Featured

Selectively disable #macOSCatalina quarantine for apps not acquired via Apple Store

If the headline is the reason that brought you here, chances are you’ve already encountered the issue, macOS Catalina quarantine by default most apps (that were not acquired through Apple App Store). This is going to annoy a lot of people for a while. There are ways around the measure, you need to Google a bit before you hit something useful.

You would want to do this selectively, as that is frankly the best way you can have your cake and eat it too. Outright disabling the feature isn’t wise, the same way keeping your door unlocked would be unnecessarily exposing you to malicious acts. You want to choose when (or not) to leave your door on the latch.

Via the graphical (GUI) interface

Most apps are installed by downloading them, then dragging and dropping the AppName.app file into the Applications folder. If you’ve already done this, you might be successful using the Systems Preferences panel, this worked for me for LibreOffice – I’m not sure it would work for any odd app though.

macOs Catalina quarantine

Via the command line

After downloading the installation image file, right before running it, it’s possible to disable Apple quarantine (I learned this from SapMachine). With LibreOffice for example, I could have (or maybe should have) downloaded the image file, then run this command on a Terminal session:

find . -iname LibreOffice_6.3.2_MacOS_x86-64.dmg -print0 | xargs -0 xattr -d com.apple.quarantine

If you install packages using Homebrew, here is how you achieve the same thing:

brew cask --no-quarantine install graalvm/tap/graalvm-ce

After this step the app will no longer be quarantined by macOS and will run normally.

Secure by default is a nice quality of any software, particularly the OS. However, it is coming rather late in the game, after many decades of brain muscle development without it. The required change of habit feels sudden, unsettling, it is inconvenient for most regular users. Apple could probably have documented this process and built a sleek interface rather than letting people find workarounds, without that having any impact on their policy stance. Not documenting it however, may be akin to security by obscurity, which invites criticism.