Apple doesn’t like software that doesn’t come from the App Store. In fact, Apple doesn’t want any software that has not been vetted by Apple itself. This applies to cracked apps (shame on you 🤐) and open-source apps from, let’s say, GitHub.
The error message for this is always the same: “Apple could not verify [some app] is free of malware that may harm your Mac or compromise your privacy. ” It actually recommends moving the app to Trash. God, thanks. macOS has a decent command line, which allows us to fix this issue with just one line of code.
Downloaded App “not verified”
I was installing an app today that caused this exact error message:
[app name] Not Opened
Apple could not verify [app name] is free of malware that may harm your Mac or compromise your privacy.
Now, “Done” and “Move to Trash” aren’t really the options I was hoping for. For those who are curious as to why this is the cas, thee app isn’t signed with a valid Apple Developer ID or “notarized” by Apple, so macOS can’t verify its authenticity and scan for malware.
Fortunately, there’s an easy fix for this.
How to Fix it
Apple itself explains in its documentation how to “open it anyway.” However, this option may not work for every app. That’s why there’s another way:
- Open your command line of choice (I recommend iTerm2 or Tabby, but macOS’ native Terminal will work as well)
- Copy the following code into the CLI:
# Replace FILE_NAME with the absolute path of the all so dangerous app
codesign --force --deep --sign - "FILE_NAME"
# The same here
xattr -d -r com.apple.quarantine "FILE_NAME"Good to Know
Instead of typing the long path, you can simply drag and drop the .app file into the Terminal to get its absolute path.
Running each of the two commands requires your administrator password. Enter it and press ENTER. After this, the app should open without any problem 🥳
Creating a one-click solution via “Quick Actions”
Since this happens relatively often when I download apps from, let’s say, websites that Apple wouldn’t particularly like so I can save some bucks, I integrated this function into my context menu when I right-click on a .app file. This was done using Automator and AppleScript, and it looks like this in German, though:
Ignore the sha1 command above; this is another Automator app I created to verify the authenticity of a file by comparing the hashes developers often give out to make sure the app is the app and not a different version.
Clicking “Signieren” (“Sign”) is all I need to do to run the above script. You can either program it yourself with Automator as “Quick Service” and the following code. The highlighted part is what does the trick.
for f in "$@"
do
# Apply codesign command
osascript -e "do shell script \"codesign --force --deep --sign - '$f'\" with administrator privileges"
# Remove quarantine attribute
osascript -e "do shell script \"xattr -d -r com.apple.quarantine '$f'\" with administrator privileges"
doneThe Automator should be set up like this:
In case you’re too lazy for this, you can download my personal copy, which you can adjust later on (i.e., label, icon).
Save the file as a .workflow file (do not use any other format) and copy (cp [old_path] [new_path) or move (mv [old_path] [new_path]) it into the following directory; otherwise, it won’t be recognized by Finder:
mv Signieren.workflow ~/Library/ServicesIf you now right-click an .app file, you should see the function in the “Quick Options” dropdown.
Use a minimalistic open-source app
Of course, there’s also an app for this, and it’s even open-source, which is excellent. It’s called Sentinel and was developed by Alin Marius Lupascu (alienator88 on GitHub) and Emilio P. Egido (perez987). All it does is give the above commands a simple, minimalistic UI so that you don’t have to fiddle around with any CLI if you don’t want to.
Using any of these options should fix the “Apple could not verify…” error message and make the “Move to Trash”-app a running application.