policy subsystem of macOS, which combines all functions and verification steps of the aforementioned features to eventually determine whether a given program should be considered “safe enough to execute,” or not.
TinkerTool System can evaluate a given software component, such as an application, a code bundle, e.g. a plug-in, an executable file, or a signed software distribution disk image, against all mentioned security checks, showing all details. This allows you to verify the integrity, the source, and the overall security assessment of this software.
Checking a software product is very simple. Just perform the following steps:
Select the tab item Security Check of the pane Applications.
Drag the icon of a software object from the Finder into the field Object to check. This can either be the bundle of a standard macOS application, a single executable file, or a signed software distribution disk image (DMG). You can also click the button […] to navigate to the object, or click on the white area to enter the UNIX path of the object.
TinkerTool System and the security features of macOS will now analyze the selected software. This may take a few seconds, depending on the size of the bundle and the number of embedded subcomponents. The results will be displayed in the lower half of the window:
Unique identification: the internal unique name used by macOS to identify this application. (Single executable files may not have such an identifier.)
“App-class” software from the App Store: If this entry is set to Yes, you have selected an application which has been sold by Apple as App in the App Store. Such “Apps” are limited in the sense that they must not perform certain actions and are not permitted to use specific features of macOS. They are restricted by a set of App Rules specified by Apple. Compliance with these rules has additionally been verified by an App review team at Apple. In most cases, this review also guarantees a certain minimum of product quality.
Detected as download: A Yes value indicates that quarantine markers are set for this application, so it has been detected that the selected program comes from a download.
Downloaded from: If the application has been confirmed to come from a download, this entry will indicate the download source. It is usually specified as Internet address (URL) of the server which delivered the product.
Still under active quarantine: Here, a Yes value confirms that the quarantine is still active, so a user opening the application must first confirm to be aware that the files come from the potentially unsafe Internet.
Gatekeeper assessment: This line shows the official evaluation of the Gatekeeper component of your system, after having checked all mentioned security aspects and the policy you have currently set at System Preferences > Security & Privacy > Allow apps downloaded from…. The result can either be Accept or Reject.
Digitally sealed: The value Yes indicates that the software has been signed and protected by a digital seal.
Seal signed by: This line shows the name of the entity that code-signed the application. After pressing the button Show complete chain, TinkerTool System will show the entire chain of trust that confirms the validity of the digital signature. Entries are listed bottom-up in order of authority. The topmost entry repeats the name of the party who signed the software. The subsequent entries confirm (in compliance with each party’s certification policies) that the signature of the preceding line is genuine. The entry at the end is usually a CA, a Certificate Authority which is the root of this chain of trust.
Seal intact: The value Yes confirms that the selected application has not been modified (in a way which has not been explicitly permitted by the party signing the application) after it was signed.
Seal trusted: This indicator reflects the most important aspect of the digital signature, namely whether the seal was signed by a party trusted by Apple. Because anybody who has the necessary technical knowledge could sign and seal an executable program, this is what makes the signature actually meaningful to assess whether it might be safe to run the program. The trust indicator also confirms that some additional checks have been passed successfully, e.g. that there are no contradicting signatures in an application which contains multiple code parts.
Protected by application sandbox: A Yes value confirms that the selected application is protected by the macOS Application Sandbox when the program is launched.
Operations permitted: Three possible results can be listed here: The entry Full sandbox protection without exceptions indicates that the selected program cannot get access to any “unusual” right. Apple’s sandbox for applications will be in place with the highest possible security settings. The status Only restricted by user permissions is the opposite, indicating that no sandbox will be used at all. An entry of the pattern xx additional types of entitlements confirms that the program will be sandbox-protected, but it will need some exceptions from the default rules, specified by a list of additional rights the application must have in order to work correctly. xx is replaced by the actual number of entitlement types needed. To see the complete list, press the button Show details. The table in the detail sheet describes each entitlement and, if applicable, shows a variable aspect of the entitlement in the column Object. For example, if an application should be granted permission to read the contents of the known folders A and B in the user’s home folder without informing the user first, there will be two entitlements of type Read access to specified file in home folder without confirmation, one referring to the object ~/A and one referring to the object ~/B.
Many applications that are part of macOS are shown with the Gatekeeper assessment Reject. This is not an error, but the correct result. Most of Apple’s built-in applications indeed do not comply with Apple’s own security guidelines. However, this won’t matter because the affected programs have not been downloaded off the Internet and come from a source trusted by Apple.
All executable files which do not have the form of a macOS application bundle are always rejected by Gatekeeper. Examples are command-line utilities or plug-ins. This is the correct and intended behavior.
Code can be sealed anonymously, i.e. without specifying a valid signature. This is known as ad-hoc signing which will be indicated by a respective marker in the line Seal signed by….
A software distribution disk image can contain multiple applications. If you are testing such an image file, TinkerTool System will only show the security assessment for the container itself. Information exclusive to applications (like sandbox protection) will be missing. An sealed image file should guarantee that its checksummed contents is authentic as well. However, to see the actual results for the individual applications, you’ll have to open the image and point TinkerTool System to one of the files inside.
Only modern disk images can be signed. This security feature is mainly used for software products targeting macOS 10.12 Sierra or later.
Apple has defined a high number of entitlements which are not documented, so they are not known to the general public. Only Apple, and in some cases a few selected developers who could not solve problems with the sandbox otherwise when using the known standard set of entitlements in their applications, have permission to use these undocumented “holes” in the sandbox. TinkerTool System lists these entitlements with the notice Unofficial entitlement and the internal name Apple uses for the related right.