AirDrop is a very convenient way of moving all sorts of files around, including apps and installers. Because AirDrop isn’t completely secure – you can configure it to allow anyone to drop files into your Mac – anything that’s transferred by AirDrop gets a quarantine flag. For documents, that’s no big deal. Notarized apps are also fine when they undergo their first run check with Gatekeeper. Things get more tricky when moving unnotarized apps and, worst of all, some Apple installers. I hit this with the Big Sur installer app too.
When you try opening an unnotarized app with its quarantine flag set, you have to go through the two-step consent process, which quickly gets tiresome, but isn’t too bad a deal. Unfortunately, that’s different with many Apple installer apps: they weren’t designed to cope with having quarantine flags at all. The Big Sur installer app just bounced and bounced in the Dock when I tried to open it. Eventually macOS reported that it couldn’t be run, and offered to trash it for me. As I couldn’t face another 12.2 GB download or messing about much longer, the best option was to strip its quarantine flag.
Removing quarantine flags isn’t something that you should do lightly. Ever. If you do this to anything malicious, you will be inviting it in, past most of Gatekeeper’s checks. Thankfully, Catalina and Big Sur aren’t so easily manipulated, and it will still get examined by XProtect, and any signing certificates will be checked to ensure they haven’t been revoked. But you must still be very cautious: quarantine flags are there to protect your Mac.
In this case, I was confident that the Installer app in question was completely authentic. So how could I remove its quarantine flag without resorting to the command line?
My free extended attribute editor xattred can remove or meddle with any extended attributes which aren’t protected by SIP or a file’s permissions. It does this one item at a time, though, and the Installer in question had over a thousand items with quarantine flags. I could have used xattred’s Stripper feature, though, which can remove named extended attributes from folders full of files.
The simplest answer is my free privacy tool Scrub, which can do all sorts of horrible and mangling things to folders and files, including stripping all those quarantine flags. Because it sees an app as a discrete entity, you’ll need to strip first the .app folder’s flag, then the rest of its contents.
Click on the Open… button and select the app or other item from which you want to strip the quarantine flags. Set the popup for Extended attributes to strip all. That also removes xattrs showing the source of the file, and all others, although any
com.apple.macl xattrs which are protected by SIP will immediately be added back.
Before you can click on the Scrub button, you must run an Audit, which informs you what potential damage your action will do. In this case, it will remove just the xattrs from the app folder itself.
Once you’re confident this is what you want – remember there’s no undo – click the Scrub button. One down, over a thousand to go.
Then click the Open… button again, and this time select the Contents folder inside the app.
Repeat the same process: set Scrub to strip all, Audit and check carefully, then click Scrub.
Every last one of those quarantine flags will be removed, and your app or installer should now work fine without Gatekeeper’s interference.
Please be very careful with Scrub, though: it’s a powerful tool, but can readily destroy hundreds of thousands of files at the click of a button. Used wisely, it does things that aren’t even easy at the command line.