Just some one-liners you may find useful… I’ve written about codesign a few times in the past. To see a detailed description of how an app was signed: codesign -dvvvv /Applications/Firefox.app This also gives you the bundleID for further inspection of an app. But there are a number of tools you can use to check out signing and go further into entitlements and sandboxing. You can check the asctl sandbox check --bundle com.microsoft.outlook The response would be similar to /Applications/Microsoft Outlook.app: signed with App Sandbox entitlements In the above, we see that Outlook has entitlements to do some stuffs. But where do you see an indication of what it can…