By Alvin Alexander. Last updated: August 13, 2017
I was surprised to learn that when you sign a macOS application, the signing process doesn’t sign every file under the .app application directory. Here’s a quote from the Apple developer docs:
“Your app’s executable code is protected by its signature because the signature becomes invalid if any of the executable code in the app bundle changes. Note that resources such as images and nib files aren’t signed; therefore, a change to these files doesn’t invalidate the signature.”