Your comments

I tried posting this as a reply above, but it has been stuck in moderation for 2 days now. I'll try here instead. 

Hi Caitlin (and team),

I'd like to encourage your team to not give up. I respectfully reject your assertions that this isn't possible. I know this is in fact possible, as I've seen it working (with other applications and with your application when signed). Your team unfortunately did not research extensively enough.  While I agree signing the application in and of itself not enough, if you have an Apple MDM setup and deploy your own privacy policy that whitelists the application (a signed application is required), then you can remotely approve the use of CW Control *without* any user intervention on the first connection. Let me try to help by providing some reading material: (see mdm channel)

I'd love to work with you and your team more directly to make sure this comes to light. If that is at all helpful, please don't hesitate to contact me. Here are the signing requests:

Please note, this is the .app that needs to be signed, not the installer. 

Thank you for considering my feedback on this.

I just did a fresh install of 6.9.20424.6863 and tried to setup a Privacy Preferences Policy Control whitelist payload, but the /opt/ is still coming back as not signed. Here's what I'm seeing:

$ codesign -dv /opt/
/opt/ code object is not signed at all


$ codesign -dv /Applications/
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=79381 flags=0x0(none) hashes=2473+5 location=embedded
Signature size=4620
Signed Time=Nov 11, 2018 at 2:49:13 PM
Info.plist entries=47
Sealed Resources version=2 rules=13 files=153
Internal requirements count=1 size=216

In other words, suggesting I install a browser extension doesn't fulfill my request.

That doesn't help when I have other users involved. I'm requesting this both for security auditing and troubleshooting with users that I can't install browser add-ons for. I was told in Ticket #11121108 to create a feature request. Here we are...

I agree something native would be great. HTML5 client might also be a way to accomplish this. (Update: I found this