macOS Gatekeeper is used to verify macOS apps.
1 Facebook x.com Reddit
In previous versions of macOS Gatekeeper, pressing the Control key could be used as a launch override to launch downloaded apps. Apple has now changed this.
In earlier versions of macOS, users could bypass Apple's Gatekeeper protection to launch apps in Finder by Control-clicking them to launch them.
The override was only required the first time you launched an app, but it still annoyed some users.
In macOS Sequoia, Apple has now removed this workaround. Apple quietly announced the change on its Developer News page in a short, two-paragraph statement.
What is Gatekeeper?
Apple added Gatekeeper and Mac App Sandbox to macOS years ago to try to thwart malware. It ensures that any app you download from the Mac App Store is genuine and has also been vetted by Apple.
Around the same time, Apple also added Developer ID to certify non-App Store apps from registered Apple developers. It also introduced a notarization feature that developers can use to submit their apps to Apple for approval.
These four parts, along with System Integrity Protection (SIP), help keep your Mac apps and files more secure at runtime.
You can set Gatekeeper and Developer ID preferences in System Preferences->Privacy & Security->Security, choosing whether to allow only App Store (Gatekeeper) apps or both Gatekeeper and Developer ID.
Finder will react differently to each app launch depending on these settings.
It is also possible to bypass some of these security features by disabling SIP in Terminal, but Apple does not recommend this.
Control-click override
Before macOS Sequoia, users could override the Gatekeeper warning in Finder by Control-clicking on an app when it launched. In Sequoia, Apple has now removed this workaround in another attempt to secure or lock down a Mac.
If you receive a warning that an app is from an unknown developer or that it needs to be moved to the Trash, first go to System Preferences->Privacy & Security->Security and check the Open Anyway button. You will be prompted to enter your administrator password to launch the app.
A downloaded installer app that is outside of Gatekeeper's verification.
As Michael Tsai noted in his blog post, Gatekeeper in Sequoia still has an annoying bug that can mistakenly report an app as corrupted even when it is not, if the app has been notarized by Apple.
Apple's bypass removal may cause further irritation for some Mac users, as it now requires going into System Preferences the first time each app is launched for apps not from the Mac App Store. There's nothing users can do about this other than disable SIP, which, again, Apple doesn't recommend.
Also note that, as mentioned in this article, third-party Mac developers are required to add an extended attribute to their app download distributions (com.apple.quarantine) if apps are distributed outside the Mac App Store. While most developers will comply with this requirement, it's still possible that some won't, leaving some downloads as a security risk that could bypass some Apple app security measures in some cases.
For more on Sequoia Gatekeeper/SIP issues, see our previous article on how to run apps outside of system security policies in macOS Sequoia.
Follow AppleInsider on Google News
