You will be required to enter an administrative password to move the app from the /Applications folder.
That should be the case for any app.
Since the advent of Snow Leopard it is.
Whether you need to authenticate to remove things from /Applications depends on the permissions of that folder. It does
not depend on the application or on the OS version.
For as long as I can remember, /Applications has defaulted to owner=root, group=admin, with 775 permissions. Adding to or removing from /Applications can only be done by root or by an admin. Authenticating makes you temporarily root, much like sudo at the command line, except that you don't need to be logged in as admin at the time.
Some users run as admin all the time. Those users can freely move things in an out of /Applications without any of that "pesky security nonsense".
Some users belatedly set up separate admin and non-admin accounts, but not until at some time giving their primary user ownership or at least read/write access to /Applications. When they finally set up separate accounts, they do so by creating a new admin account and removing admin status from the old account. The trouble is, that non-admin user still has full access to /Applications, and is in fact still the owner of most non-Apple applications. They (and any malware running in their account) can scribble all over /Applications, adding viruses and installing trojans to their heart's content, all without authenticating.
If you want to clean the mess up, you should:
- Ensure that only an admin (or root) can modify anything in /Applications or its subfolders.
- Do all of your normal day-to-day work from a non-admin user account
- Switch to the admin account only for administrative tasks (one of which is software installation and/or update). Do not merely authenticate to install software; actually log in as admin and do the installation from there. (This is especially important for drag and drop installations.)
The following bash commands may help you locate problems that need to be resolved:
# Identify items owned by other than root or this admin
anadmin=$(id -u)
cd /Applications
sudo find . -not -user root -not -user $anadmin -ls
# Identify items writeable by groups other than wheel and admin
sudo find . -not -group wheel -not -group admin -perm +020 -ls
# Identify items that are world-writable
sudo find . -perm +002 -ls
What you do about whatever you find is up to you. You'll have to decide on a case by case basis, but ideally all these finds should come up empty. (They won't, at least not initially. People are
really sloppy about security.)
