Interesting. I suspect that’s because the Applications folder is only writable by admin But the user that's launching the app is an admin (me). Anyway, why does writability of /Applications or even /Applications/.app affects the behavior? Isn't the actual value of the quarantine attribute stored in a db somewhere else, per-user?

Okay, I seem to get to the bottom of this. One detail that I missed is that I run homebrew installation process as a non-admin user and group: $ dscl . -read /Users/brew dsAttrTypeNative:IsHidden: 1 PrimaryGroupID: 801 RealName: Homebrew RecordName: brew RecordType: dsRecTypeStandard:Users UniqueID: 801 UserShell: /usr/bin/false $ dscl . -read /Groups/brew GroupMembership: brew PrimaryGroupID: 801 RealName: Homebrew RecordName: brew RecordType: dsRecTypeStandard:Groups When Homebrew installs the app, I end up with a bundle owned by brew:brew. Launching the app with login user will display the warning only once, but the quarantine attribute will remain with unchanged value regardless of how many times I restart it. However, if I chown the app to the login user before the launch, I will get the warning again (even if I already got one when it was owned by other user) but this time attribute's value will get cleared. Do you think I should file a bug?

It uses the older SMLoginItemSetEnabled.

FWIW, proposals on iPhone with iOS 15.2.1: Phase 1: ID:ENCR/PRF/D-H IKE:AES-CBC-256/SHA2-256/MODP-2048 IKE:AES-CBC-256/SHA1/MODP-2048 IKE:AES-CBC-256/MD5/MODP-2048 IKE:AES-CBC-256/SHA2-512/MODP-2048 IKE:AES-CBC-256/SHA1/MODP-1024 IKE:AES-CBC-256/MD5/MODP-1024 IKE:AES-CBC-128/SHA1/MODP-1024 IKE:AES-CBC-128/MD5/MODP-1024 IKE:3DES-CBC/SHA1/MODP-1024 IKE:3DES-CBC/MD5/MODP-1024 IKE:DES-CBC/SHA1/MODP-1024 IKE:DES-CBC/MD5/MODP-1024 Phase 2: ID:ENCR/PRF IKE:AES-CBC-256/SHA2-256 IKE:AES-CBC-256/SHA1 IKE:AES-CBC-256/MD5 IKE:AES-CBC-128/SHA2-256 IKE:AES-CBC-128/SHA1 IKE:AES-CBC-128/MD5 IKE:3DES/SHA2-256 IKE:3DES/SHA1 IKE:3DES/MD5

The SO_NET_SERVICE_TYPE option and its siblings StreamNetworkServiceType, NSStreamNetworkServiceType, kCFStreamNetworkServiceType configure Layer 1/2 QoS priority. In case of Wi-Fi they set 802.11 User Priority (UP). Whether it actually gets set in the actually transmitted frame depends on whether the OS trusts your application. AFAIK for iOS/iPadOS this feature has to be enabled via MDM for a generic app. Apps made by Apple and some other vendors, like Cisco, are trusted without this permissions. What happens next depends on your network equipment (routers, switches, APs etc) and its configuration. Some may translate received 802.11 UP into DSCP according to some mapping (either via RFC8325 or by whatever policy conceived by network admins). Additionally, you can set Layer 3 QoS via the DSCP (RFC 2474) field of an IP frame either by setting IP_TOS directly or setting the IP_HDRINCL socket option and supplying custom IP header. Don't get confused by option's name (TOS): it's exactly the same bits of the IP header. Treat it as DSCP. See the '-K' and '-z' options in ping.c from Apple opensource for usage examples.