Once my App passes Gatekeeper all future downloads are not quarantined

Question

I have observed that once my signed application has been downloaded from the Internet and it passes through GateKeeper acceptance (i.e I click OK on the warning dialog) it will never be quarantined again. In other words subsequent downloads will not receive any warning. Even if it is a new version of the application or even an entirely different application of mine but signed with the same signature.

This might be due to what I've seen referred to as the GateKeeper system cache. And it may be a convenience for the user. i.e. the system now trusts my signature/certificate.

Questions:

1. Does the above sound correct?
2. Is it possible to "clear" the cache or otherwise modify my system so that I can see a fresh warning as though it is the first time?

Answer 1

Its true that OS X gatekeeper keeps cache. It provides command line spctl to enable/disable the apps. You can find full documentation here for how to test your codesign with gatekeeper.

spctl --list --label "Developer ID" can be used to view all the signed apps and then you can disable the apps(you manually have to identify your app) by using spctl --disable --label "Developer ID" or spctl --disable --rule <ruleNo>.