I create app with captive runtime for Windows and MacOS. To install updates I chose this schema:
Updater is NOT-AIR application (for disc space economy).
I see security issue here, cause downloaded files or update link could be replaced by someone.
I check this topic and it clarify some position about updating resources: http://mabulous.com/air-applications-that-can-be-updated-without-requiring-admin-rights In few worlds, for my situation - I should check xml in META-INF with Main application before running Updater. But how to validate air runtime directory?
OK, I've make decision for this time:
1) It's not a problem for macos gatekeeper if you update any files in your .app signed with developer id after first launch
2) Nobody could guarantee that any meta willn't be replaced by somebody
So, there is no reasons to care about it :)