(Submitted to Apple on June 27, 2025)

Title

Explosion of AppleDouble files on exFAT after Sonoma for apps with persistent quarantine attribute

Description

Apps with the com.apple.quarantine attribute set have begun generating one AppleDouble file for every file they create on a removable drive formatted with the exFAT filesystem.

This formerly didn’t happen, but does in Sequoia and presumably was triggered by Sonoma’s move of exFAT support from kernel extension to user-space service. In these newer versions, a com.apple.provenance extended attribute is now added to every file created on exFAT, which naturally generates an AppleDouble file on exFAT drives too.

The net effect is that file-creation calls now create one AppleDouble file for every real file made on exFAT drives. In larger content collections, this can produce hundreds of thousands of pointless extra files, which increases admin complexity and wastes drive space.

This occurs only if the app’s quarantine attribute is set, and can be worked around by clearing the app’s quarantine attribute with an xattr command in Terminal; once cleared, the explosion of AppleDouble files on exFAT stops. Unfortunately, the quarantine attribute is not reliably removed for apps automatically after user approval of the app, so the xattr command is a required extra install step for all impacted apps.

The net effect penalizes independently developed apps and their users after Sonoma, and this seems an unexpected consequence of the way files created on exFAT are now handled. It would be better if the pointless provenance attribute is not propagated to these files so the pointless AppleDoubles are not created.