Mac users have long enjoyed virus-free computing, but it should not be taken for granted that there are no viruses. While Apple has firmly adhered to the App Store, some malware, rarely, still there. Similarly, macOS Gatekeeper is useful only when you don’t override its settings, but it only restricts you from installing apps from the App Store. So if you download an app that isn’t from the App Store, how can you check if it’s safe to install?

About suspicious packages

Suspicious package is a special utility designed to check for macOS packages – software files that install application programs. Packages typically contain several components, including the application itself, scripts that automate the installation process, and other files needed by the program. While the macOS compression system is a powerful way for developers to organize all the components that go into an application, hackers can also defeat it by adding their own malware. A suspicious package allows you to scan the contents of any macOS package, which can potentially prevent malware infection.

download and install


The Suspicious Package app can be downloaded directly from To install it, you may need to temporarily bypass macOS Gatekeeper, which usually prevents you from accidentally installing non-App Store programs. Under “System Preferences,” select “Security & Privacy -> General -> Allow apps downloaded from:” and change the setting to “App Store and Identified Developers.” When you open a suspicious package dmg file, you’ll see a warning: ” SuspiciousPackage.dmg failed to open because it is not from an identified developer.Click the “Open Anyway” button to install the program.



The “Quick Search” feature displays a summary of the Finder package without having to launch a suspicious package application. It’s a convenient time saver if you have multiple packages to review. To use Quick Find, highlight the package you want to rate in the Finder, and then find Quick Find in the Finder’s File menu or press “Command + Y.”

Check the package

You can check the downloaded package by launching the Suspicious Package. From the “File” menu, select “Open” and then browse for the files or other folder you downloaded and locate the package file. The suspicious package scans the file and then displays a set of tabs: “Package Information”, “All Files” and “All Scripts”. If the application detects problems with the package, a Review icon indicates a warning.

Related: Customize file, folder, and hard disk icons on a Mac

Packaging information


The Package Information tab provides an overview of the contents of the package. It shows how many items are installed, how many scripts it uses, and whether it is signed or not. It indicates when the package was downloaded and the name of the browser. Finally, if there are problems with the package, Package Info displays the number of warnings issued.

All files


Like the Finder window, All Files displays all the files stored in the package, including the application itself, support files, and folder organization. Click on any folder to see its contents.

All scripts


The All Scripts tab lists all the macOS scripts used to install the package. Each script is a gadget that contains text commands for copying, creating, and deleting files. Click the script name to see instructions. The File menu has options for editing the script if desired.

Unsigned packages

When you use a suspicious package, you may see a warning that the package is not signed. Package Signing is a feature developed by Apple that allows software developers to “stamp” their program with a digital signature that officially binds the app to the people who wrote it. The signature guarantees that the software is legal and not cheap call waiting. In fact, Apple requires signatures for all App Store software. However, some developers do not make the extra effort to register their software. Many unsigned packages, including open source and free programs, are really acceptable. On the other hand, if you buy Mac software from a large vendor, the lack of a signature is a big red flag.


Most Mac programs are malware-free. However, programs downloaded from third-party sites carry a low risk of spyware and other unwanted baggage. Although the Suspicious Package is intended primarily for technical users, it allows anyone to rate MacOS for malware and other problems. The application clearly reveals the contents of the software package before installing it. The Suspicious Package is a great addition to your Mac toolkit, especially for Mac users who don’t use the App Store as their sole source of software.

About the author


Leave a Comment