R – creating a Mac OSX installer so the installed app won’t set off the firewall


Right now I'm distributing a .app file to people in my organization. I drag it to /Applications by authenticating as root, but every time the users launch the program they get a firewall warning. (The app checks for updates on launch–very important for us). Since the users aren't admins they can't authenticate to make the messages go away. Will a mpkg-installed application also provoke the firewall in such a way that end-users will need an admin to allow the update check? Is there a post-install script I can include to configure the the firewall for my app?
The ultimate goal for me is that an admin authenticate to run the installer. After installation, the admin would log out, the normal users would log in and run the application without any firewall warnings at all.

EDIT: I should mention the minimum version in the org is 10.5, but it would be nice if the solution worked on Tiger as well.

Best Solution

If you code sign the app, even if it's just using a self-signed certificate, then the user will only be asked once to approve the launch of the app. Subsequent updates, providing the signing certificate is the same, won't trigger the dialog.

More info is in the code signing docs and in this tech note.