It's not (entirely) signature based. Try editing Chrome's Info.plist. If you can do it your terminal or editor probably has app management or full disk access permissions. Note that signatures are only checked on native code binaries every time. For data files and bundle structure, it's only checked once the first time the app is run. The signature is checked even without internet access, and normally notarization can be checked too via stapling.
> Try editing Chrome's Info.plist. If you can do it your terminal or editor probably has app management or full disk access permissions
I can edit plists for a bunch of signed and popular apps but MOST of them would be "damaged" on next launch. However a Tauri template app was launched.
and malware doesn't need to modify apps. Just rm an app and put a modified version instead. You can do this in ~/Applications without sudo or app management permissions
