I’ve been looking at weird security errors which arise in High Sierra and Mojave when you try to open certain documents from the Finder. As detailed a couple of days ago, they occur when the document has had a quarantine flag attached and you have set it to be opened using an app other than the default for that type.
Thanks to kext and Sebastian, I can now show you Apple’s workaround for this.
You should act as soon as you see this weird security alert.
Open the Security & Privacy pane in its General tab. If you’re quick enough, there will be an additional item at the bottom offering the button to Open Anyway. If you don’t see it, it’s because you were too slow to react: try again, only faster!
If you click on the Open Anyway button, you’ll see another security dialog which has a similarly incoherent message.
Click on the Open button here, and your document should now open in the non-default app. If it doesn’t, dismiss the original security alert and double-click on your document again.
What happens is that macOS sets the quarantine flag on that document to indicate that XProtect has approved it, by changing its first numbers from something like 0082 to 00e2. This is what my free app Pratique does without your having to go through two security alerts and the Security & Privacy pane. This ensures that the next time that document – and that document alone – has its quarantine flag checked, it will not be blocked in the way that it was.
The snags with this approach is that, in spite of what the dialog tells you, the next time that you save that document using a sandboxed app, it will write a fresh quarantine flag to the file, and you will be back to square one. You also can’t change this in advance, except using Pratique, and Apple’s workaround is fiddly and dependent on timing.
Most importantly, it reveals that Apple has been fully aware of the problems it is causing by its promiscuous use of the quarantine flag on documents since High Sierra at least, maybe even back to Mac OS 10.8. And as far as I can see, Apple has failed in those nearly seven years to tell users of even this delicate and elaborate mechanism for working around it. The information in each of the alerts and in the Security & Privacy pane is incorrect, and far from being helpful.
kext writes that he’s been forced to use this since Mac OS 10.8, so hopefully Pratique will save him and others some bother. As the number of sandboxed apps rises, this problem can only become more common. A couple of years ago, maybe only 10% of your documents had quarantine flags; on my Mac now, it’s more than a quarter.
As I wrote, this isn’t a bug after all, it’s an increasingly crippling security feature.
Thanks to the amazing Jeff Johnson for providing another workaround. Open the Finder contextual menu on the document, then press the Option key. Now the Open command at the top will open that document via the security confirmation dialog, or you can choose any other app to open it instead. This results in the same change being made to the quarantine flag, with the added bonus that, as you were holding the Option key, the Finder window will automatically vanish too.
Every ‘solution’ brings it own penalties and annoyance.
However, as Vulpix points out below, you don’t need to hold the Option key so long as you only use the top Open command in the contextual menu.
In a comment below, kext asserts that the additional Open Anyway isn’t transient, and remains in the pane until restart. That is incorrect. Below is a screenshot in which I have first generated the security alert, then opened the Security & Privacy pane and authenticated into it. As you can see clearly, there is no Open Anyway section at the bottom. This is in Mojave 10.14.4.
So, as I wrote above, if that happens to you, you will have to try this again only work faster. I found the only reliable way to obtain the Open Anyway button was to leave System Preferences open before trying to open the offending document, then switching from the security alert to the Security & Privacy pane immediately. You mileage may vary, but I don’t tell lies here.