Mac Gatekeeper — App Cannot Be Opened (Unidentified Developer)
About Mac Gatekeeper
macOS Gatekeeper blocks apps from unidentified developers or unnotarized apps with the message 'can't be opened because Apple cannot check it for malicious software'. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.
Here are the key things to understand: Gatekeeper is macOS's security feature verifying app signatures and notarization. Apps must be either from the App Store or signed with a valid Developer ID. Since macOS Catalina, apps also need Apple notarization (automated malware check). The quarantine flag (com.apple.quarantine) marks downloaded files for Gatekeeper checking. Three Gatekeeper levels: App Store only, App Store + identified developers, or anywhere (hidden). Understanding these fundamentals will help you diagnose and resolve this issue more effectively.
The most common reasons this occurs include: App downloaded from the internet is not notarized by Apple. Developer's code signing certificate expired or was revoked. App is from an unidentified developer (no Developer ID). Downloaded file has the quarantine extended attribute set. Open-source or indie apps often are not notarized due to cost. Identifying the root cause is the first step toward finding the right solution.
To resolve this, follow these recommended steps: Right-click (Control+click) the app > Open > click Open in the dialog — this bypasses Gatekeeper once. System Settings > Privacy & Security > scroll down to see 'App was blocked' with an Open Anyway button. Remove quarantine flag: xattr -d com.apple.quarantine /path/to/app.app. For command-line tools: sudo spctl --master-disable enables 'Anywhere' option (use cautiously). Verify app integrity: codesign -dv --verbose=4 /path/to/app.app. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.
This article is part of our Mac Error Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.
Quick Answer
Is it safe to open unnotarized apps?
Only if you trust the source. Notarization means Apple scanned it for malware, but absence of notarization does not mean the app is malicious.
Overview
macOS Gatekeeper blocks apps from unidentified developers or unnotarized apps with the message 'can't be opened because Apple cannot check it for malicious software'.
Key Details
- Gatekeeper is macOS's security feature verifying app signatures and notarization
- Apps must be either from the App Store or signed with a valid Developer ID
- Since macOS Catalina, apps also need Apple notarization (automated malware check)
- The quarantine flag (com.apple.quarantine) marks downloaded files for Gatekeeper checking
- Three Gatekeeper levels: App Store only, App Store + identified developers, or anywhere (hidden)
Common Causes
- App downloaded from the internet is not notarized by Apple
- Developer's code signing certificate expired or was revoked
- App is from an unidentified developer (no Developer ID)
- Downloaded file has the quarantine extended attribute set
- Open-source or indie apps often are not notarized due to cost
Steps
- 1Right-click (Control+click) the app > Open > click Open in the dialog — this bypasses Gatekeeper once
- 2System Settings > Privacy & Security > scroll down to see 'App was blocked' with an Open Anyway button
- 3Remove quarantine flag: xattr -d com.apple.quarantine /path/to/app.app
- 4For command-line tools: sudo spctl --master-disable enables 'Anywhere' option (use cautiously)
- 5Verify app integrity: codesign -dv --verbose=4 /path/to/app.app