macOS Catalina app securitySource: iMore

Over the years, Apple has put its vast resources into making it's operating systems more secure for end-users. In macOS Catalina, the company has taken this to all-new levels by introducing beneficial security changes that make it even harder for miscreants to play havoc with our computers. However, because security is a tricky business, so-called improvements for some might not work for others. Specifically, Apple's decision to make Gatekeeper even more difficult crack is a significant step forward for everyday Mac users. For developers, perhaps not so much. Luckily, there's a workaround.

Amazon's 12 Days of Deals is here with big discounts for all

Warning: This terminal trick disables important security aspects of Gatekeeper, which leaves your Mac vulnerable to malware. We highly recommend you reinable the default security settings if you chose to follow this guide at your own risk.

What is Gatekeeper?

Gatekeeper has been an essential part of macOS for years. As its name suggests, the tool has been designed to check recently downloaded apps for known malware and sends it to quarantine. In his June article, The Great Mac Balancing Act, Rene Ritchie explains:

Currently, when you download an app, whether it's off the Store or the Web or even from AirDrop, that app is quarantined. If and when you try to open a quarantined app, Gatekeeper checks it for known malware, validates the developer signature to make sure it hasn't been tampered with, makes sure it's allowed to run, for example matches your settings for App Store apps and/or known developer apps, and then double checks with you that you really want to run the app for the first time, that it's not trying to pull a fast one and autorun itself.

Until now, Gatekeeper didn't take the same approach with apps launched via Terminal. It also didn't check non-quarantined apps and files for malware. In other words, it checked an app only once for malware.

Significant changes have arrived with macOS Catalina.

Now, apps started through Terminal are also checked. These files get the same malware scan, signature check, and local security policy check. The difference: even on the first run, you only need to explicitly approve software launched in bundles, like a standard Mac app bundle, not for standalone executables or libraries.

With macOS Catalina, perhaps more significantly, Gatekeeper will also check non-quarantined apps and files for problems. Not just once or twice, but every time you run it. When your Mac detects a problem, it blocks the file, then sends you an alert.

If all this sounds fantastic to you, terrific. That's undoubtedly Apple's intent. However, some developers might view this differently and find the changes cumbersome, at best.

A Workaround

Even though Gatekeeper in macOS is now stricter than ever, there is a way around it -- including macOS Catalina's newest tools. The workaround makes it possible to download and use apps downloaded from anywhere on macOS Catalina and earlier versions without a check.

First published in 2016 by OSX Daily, but still valid, the "fix" works like this:

  1. Be sure to exit System Preferences on your Mac.
  2. On Finder, click Go.
  3. Select Utilities.
  4. Double-click Terminal.

    macOS Catalina Terminal

  5. Type of the following command syntax: sudo spctl --master-disable .
  6. Hit Return
  7. Authenticate with an admin password.
  8. Hit Return.
  9. Exit Terminal.

Changing your settings

Now, it's time to allow your Mac to open any app.

  1. Click on System Preferences on your Mac Dock.
  2. Choose Security & Privacy.
  3. Tap the lock at the bottom left of the screen.

    macOS Catalina unlock security

  4. Enter your password to unlock Security and Privacy.
  5. Choose the Anywhere under Allow apps downloaded from. Prior to making the change, this option wasn't available.
  6. Click the unlocked lock to keep the change.

    change macOS security

With this change, Gatekeeper no longer monitors your computer for malware coming from apps and files.

Restoring to the original setting

If you'd like to return to the default Gatekeeper settings, perform these steps:

  1. Be sure to exit System Preferences on your Mac.
  2. On Finder, click Go.
  3. Select Utilities.
  4. Double-click Terminal.

    macOS Catalina Terminal

  5. Type of the following command syntax: sudo spctl --master-enable .
  6. Hit Return
  7. Authenticate with an admin password.
  8. Hit Return.
  9. Exit Terminal.

View the change

To confirm your Mac has returned to the default settings:

  1. Click on System Preferences on your Mac Dock.
  2. Choose Security & Privacy.

Under Allow apps downloaded from, notice the select is now App Store and identified developers.

macOS Catalina default security

Should you make this switch?

For nearly every Mac user, there's no reason to make the listed change under Security & Privacy on macOS Catalina. It should only be performed if you can quickly determine whether apps are legitimate or not. Keep this in mind.

Questions?

If you have any questions or concerns about Gatekeeper or the rest of the macOS Catalina update, let us know in the comments below.

macOS Catalina

Main