Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
How to Check the Content of Suspicious Installer Packages

How to Check the Content of Suspicious Installer Packages

By István F.István F. Verified by Adam B.Adam B. Last updated: January 13, 2025 (0)
Table of contents

One of the differentiating factors between Windows and macOS operating systems is how users install applications. Claiming that this is one of the key aspects would be an overstatement, but we can all agree that it influences the overall user experience. But do you really know what is happening when installing on your Mac or even where these files will reside?

DMG vs PKG files

Novice Mac users may have found out by now that there are several ways to get apps on their machine:

  • Download the app from the Mac App Store.
  • Download a DMG file from a third-party website. This is a Disk Image, which is similar to the experience of inserting a USB stick. It contains a single application and epitomizes the ease of installation on a Mac: users only need to drag the app file and drop it into the Applications folder for it to be installed.
  • Download a file with the PKG extension from a third-party website. This is a package installer and it can contain more than one app. This kind of installer is similar to using a setup.exe file on Windows as the package installer copies files and performs other installation functions.

The benefits of the Mac App Store means that any apps available on the platform are legitimate third-party apps verified by Apple. This method is a simple way of getting such programs onto Macs and uninstalling them is as easy as removing iOS apps.

What we’ve seen with the Mac App Store, however, is that Apple cannot exercise as much control over Mac apps as they can over iOS applications. Users still prefer installing programs by downloading them from the web. But as a result this means that it’s easy to download suspicious installation files, so it is worth paying attention to what is inside those packages.

How to check what’s inside the package installer or DMG

Knowing that a downloaded DMG or PKG file has come from a legitimate source gives users one less reason to check the content of the files. However, if you downloaded an installer using torrents – if this is your preference then be sure to use a VPN for protection – then verifying what files it has installed and where they are on your Mac is a must. In the case of DMG files, this process is pretty easy since the majority of them install in the user’s Applications folder – though this is problematic if the user has admin privileges.

  1. Open the DMG file.
  2. Right-click on the app icon and select “Show Package Contents”.

In case of PKG files you should start on the second step. Sometimes the “Show Package Contents” option isn’t always displayed, in which case either use Installer or third-party app Dr. Unarchiver.

How to check package contents with installer

  1. Double-click on the PKG file to start the installation process. This will trigger the macOS Installer.
  2. Before installing anything or running the app, press Command + I or click on the Installer File menu and select “Show Files”.
  3. Scroll through the list that appears and use the arrows to expand the folder or the search box to look in specific locations.

Cautious users will at this point spot that the installer wants administrative privileges, but it is also good to have a look at the files that the installer will copy onto your Mac.

How to check package contents with Dr. Unarchiver

  1. Instead of launching the installer, just drag and drop the PKG file into Dr. Unarchiver. The key information will be displayed inside the BOM (bill of materials) files used by macOS installers, and will contain a list of files that the app will install, their sizes, and the checksum of the contents.
  2. Extract the BOM file and open it by typing “lsbom” into Terminal, followed by the extracted BOM file’s path (you can simply drop the file into Terminal right after the lsbom command) and then hit Return.

Clean your Mac of potentially dodgy files

Of course, all this is very useful when you are seeking to install an app. The manual removal of apps, however, is an inconvenient and time-consuming method, especially when there are utilities that can do the job for you.

Most high-quality Mac optimization apps include a useful uninstaller feature, which makes removing an app a hassle-free process. Users don’t need to manually search for the folders and files that an app leaves behind since the utility does that for them. And if the installer doesn’t move itself into the trash then it is wise to have a look at the Downloads folder from time to time to free up precious space on your Mac, either manually or by using one of these Mac optimization apps.


Best Mac optimization software of 2025

Editor's choice
CleanMyMac X logo
Editor's rating:
(4.5)
User-friendly dashboard
Effective scanning and cleaning options
Various maintenance tools
Built-in malware remover
All-around protection
MacKeeper logo
Editor's rating:
(4)
Personalized remote assistance
Unique optimization tools
Anti-theft tracking
Built-in antivirus
Beginners
MacBooster logo
Editor's rating:
(3.5)
Fast scanning
User-friendly UI
Virus and malware scan
Great cleaning features
Businesses
CCleaner for Mac logo
Editor's rating:
(4)
Fast scans and cleaning
Full customization
Extensive free version
Affordable

User feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2025 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us