Airdropped application was allowed to run?


I received a report today that a teacher was able to airdrop and app from their personal Mac to their school-issued Mac and the app was allowed to run. Clearly I've missed something in my setup.

Because teachers cannot run .pkg files on school computers he was able to run the package on a personal computer and airdrop the final .app file to this school computer and it WORKED!

Disabling airdrop isn't an option because it's utility far exceeds this instance but, It's left me wondering what I've overlooked to allow this non-app store app to run.

Users are not admins. I'm pushing configuration profiles that:

  • Block the App Store from launching
  • Configure Gatekeeper to only allow apps downloaded from the App Store

Any thoughts on this one?


Valued Contributor II

@palmna Did the installed app get placed in the user home folder i.e. in ~/Downloads or ~/Applications? In either case I would think admin credentials wouldn't matter. Same situation if the app doesn't have any helper processes it needs to install in OS/System land.


Re-scoping the configuration profiles for security & privacy as well as the profile for restrictions resolved the issue. It must have been a half-baked or old config profile that was still on the computer.