I'm working on an internal company desktop app that gets distributed via an internal intranet site. The app is written in C# using Xamarin.Mac and Visual Studio for Mac and works fine locally until I compress the *.app file and upload it to the intranet site to be downloaded by end users.
When a user (including myself), downloads and launches the application it completely locks up trying to perform any actions where it interacts with the users local filesystem (No errors or warnings are displayed/no crashes are seen, it just stops executing any more code. The UI continues to update but nothing else happens).
The weird part is that if you right-click the '*.app' file, select "Show Package Contents" then browse into 'Content' > 'MacOS' and double-click the copy of app contained in there, everything works fine and without any problems.
I'm not an expert on OSX so I'm really struggling to understand what could be causing this behaviour and also what the difference is between launching a Xamarin.Forms app via the '*.app' file and the executable located inside this at 'ProgramName.app/Content/MacOS/ProgramName'.
I've checked/confirmed the app isn't being sandboxed and it's being signed/notarized using the correct distribution certificates/provisioning profiles as far as I can tell, so as far as I'm aware there shouldn't be any security restrictions preventing the required filesystem access. Unless there's something I'm missing.
Is there any way I can get more insight into what is causing this behaviour, such as any debugging tools I can use to understand/view any potential problems with the app itself/the way it's being built?
Thanks!
Managed to finally get to the bottom of this one: The issue was because of a security system Apple have in-place known as 'App Translocation'.
There's a description of this here for anyone who isn't familiar: https://lapcatsoftware.com/articles/app-translocation.html - The tl;dr is that downloaded applications are marked as 'Quarantined' and when ran they're copied to a virtual read-only file system and executed from there. This prevents the application from having any access to the local filesystem (Regardless of if the application is signed/notarized or downloaded from a 'trusted' source etc).
There are two ways to 'unquarantine' an application:
Manually move the application to a different location via Finder (e.g. Drag/drop it into '/Applications' or '~/Documents' (Note: Moving the folder the app is located in/was extracted too isn't enough - You have to physically move the *.app file itself). Apple treats this action as the user considering the application as safe and removes the quarantine flag during the move operation (This has to be done via Finder, it cannot be done via command line operations such as mv).
Run the following command from Terminal to remove the quarantine flag:
xattr -dr com.apple.quarantine '/path/to/downloaded/program.app'
You can detect if you're application is being affected by App Translocation in a number of ways, for instance:
Using 'Console' you can see the path of your executable is something like '/private/var/.../AppTranslocation/....' (This is something I spotted in the Console when previously debugging, but I didn't know enough about OSX to understand exactly what I was seeing and initial attempts to understand this didn't yield any useful information at first)
Run the command xattr /path/to/downloaded/program.app. If the following is seen in then output:
com.apple.quarantine
Then it means the application will be affected by App Translocation.