Why did Apple add notarization?

Notarization is an automated malware scan. It helps protect users from malicious apps distributed outside the App Store.

How do I allow apps from anywhere permanently?

Run sudo spctl --master-disable in Terminal. This adds an 'Anywhere' option in Security settings. Not recommended for most users.

Mac Gatekeeper — App Cannot Be Opened (Unidentified Developer)

Warningsecurity

Overview

macOS Gatekeeper blocks apps from unidentified developers or unnotarized apps with the message 'can't be opened because Apple cannot check it for malicious software'.

Key Details

Gatekeeper is macOS's security feature verifying app signatures and notarization
Apps must be either from the App Store or signed with a valid Developer ID
Since macOS Catalina, apps also need Apple notarization (automated malware check)
The quarantine flag (com.apple.quarantine) marks downloaded files for Gatekeeper checking
Three Gatekeeper levels: App Store only, App Store + identified developers, or anywhere (hidden)

Common Causes

App downloaded from the internet is not notarized by Apple
Developer's code signing certificate expired or was revoked
App is from an unidentified developer (no Developer ID)
Downloaded file has the quarantine extended attribute set
Open-source or indie apps often are not notarized due to cost

Steps

1Right-click (Control+click) the app > Open > click Open in the dialog — this bypasses Gatekeeper once
2System Settings > Privacy & Security > scroll down to see 'App was blocked' with an Open Anyway button
3Remove quarantine flag: xattr -d com.apple.quarantine /path/to/app.app
4For command-line tools: sudo spctl --master-disable enables 'Anywhere' option (use cautiously)
5Verify app integrity: codesign -dv --verbose=4 /path/to/app.app