I'm the developer of App Trust Preview, a macOS utility that explains what macOS can verify about an app before you open it.

Website: https://apptrustpreview.com
Mac App Store: https://apps.apple.com/app/apple-store/id6767974737
macOS: 10.13+

Why I made it

I often see people ask whether a specific Mac app is safe to open, especially when it is open source or distributed outside the Mac App Store. The usual answer quickly becomes technical - check the signature, check sandboxing, check entitlements, understand what permissions mean, inspect helpers, look at what macOS can and cannot enforce.

That information matters, but most users should not need to learn the whole macOS security model just to decide whether opening an app looks reasonable.

App Trust Preview is my attempt to make that first check simple - select an app, press Space for Quick Look, or drop it into the main window, and get a readable report that explains the important signals.

The main idea

A strong Mac app should be easy to understand from the outside.

One of the best signals is a fully sandboxed app with no network entitlement. In plain language, that means the app is running with very limited access. It cannot freely browse your files, talk to the internet, or reach around the system unless macOS grants specific permission. Apple's App Sandbox is one of the strongest protections macOS has against damage from malicious apps, buggy apps, and exploited apps.

But sandboxing is not the whole story. A sandboxed app can still declare that it may ask for access to your camera, microphone, contacts, calendar, photos, Bluetooth, local network, USB devices, or automation of other apps. Those permissions may be normal for some apps and suspicious for others. A video editor asking for microphone access makes sense. A basic text editor asking for microphone access deserves a closer look.

App Trust Preview surfaces those declarations in plain language so you can notice when an app asks for capabilities that do not match what it appears to do.

What App Trust Preview checks

App Trust Preview inspects a .app bundle locally and shows a report about its macOS security signals.

It checks:

• Code signing status
• Developer identity and Team ID
• Bundle identifier and version
• App Sandbox status
• Hardened Runtime status
• Certificate revocation status
• Declared privacy access
• Network and file access entitlements
• Apple Events and automation capabilities
• App groups, Keychain groups, iCloud, associated domains, and related capabilities
• Internal helpers, nested apps, app extensions, XPC services, frameworks, dynamic libraries, and plug-ins
• Signing and sandbox status of internal executable components

The report opens with a plain-language verdict such as whether the app looks reasonable to open, needs caution, or has stronger reasons to think twice.

Why internal components matter

A main app can look safe at first glance because it is sandboxed, while still shipping internal helper tools or nested components that are not sandboxed. That matters because those helpers may be able to do more than the main app can.

App Trust Preview is designed to bring that kind of finding to the top of the report. If a sandboxed app contains unsandboxed helper programs, unsigned components, or internal tools with broader access, the report explains why that matters.

This is also visible in Quick Look, so you can select an app in Finder, press Space, and immediately see the important signals without opening the full app.

Quick Look support

The app includes a Quick Look extension.

You can:

• Select a .app bundle in Finder
• Press Space
• See a compact security preview before opening the app

That is the feature I personally wanted most - App Trust Preview lets you copy the app's bundle identifier from Quick Look. That makes it easy and fast to select an unfamiliar app in Finder, press Space, copy its bundle ID, and search for more information about where it came from before opening it.

What it is useful for

• Checking a downloaded Mac app before opening it
• Seeing whether an app is sandboxed
• Seeing whether an app declares network access
• Seeing whether an app may ask for sensitive permissions
• Checking whether helper tools inside the app are signed and sandboxed
• Understanding why a signal matters without reading code-signing output
• Exporting a report for bug reports, IT review, support, or personal records. You can share it with someone who can help decide whether the app is reasonable to open

Reports can be exported as:

• PDF
• PNG image
• JSON
• Plain text

What it does not do

App Trust Preview is not antivirus.

It does not guarantee that an app is safe or malware-free. It does not run behavioral analysis. It does not execute the inspected app.

The goal is narrower and more honest - show macOS security signals that can be verified from the app bundle on disk, then explain those signals in plain language.

Privacy

Everything happens locally.

• The Mac app sends no network requests of its own
• Inspected apps are never uploaded
• Inspected apps are never launched
• Inspected apps are never modified
• Reports are generated on your Mac

Certificate revocation is checked through macOS's own trust system.

App Trust Preview itself follows the same security idea it reports on: it is sandboxed and has no network entitlement. It cannot broadly access your Mac. It can inspect only the app bundles you choose.

Comparison

I am a big fan of Apparency. It is a free app distributed outside the Mac App Store and exposes a lot of technical details about app bundles.

For me, Apparency is useful, but it is also very technical. If someone does not already know what Hardened Runtime, entitlements, sandboxing, signatures, and provisioning profiles mean, it can be hard to interpret. Even as a technical user, I often had to dig through several areas to find the specific signals I cared about.

There is another practical difference - internal-component risk is not always brought to the top in a way that is obvious from Quick Look. A main app can be sandboxed, but some helper inside it may not be. To understand that, you often need to open the full tool and inspect what is inside manually.

App Trust Preview is built around surfacing those findings immediately. If the main app is protected but an internal helper is not, the report says that clearly.

App Trust Preview is my attempt to make a different kind of tool:

• Available on the Mac App Store
• Focused on plain-language explanations
• Designed for fast checks before opening downloaded apps
• Includes Quick Look preview from Finder
• Lets you copy the bundle identifier directly from Quick Look for quick research
• Shows both positive and caution signals
• Brings important internal-component findings to the top
• Still includes advanced details for users who want them

I do not see it as a replacement for every technical tool. I see it as a readable pre-open report for normal Mac users and technical users who want faster triage.

Developer information

I am not hiding behind a company name or anonymous account. My name is Ihor July, and you can find my other projects by searching for "Ighor July".

I am also the developer of DockLock Lite, my first-of-its-kind macOS tool for locking the Dock to a chosen display.

And I made Parall, my second first-of-its-kind macOS tool for launching Mac apps with different accounts at the same time.

My background is cybersecurity, bug bounty research, indie development, and native app development. I hack for good and help large companies find and fix security issues. Reverse engineering has always been a lot of fun for me. Now I am applying the same mindset to macOS itself: finding long-standing workflow limitations, hacking around them cleanly, and turning those solutions into Mac apps.

App Trust Preview was built to solve my own need first. More broadly, my main work is building first-of-its-kind Mac utilities that solve specific problems Apple does not solve directly. Buying any of my apps helps me keep working on that full time.

I mostly work with C++, Qt, Objective-C, and macOS internals.

I have a strict principle for local utility apps - software that performs local actions should never connect to the internet without an explicit user action. This principle is applied across my apps.

Social profiles:

• Medium: https://ighor.medium.com
• LinkedIn: https://linkedin.com/in/ighor
• HackerOne: https://hackerone.com/ighor

AI note

None of my apps are vibe coded. I use AI only as a support tool for bug research, typo detection, code completion, and translations. I also use AI to translate my apps into supported languages, including English, since English is not my native language.

Price

App Trust Preview is $2.99 on the Mac App Store.

Website: https://apptrustpreview.com
Mac App Store: https://apps.apple.com/app/apple-store/id6767974737

I would appreciate feedback from r/macapps users, especially on the report wording, screenshots, and whether the explanations are clear enough for non-developers. I am also open to feature requests and would be happy to implement useful suggestions.

I recorded a short tutorial showing a macOS workflow for running multiple Codex sessions side by side, either with separated app data or with the same shared account.

The first use case is separation. One Codex session for work, another for personal projects, and maybe another for experiments, without all of them sharing the same app state.

For example, this can help keep a work account and a personal account separate instead of switching back and forth inside one shared app environment.

I'm using a Mac app I built called Parall to create the launchers. It works with apps already installed on the Mac and creates independent launchers for them. The original app is not modified.

There is another useful mode too. If a Parall shortcut is configured to not override the data path, it reuses the same account. That means you can have two Codex windows running the same account at the same time.

This is useful when you have multiple tasks processing in Codex and want to watch them side by side. Inside the Codex app, you have to switch back and forth between tasks. With separate launchers, you can keep multiple active sessions visible at once, which can improve productivity.

In the video, I show step by step how to create a separate Codex launcher that runs with its own data, then launch multiple Codex instances at the same time to show them working side by side. You can create and run as many instances as your Mac's RAM allows.

When data separation is enabled, Parall creates a home-like structure inside the selected app data path. That folder can include symlinks that keep useful host configuration shared, for example SSH and Docker configs.

This makes the setup flexible. You can remove symlinks or add new ones, so you control what is separated and what is shared between each Parall shortcut and the host.

This is data separation, not full isolation. Each Codex instance can still access the same project folders on your Mac.

This is not specific to Codex. Parall can also be useful with other AI coding tools and with most non-sandboxed Mac apps where separate app data or dedicated launchers are useful.

Important notes:

• To run multiple Codex instances at the same time together with the original Codex app, the main Codex app must be launched first. To avoid that limitation, create multiple Parall shortcuts and use those shortcuts exclusively.
• I recommend disabling auto-update for all instances except one. Once that one instance updates Codex, restarting the other instances makes them use the latest update instantly.
• To log in to different accounts, close all Codex instances except the one you are logging in to. After logging in, you can run the instances at the same time.

Curious how others are managing multiple Codex workspaces or accounts on macOS.

I'm the developer of Parall, a native macOS app that creates independent shortcuts for other apps so you can run multiple separate instances side by side.

You can create one Chrome shortcut for "Work", another for "Personal", another for "Client A", give each one a different Dock icon/name, pin them to the Dock, and run them with separate data.

But it is not just for browsers. Parall can create shortcuts for apps, files, folders, and command-line tools. Each shortcut behaves like its own macOS app, with its own Dock icon, name, optional menu bar icon, optional data storage path, environment variables, command-line arguments, Dock effects, and Info.plist overrides.

Website: https://parall.app
Mac App Store: https://apps.apple.com/app/parall/id6754065114

What it is useful for

• Running multiple accounts for apps that normally do not support it
• Keeping work, personal, and client environments separated
• Creating separate browser, IDE, AI agent, Dropbox, OBS, Signal, Telegram Desktop, or terminal setups
• Giving different profiles their own Dock icons instead of digging through app windows
• Creating Dock shortcuts for files, folders, documents, or command-line tools
• Adding a menu bar icon to apps that do not normally have one
• Creating separate app profiles on external drives, project folders, or synced folders
• Running multiple Philips Hue Sync instances for different displays and lighting zones

Parall does not modify your original apps or system files. It creates small shortcut app bundles that launch the original app with the settings you choose.

It also has no background daemon and no telemetry. Parall itself only runs when you open it. The shortcuts you create run directly as macOS app bundles.

New: WhatsApp support

Since Parall launched, WhatsApp support has been the most requested feature. I received tons of user requests for it. The problem is that the official WhatsApp Mac app is sandboxed, and Parall currently cannot separate sandboxed app data the same way it can for many non-sandboxed apps.

So I solved it differently: Parall now includes a WhatsApp-optimized lightweight native web frame using web.whatsapp.com. It does not use Electron and does not bundle Chrome. It uses the Safari/WebKit engine built into macOS.

Current WhatsApp support includes:

• Additional WhatsApp instances, each with a different account
• Multiple separate WhatsApp shortcuts if you need more than two accounts
• Separate data storage path per shortcut
• Fully sandboxed WhatsApp shortcut
• Push notifications
• Dock unread badge
• Optional menu bar icon with unread count
• Closing the WhatsApp window hides the window and Dock icon while WhatsApp keeps running from the menu bar
• Voice and video calls after enabling WhatsApp Beta inside WhatsApp Web
• No connections anywhere except WhatsApp servers

This means you can run another WhatsApp account, get push notifications, see unread count in the Dock badge, and if you enable the menu bar icon, keep WhatsApp running fully in the background after closing the window. Because this uses WhatsApp Web, WhatsApp Web limitations still apply. For example, if a feature is not available in WhatsApp Web, Parall cannot add it on top. But for running multiple WhatsApp accounts with native-feeling Dock/menu bar behavior, it works well.

Recent improvements

I have been shipping compatibility and stability updates actively. The most important recent improvements are WhatsApp support through a native WebKit frame, improved Alfred/Raycast behavior, fixes for Dock effects and menu bar icons, better reliability on Intel Macs and older macOS 10.11+ versions, verified support for iTerm2, Ghostty, Zen Browser, Signal, DBeaver, Eclipse-based apps, Philips Hue Sync, Fork, and Kadeck Desktop, plus improvements to command-line shortcuts such as working directory support and menu bar icons.

Examples of supported apps

Some of the apps currently verified or supported include:

• Google Chrome, Chromium, Brave, Edge, Firefox, Vivaldi, Zen Browser, Tor Browser
• Cursor, VS Code, Windsurf, JetBrains apps, Eclipse-based apps, DBeaver
• AI coding and agent tools such as OpenAI Codex, Claude, Cursor, Windsurf, and other supported AI app workflows
• Community video by Ben Can Help showing how to run multiple Claude accounts with Parall: youtu.be/IF1qZmCLWFk
• Dropbox, Discord, Signal, Telegram, Viber, Beeper Desktop
• iTerm2, Ghostty, Emacs, Sublime Text, Sublime Merge
• OBS, Philips Hue Sync, Blender, Audacity, Plex, Fork
• WhatsApp through the new web frame integration

There is a full compatibility list here: https://parall.app/compatibility

If an app is not listed, I can test it before purchase by your request.

Comparison

Parall overlaps with several existing macOS tools, but usually only for one part of the feature set. It is not just a browser profile manager, not just a site-specific browser, not just a menu bar utility, and not just a command launcher.

For example, if your goal is to access multiple Dropbox accounts, you can use a cloud mounting app such as CloudMounter. That can be useful if you want to mount cloud storage through public APIs and browse accounts like network drives.

Parall takes a different approach. It lets you run multiple native Dropbox clients side by side, each with its own separated profile and Dropbox folder. In that case, you are still using Dropbox's own desktop client and its native sync engine, not a third-party cloud mounting layer. That means uploads and downloads use Dropbox's native desktop sync behavior instead of relying on public API-based file access. The Parall FAQ has important Dropbox setup notes: https://parall.app/faq

For web-app wrapper tools such as Fluid, Coherence X, or Unite, the difference is also important. Those tools mainly turn websites into apps, and many web wrapper approaches rely on Electron or a Chrome-based engine, which can be a lot of overhead for a simple task like running a WhatsApp frame. WhatsApp is currently the exception in Parall, and it uses the lightweight native WebKit engine built into macOS. Parall does not need to ship or update its own browser engine for this. When macOS updates WebKit, the WhatsApp frame benefits from the system engine update, so you are not stuck on an old bundled Chrome or Electron runtime.

For menu bar tools, Parall also works differently. The menu bar icon belongs to the specific shortcut and appears only while that shortcut is running. It is not a separate background utility that stays open independently from the target app.

Developer information

I am not hiding behind a company name or anonymous account. My name is Ihor July, and you can find my other projects by searching for "Ighor July".

I am also the developer of DockLock Lite, a first-of-its-kind macOS tool for locking the Dock to a chosen display.

My background is cybersecurity, bug bounty research, indie development, and native app development. I hack for good and help large companies find and fix security issues. Reverse engineering has always been a lot of fun for me. Now I am applying the same mindset to macOS itself: finding long-standing workflow limitations, hacking around them cleanly, and turning those solutions into first-of-their-kind Mac apps. I mostly work with C++, Qt, Objective-C, and macOS internals.

I have a strict principle for local utility apps: software that performs local actions should never connect to the internet without an explicit user action. This principle is applied across all of my apps.

Social profiles:

• Medium: https://ighor.medium.com
• LinkedIn: https://linkedin.com/in/ighor
• HackerOne: https://hackerone.com/ighor

AI note

None of my apps are vibe coded. I use AI only as a support tool for bug research, typo detection, code completion, and translations. I also use AI to translate my apps into all supported languages, including English, since English is not my native language.

Important limitations

Not every macOS app can have its data separated. Some apps enforce a single-instance policy. Apple system apps are not supported. Sandboxed apps can often run as separate instances, but custom data redirection is not available because macOS forces their data into the app container. I am working to find the best solution for sandboxed app support, and it may be added in a future version of Parall.

One launch-order limitation is also worth mentioning. If you use a Parall shortcut together with the original main app, the main app should be started first before launching Parall shortcuts. To avoid this limitation, you can switch to using multiple Parall shortcuts exclusively instead of mixing the original app and shortcuts. In that setup, the shortcuts can be started in any order and no launch-order restriction applies.

Price

Parall is $9.99 on the Mac App Store.

Website: https://parall.app
Mac App Store: https://apps.apple.com/app/parall/id6754065114