Will Gatekeeper let me run that app in Catalina?

From comments being posted on articles here, there’s still some confusion over whether macOS 10.15 Catalina will allow you to install and run old apps which aren’t notarized, or new ones which aren’t either. To clear this up, I’ve diagrammed the whole process in detail, to show you how you can work with Catalina’s new security rules.

You can of course just double-click a quarantined installer or app, and see what happens. In that case, you’re just jumping down a few steps, which in the great majority of cases should be fine, and successful. But here’s the detailed sequence that should ensure there are no surprises.


The first question is whether the app, or its installer, is going to try to install a kernel extension. Although this is unusual, it makes a very big difference in Mojave and Catalina, as kernel extensions now undergo stringent checks before they can be successfully installed. The simple answer here is to ensure that you install a recent version which is fully notarized and compatible with Catalina. You can still install some kernel extensions which were signed before April 2019, but that can also get complex. And if a kernel extension signed from then on hasn’t been properly notarized, Catalina is probably not going to install it at all.

Straightforward apps without kernel extensions should already be notarized if they were signed from 1 June 2019 onwards. Older apps may be notarized, but shouldn’t have to be to install and run successfully.

If you see a dialog which informs you that Apple can’t check the app for malware, that means the app you’re trying to run hasn’t been notarized, but Catalina thinks it should have been. The workaround then is to use the Finder’s Open command to open the app instead of double-clicking it. This produces a similar dialog, but with an Open button which allows you to override it.

Once an app has completed its first run successfully, and satisfied Gatekeeper, you shouldn’t have to go through the same procedure again, as its quarantine flag will be cleared.

I hope that puts your mind at rest, that Catalina will run apps which haven’t been notarized, or even signed, if you wish it to. That said, I’d prefer my apps to be fully hardened, deep signed, and notarized whenever possible – it’s for our own security.


Thanks to Rich Trouton for pointing out that the Open button in the Finder dialog may only be available to users who have admin rights. If it doesn’t appear, try switching to an admin user account and repeating the process.