LOGO

Open Apps from Unidentified Developers on Mac - Guide

September 23, 2016
Topics:FeaturesAndroidLinux & macOS Terminal
Open Apps from Unidentified Developers on Mac - Guide

Understanding macOS Gatekeeper and Application Security

The macOS operating system incorporates a security feature known as Gatekeeper. This system is intended to enhance security by restricting the execution of software to applications approved by Apple, as the default setting.

However, similar to the security measures found in Android, macOS maintains a degree of user freedom. Despite the restrictions imposed by Gatekeeper, users retain the ability to execute any application they choose.

How Gatekeeper Functions Across macOS Versions

The operational mechanics of Gatekeeper vary depending on the specific version of macOS installed on your system.

Older iterations of macOS provided a straightforward method for disabling Gatekeeper through a simple toggle switch within System Preferences.

Gatekeeper in macOS Sierra and Later

macOS Sierra introduced a more nuanced approach to managing Gatekeeper settings, increasing the complexity of disabling the feature.

Understanding these differences is crucial for users who wish to customize their application security preferences.

Here's a breakdown of what you should be aware of regarding Gatekeeper's functionality.

Understanding Gatekeeper Functionality

Upon launching a new application on a macOS system, Gatekeeper initiates a verification process to confirm the presence of a valid signature. A valid signature permits the application to execute. Conversely, if a signature is absent or invalid, a warning is displayed, and the application's execution is blocked.

However, not all macOS applications are digitally signed. Certain applications, particularly older ones found on the internet, may lack signatures despite being legitimate. This could be due to infrequent updates or the developer's choice. Consequently, Apple provides a mechanism to circumvent Gatekeeper. This bypass is also useful for developers testing their own applications.

Related: How to Install Applications On a Mac: Everything You Need to Know

Gatekeeper categorizes applications into three distinct types:

  • Mac App Store Applications: Applications installed via the Mac App Store are deemed the most reliable. They undergo Apple’s review process and are hosted by Apple, and are also sandboxed. This sandboxing is a factor influencing some developers’ decisions not to distribute through the Mac App Store.
  • Identified Developer Applications: Developers can obtain a unique developer ID from Apple and utilize it to sign their applications. This digital signature verifies the application’s origin. For instance, Google Chrome’s installation on a Mac is authenticated by Google’s developer ID, granting Apple permission to run it.
  • Applications from Unspecified Sources: Applications not sourced from the Mac App Store and lacking a developer ID signature are classified here. Apple considers these the least secure, though this doesn't inherently indicate untrustworthiness. Older, unsigned Mac applications may fall into this category.

By default, Gatekeeper restricts execution to applications from the first two categories: the Mac App Store and identified developers. This configuration balances security and usability, enabling users to obtain applications from trusted sources.

This default setting offers a substantial level of protection, allowing users to acquire software from the App Store or download signed applications directly from the web. The system is designed to mitigate risks associated with potentially malicious software.

Opening Unsigned Applications on macOS

Attempting to launch an application that lacks a digital signature by simply double-clicking it will typically fail. A system message, such as "[App Name] can't be opened because it is from an unidentified developer," will then appear.

There are instances, however, where utilizing an unsigned application becomes necessary. Should you have confidence in the application's source, macOS can be configured to permit its execution.

Warning: The Gatekeeper security protocol is enabled by default for important security reasons. Exercise caution and only execute applications from developers you fully trust.

To bypass the standard security check and open an unsigned application, a right-click (or Control-click) on the application icon is required, followed by selecting the "Open" option. This method is compatible with macOS Sierra and earlier macOS versions.

gatekeeper-101-why-your-mac-only-allows-apple-approved-software-by-default-1.jpg

A warning will be displayed, indicating that the application originates from an unidentified developer – meaning it doesn't possess a valid developer signature. If you are confident in the application’s safety, proceed by clicking "Open" to initiate its execution.

gatekeeper-101-why-your-mac-only-allows-apple-approved-software-by-default-2.jpg

Following this step, the application will launch. macOS will retain this allowance for that specific application, eliminating the need for repeated confirmation upon subsequent launches.

This approach represents a secure method for running a limited number of unsigned applications. Each application is individually authorized, ensuring that you only grant access to software you deem trustworthy.

Allowing Applications From All Sources on macOS

Previously, macOS allowed users to completely disable Gatekeeper through the System Preferences panel, specifically within the Security & Privacy settings. Users could simply select the "Anywhere" option from the "Allow apps downloaded from" menu.

However, with the release of macOS 10.12 Sierra, Apple implemented a change. The ability to entirely disable Gatekeeper via the System Preferences interface was removed. This involved the elimination of a single graphical setting.

gatekeeper-101-why-your-mac-only-allows-apple-approved-software-by-default-3.jpg

While complete disabling is no longer readily available, it remains possible to execute individual unsigned applications. Furthermore, a command-line option exists to bypass Gatekeeper entirely. Apple intentionally concealed this switch to protect less experienced users from potentially compromising their system security, mirroring the approach taken with system integrity protection.

gatekeeper-101-why-your-mac-only-allows-apple-approved-software-by-default-4.jpg

Related: A Guide to Disabling System Integrity Protection on a Mac (and the Associated Risks)

Should you possess the necessary expertise and require modification of this setting, it is achievable, though not generally recommended.

Begin by opening the Terminal application. This can be done by pressing Command+Space, typing "Terminal", and then pressing Enter. Alternatively, navigate to Applications > Utilities > Terminal using a Finder window.

Execute the following command within the Terminal window, and enter your administrator password when prompted:

sudo spctl --master-disable

gatekeeper-101-why-your-mac-only-allows-apple-approved-software-by-default-5.jpg

Following this step, return to System Preferences > Security & Privacy. The "Anywhere" option will now be visible and enabled.

Your macOS system will then function as it did when the "Anywhere" setting was selected, allowing unsigned applications to run without restriction.

To revert this change, simply choose either "App Store and identified developers" or "App Store" within the Security & Privacy pane.

Apple's objective is to enhance the security of macOS by concealing this option from users who may not fully understand the implications. If running unsigned applications is necessary, we advise allowing them individually rather than disabling Gatekeeper altogether. This approach is nearly as convenient and ensures that no unauthorized software executes on your computer.

#Mac#unidentified developers#open apps#Gatekeeper#macOS#security