With macOS Sequoia, Apple has added another barrier to launching software that hasn’t gone through Apple’s basic app vetting process. In general, this can be a good thing, as it prevents naive users from accidentally installing malware or privacy-invading software. However, for users who rely on software created by people who don’t follow Apple and its App Store guidelines, here’s what you need to know.
macOS’s Gatekeeper feature is something you never see called by that name. It’s designed to ensure that only certain applications can run on your Mac, even though macOS can run any software properly built for the platform. The only visible control is in System Settings > Privacy and Security > Securitywhere you can choose one of two options in the “Allow apps from” menu: App Store or App Store and known developers. (See: How to open a Mac app from an unidentified developer).
There’s a third category that Apple eliminated from this list in macOS years ago. (The menu used to appear as radio buttons in a separate System Preferences pane.) These are apps for which the developer has opted out of paying the annual fee for an Apple Developer Account, or has such an account but hasn’t run the app through a review system that Apple uses, which is a significant step below the App Store’s review process.
When a developer submits an app to an App Store, Apple uses a combination of automated and human checks to ensure that the app doesn’t contain malware or unauthorized third-party software code and that it does more or less what it says it does without being misleading. This process is fraught with human error and inconsistencies, but it has mostly resulted in apps that are safe on the App Store, even if some are fraudulent in their pricing or misleading in their usefulness.
Mac developers can choose to have an app authenticated and signed by Apple. Notarization is the company’s process for checking for malware and software libraries (sets of code shared between apps) that could be swapped out for other components. If the app passes these automated tests, Apple uses a cryptographic process to sign it, ensuring that the app can’t launch if it’s been modified since those tests passed. (Notarization was an optional step at one point, made mandatory in 2020; all apps signed since then have also been notarized.)
Some developers prefer not to take this step. They don’t want to pay the annual development fee, use components that Apple doesn’t notarize for macOS, or don’t want Apple to have any say in whether their software will run. These unsigned apps can still run on your Mac. I’ve found fewer of them over the years, but they still exist, and they usually come from specialized academic and research fields.
Sequoia does not have a Finder workaround for unsigned apps: click Done.
Sequoia does not have a Finder workaround for unsigned apps: click Done.
Foundry
Sequoia does not have a Finder workaround for unsigned apps: click Done.
Foundry
Foundry
In system settings, you can choose to open an unsigned app despite Apple’s warning.
In system settings, you can choose to open an unsigned app despite Apple’s warning.
Foundry
In system settings, you can choose to open an unsigned app despite Apple’s warning.
Foundry
Foundry
Here’s what you need to do to launch such an application in Sequoia:
- Double-click on the application.
- You are warned that the app may contain malware or compromise your privacy. The only options are Do And Move to trash. Click Do.
- Open System Settings > Privacy and Security.
- At the bottom of the settings list, you should see a message like “Application name” has been blocked to protect your Mac. If you want to open it, click Open anyway.
I encourage you to continue to exercise great vigilance around unsigned applications, as you are relying entirely on the developer to protect your security and privacy. However, few such applications have sufficient reach to make it worthwhile for a malware expert to exploit a weakness.
Ask Mac 911
We’ve compiled a list of our most frequently asked questions, along with answers and links to topics: read our awesome FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email us at [email protected] , including screenshots if necessary and whether you’d like your full name to be used. Not all questions will be answered; we don’t respond to emails, and we can’t provide direct troubleshooting advice.
