On iOS devices, Apple only allows apps to be installed from the app store. Unless your device is jailbroken, you can’t install and run an app from anywhere else. But on macOS, users can download apps from the app store as well as directly from app developers’ website or third-party websites.
Because of Apple’s policies, even an app that’s not part of the app store has to be ‘notarised.’ If the developer is not verified, Apple will not let its app run on macOS.
To stop users from running these ‘unverified’ apps, Apple shows different errors in macOS. “This app is damaged and should be moved to the bin,” is a common ‘error’ that’s designed to force users to drop the idea of running an ‘unsecure’ app. Other examples include “this app can not be opened because the developer can not be verified” and “this app can not be opened because Apple can’t check it for malicious software.”
Before the launch of macOS Sierra in 2016, you could simply turn on an option to allow apps from ‘anywhere’ and run apps by unidentified developers. With the launch of Apple Silicon and Big Sur, macOS has made it even harder to run a third-party app.
“Well, it’s my device. I paid for it. And I want to be able to run any app I like – from anywhere I like.” “Sorry. Security and privacy first, Mr. And who else knows better than Apple.”
Now, it’s not entirely impossible to run these apps but I don’t like to follow those extra steps in order to run an app which I want to run, on my own device. Anyway, in this tutorial, I share some ways to solve ‘errors’ like “this app is damaged” and run an app downloaded from a source other than the app store.
Note: This tutorial is an extension of another tutorial that I wrote in 2016.
1. Disable Gatekeeper
Gatekeeper is the safety mechanism of macOS that decides which apps are allowed to run. As mentioned earlier, recent versions on macOS only let you run apps from app store or from identified developers. By disabling Gatekeeper, you will bring back the option to run apps from ‘anywhere’ meaning apps by unverified developers.
This requires a quick command in Terminal. Open Terminal and type the following command. When it prompts, enter your password.
sudo spctl --master-disable
There is no message displayed after you run this command successfully. But you can verify if it worked by navigating to Settings > Security & Privacy > General. You should see three options now. Select ‘Anywhere’ and you are done.
Now open the app you were unable to run and it should show you a message suggesting the app is from unverified developer. Click Open and it should run as expected. Do this for all apps that weren’t working before.
Once you successfully run an app that wasn’t opening earlier, you should enable Gatekeeper again. Your apps will continued to work after that. To enable Gatekeeper, use the following command.
sudo spctl --master-enable
This command works in all versions starting from macOS Sierra to the latest macOS Big Sur.
2. Control-open An App
While leaving Gatekeeper turned off could leave your Mac open to risks, there’s another way to open unverified or ‘damaged’ apps. This approach involves adding the app in question to an ‘allow’ list or exempting it from further scrutiny. The following screenshot shows macOS Big Sur on my MacBook Pro with M1 chip stopping me from running Guarda – a cryptocurrency wallet – telling me it’s from an unidentified developer.
To add an app to the list of apps exempt from gatekeeper checks, open Finder and click Applications from left pane. Find the app in question. Press and hold Control key and right click on the app. Click open while Control key is still pressed then elease the key.
Now check the following message that’s asking me if I was sure about opening it instead of saying it can’t be opened. Click Open on the prompt that appears on screen and it should run as expected.
For each app that wouldn’t open, you have to perform Control-click-open just once. After the app is exempt from Gatekeeper checks, it will continue to run without showing errors. If you update the app to newer version, macOS might stop it from loading again but you can simply perform this step in that case.
Other similar way of opening an app involves right clicking and opening the app – without pressing Ctrl. I have noticed that some apps that are unable to run if I open them by double clicking will run if I went to Applications, right clicked the app and clicked Open. I will see the message asking me if I was sure but it will run when I click Open in the prompt.
Both these methods work in all recent macOS versions including the latest macOS Big Sur and on Apple Silicon Macs.
3. Disabling System Integrity Protection (SIP)
Now this is the most advanced method to run an app that won’t open using the methods mentioned above. The System Integrity Protection was introduced with macOS El Capitan. It’s designed to protect Macs from malicious software. According to Apple, System Integrity Protection or SIP works by restricting the ‘root’ user account and limits the actions that the root user can perform on protected parts of the macOS.
An app that performs root-level tasks – running kernel extensions, for example – is not allowed to run on macOS unless it’s from a verified developer. In this case, you have to disable SIP as the last resort to be able to run an app.
Before you proceed, however, you should be sure about doing so. SIP protects your Mac from unwanted software and should be disabled only if you know why you are disabling it.
To disable System Integrity Protection, you have to enter recovery mode.
On a new Mac running Apple Silicon, you have to shutdown, press and hold the power button until you see ‘Loading startup options,’ select Options, and click Continue. Select an administrator account and enter its password. Your Mac is now in recovery mode.
Read more about disabling System Integrity Protection on Apple Silicon (M1) Macs.
On an older Mac, you would press Command + R while booting up a Mac to enter recovery mode.
Once your Mac is in recovery mode, open Terminal from Utilities menu and enter the following command.
Type y, press return and enter your password. Terminal should confirm that SIP is now disabled.
Now restart your Mac and try to run the app. It should run as expected. The problem with this method is that you have to keep SIP disabled as long as you want to run an app. That leaves your Mac open to security issues so be careful of what you are trying to achieve here.
To enable SIP, enter recovery mode and use the command csrutil enable.
4. Run Apple Silicon Mac with Reduced Security
This only applies to Macs with Apple Silicon (M1) chips. Some apps that use kernel-level extensions will fail to run natively on new Silicon Macs. One example is FUSE for macOS that won’t run without reduced security. Some apps I use like VeraCrypt and pCloud depend on FUSE to work and without it they are rendered useless.
To run an Apple Silicon Mac with reduced security, follow the steps to enter recovery mode mentioned above. In the end, go to Utilities > Startup Security Utility (instead of choosing Terminal). Choose Reduced Security. Turn on both checkboxes underneath and click OK.
Restart your Mac and run the app.
5. Contact the Developer
When nothing helps, it’s a good idea to contact the developer. It’s possible that the app you are trying to run is not compatible with macOS version or Apple Silicon chips. The developer needs to update their app in order for it to run.
Solving ‘This App Is Damaged’ and Similar Errors on macOS: Summary
It’s your Mac and you should be able to run any app you wish to. But Apple being Apple and no one to question its decision-making, makes sure to restrict anything it wants in the name of security. Apple has created an eco-system where everyone has to dance to its tune – even if you have paid thousands of dollars to ‘purchase’ a device.
Apple does ‘allow’ users to run an app that’s not downloaded from its app store (oh, thank you! How much do I owe you for ‘allowing’ me to do that on my own device?). But there are some apps that won’t run natively on macOS. May be these apps are not updated, may be they are from unverified (read: non-paying) developer or may be they actually are security threats.
In any case, it’s not entirely impossible to run these ‘damaged apps’ as Apple likes to call them. By following the methods mentioned here, you will be able to run an app that would otherwise show different errors. These methods are not guaranteed to work. And you should be careful while changing your Mac’s default security settings unless you know what you are doing.