What to do when a newly-installed app can’t be opened?

Yesterday, I explained how you can ensure that macOS 10.15 Catalina will open an app which doesn’t meet its new rules on notarization. I have since been asked two important questions arising:

  1. How to open an unsigned app in Catalina?
  2. What to do when using the Finder’s Open command still won’t run the app, in any recent version of macOS?

One significant detail which can trip both these up is that the Finder’s Open feature may only be available to admin users (thanks to Rich Trouton for pointing this out). Before tackling any of these tasks, ensure that you’re using an admin user account, or macOS may not give you any dispensation.

1. Opening an unsigned app in Catalina

If you know an app isn’t signed and still want to open it for the first time after you’ve downloaded it, the procedure in Catalina is the same as in all recent versions of macOS: use the Finder’s Open command to open it for that first run, and in the dialog which appears select the Open button.

Although Apple, and every user I’m sure, would much prefer only to run signed apps, there are times when apps can’t be signed. For the foreseeable future, macOS will continue to allow you to use this mechanism to run apps which are completely unsigned. Once past that first run, you will then be able to run them normally.

You should still be mindful that running any unsigned app is a significant security risk. The signing mechanism allows basic checks of code integrity, and apps without signatures cannot have their integrity checked at all. They’re a prime target for malware, and always will be.

2. When Finder’s Open command won’t run an app

The smoke alarm has just gone off. Do you turn it off, assuming it’s just a false alarm? If not, why should you rush to assume that an app which can’t be opened on its first run is safe to have on your Mac at all?

The most dangerous thing you can do is disable the security assessment sub-system altogether, using the spctl command, then try running the app. If that sub-system is warning you that the app’s signature is broken, or it contains a malware signature, then you should heed that warning.

Using the Finder’s Open command doesn’t bypass the security assessment sub-system completely. It allows wider tolerance in the application of its rules, such as letting un-notarized apps run in Catalina, and unsigned apps run. Signature revocations and errors should still be detected and result in refusal to run, and XProtect should still check the app for known malware signatures.

Turn the whole sub-system off, and you going to be trying to force macOS to run something which is very likely to be malicious or damaged.

Removing the quarantine flag from a freshly-downloaded app or installer isn’t quite as bad, as signature checks still take place, and in Catalina (but not Mojave or earlier) the app should also be checked by XProtect. However, it’s still playing with fire and putting your Mac at high risk of running malicious software.

It’s surely far better to investigate further. Maybe the download was corrupted, or perhaps the site you obtained it from has had a security breach and is now being used to distributed malware. If you can’t address those, you might be able to get away with checking the download using an up-to-date malware scanner, or perhaps checking the software in a virtual machine. But you really need to understand why its security assessment is failing before stopping that from happening at all.