How to install and run Mac apps that don't come from the Mac App Store

Posted:
in macOS edited April 2016
Apple has introduced a number of features designed to protect users from malware in OS X, but these tools occasionally go too far when trying to save people from themselves.




TL;DR:If you have an app from an unidentified developer and you're sure the app is safe, you can force it to run by right clicking (or command-clicking) the app and choosing "Open" from the context menu.

OS X's Gatekeeper feature -- introduced with OS X Mountain Lion -- places restrictions on which apps can be run on a Mac based on the avenue through which the apps were acquired. There are three tiers: apps which are distributed by registered developers through the Mac App Store, apps which are distributed by registered developers outside of the Mac App Store, and apps which are not made by registered developers.

Gatekeeper distinguishes between the latter two based, broadly, on whether the app has been signed with a legitimate Apple-issued signing key.

By default, Gatekeeper is configured to allow apps from the Mac App Store and from registered developers. Users can make this more or less strict:

  1. Open System Preferences
  2. Open the "Security & Privacy" pane
  3. Select the "General" tab
  4. Click the lock icon in the lower-left corner and enter an administrative username and password
  5. Select one of the three available levels under "Allow apps downloaded from:" and close the preference pane


Unless you choose to allow apps downloaded from anywhere, OS X will warn you against opening apps that aren't signed: you'll see a dialog box that says " can't be opened because it is from an unidentified developer," and clicking OK will simply close the dialog.

If you're sure the app is safe, you don't need to alter your security preferences to open it -- there's a faster workaround.

Right click (or command-click) on the app and select "Open" from the context menu. This will present a slightly different dialog box: this time, you'll be presented with an "Open" button that will let you force OS X to run the app.




Remember: only do this if you're sure the app is from a reputable developer and has not been tampered with.

Comments

  • Reply 1 of 12
    lkrupplkrupp Posts: 7,452member
    Gatekeeper does not "go too far" in protecting users from themselves. If a user doesn't understand how Gatekeeper works then maybe they shouldn't be messing around with software of unknown origin. It's a matter of education. The user can bypass Gatekeeper if educated about it. How many "do you really want to do this" flags are required to finally let a user brick their system voluntarily?
    ai46chasm
  • Reply 2 of 12
    TonyLTonyL Posts: 1member
    I think you meant to say Right click (or CONTROL-click), instead of "Right click (or command-click)"
    ai46
  • Reply 3 of 12
    auxioauxio Posts: 2,035member
    lkrupp said:
    How many "do you really want to do this" flags are required to finally let a user brick their system voluntarily?
    Or add their Mac to a botnet used for illicit activities voluntarily?  Or install a personal information harvester voluntarily?  There are very good reasons why this system is in place.  If reputable developers want to distribute apps for Mac, they should get a signing key.
    chasmai46
  • Reply 4 of 12
    john galtjohn galt Posts: 959member
    Gatekeeper "goes too far"? Hardly.

    An effective security strategy is a multilayered one, and Gatekeeper is just one part of an overall mindset that any computer user must adopt in order to avoid inadvertently installing malware, or just simply junk software. Gatekeeper is also easily bypassed by control-clicking the app (no, command-click is incorrect). A two-finger tap works also. That will cause the dialog box in the illustration to appear. It's incumbent upon the user to read, comprehend, and act upon what it says.

    If the user doesn't do that, well, they get what's coming to them. You can't fix stupid.

    "... only do this if you're sure the app is from a reputable developer and has not been tampered with."

    You can't really rely upon that either. Even reputable developers have had their distribution sites hacked.

    chasmai46
  • Reply 5 of 12
    chasmchasm Posts: 1,698member
    I can see why the person who wrote this idiot's guide to installing malware didn't sign their name to it. (to clarify: I have no problem with people using software that is not offered on the Mac App Store, I use some myself. This article, though, does nothing to help newbs distinguish legit non-MAS stuff from dangerous trojans, and in doing that encourages users who don't know what they're doing to install anything they see that sounds interesting/tempting -- a sure path to malware.)
    edited April 2016
  • Reply 6 of 12
    hexclockhexclock Posts: 594member
    Gatekeeper is a necessary evil in the modern Internet era for sure, yet there is still a TON of software that is not available on the App Store. Maybe even more. I've had to go this route many times for drivers, plugins, updates for legacy software etc. 
  • Reply 7 of 12
    fallenjtfallenjt Posts: 3,982member
    I don't and won't install any app outside App Store. I don't trust other sources.
  • Reply 8 of 12
    There's a much easier way to bypass Gatekeeper, if you don't want to take advantage of the protection provided and have the ability to nilly willy install anything you want: Get a PC other than a Mac! I can't even imagine any software to be tempting enough to try without Apple's stamp of approval.
    ai46
  • Reply 9 of 12
    appexappex Posts: 687member
  • Reply 10 of 12
    I try to avoid downloading software from the App Store. It doesn't give the developers full payment. I'd rather pay developers directly. There are thousands of safe and mostly safe programs that bypass the App store. App store rarely offers 'try before you buy', like with GraphicConverter. Ripoff. Its existence has encourage companies like Adobe to go to subscriptions, rather than go through Apple. Thank you Steve Jobs for being such a jerk.
  • Reply 11 of 12
    auxioauxio Posts: 2,035member
    I'm not saying people need to get all of their Mac apps through the App Store.  I'm saying that people should avoid running unsigned Mac apps if at all possible.

    Many developers distribute perfectly legitimate apps outside of the App Store.  And as long as they sign those apps, then they'll work just fine without having to change any system settings.  If an app is signed, people can trust that it hasn't been tampered with and that it comes from a verifiable source.  It's only for unsigned apps which you need to do what's mentioned in this article.
    edited April 2016
  • Reply 12 of 12
    badmonkbadmonk Posts: 838member
    This article is good advice.  I try to avoid using "non-signed" software and minimize use of flash.  I use only a few programs outside of tried and true Apple programs...handbrake, VLC etc but yesterday I downloaded makeMKV to back-up a BluRay disc I own.

    Don't know if it was causal but I got struck by ransomware last night on my old school MacPro.

    I am working my way through it but will probably just ditch the HD and start over.


Sign In or Register to comment.