Tuesday, January 16, 2024

Resolving Trusted Execution Problems


If you’re developing software for macOS your goal is to avoid trusted execution entanglements. You want users to install and use your product without taking any special steps. If, for example, you ship an app that’s blocked by Gatekeeper, you’re likely to lose a lot of customers, and your users’ hard-won trust.


If you launch a quarantined app, the system invokes Gatekeeper. Gatekeeper checks the app for problems. If it finds no problems, it asks the user to confirm the launch, just to be sure. If it finds a problem, it displays an alert to the user and prevents them from launching it. The exact wording of this alert varies depending on the specific problem, and from release to release of macOS, but it generally looks like the ones shown in Apple > Support > Safely open apps on your Mac.


If your product is an app and it works correctly when not quarantined but is blocked by Gatekeeper when it is, you have a Gatekeeper problem. For advice on how to investigate such issues, see Resolving Gatekeeper Problems.

Alas, I’m still seeing problems where some customers can’t launch my apps because Gatekeeper erroneously reports them as damaged. The only workaround seems to be to instruct the customer to manually remove the quarantine flag or to download the app in a way that doesn’t quarantine it.

If none of the above resolves your issue, look in the system log for clues as to what’s gone wrong. Some good keywords to search for include[…]

See also: Testing a Notarised Product.


6 Comments RSS · Twitter · Mastodon

I make a habit of removing the quarantine flag from everything I download before I try to run it because otherwise it seems there's a 30% chance of Gatekeeper marking apps as damaged.

I can't imagine how a normal Mac user survives these days.

Old Unix Geek

MacOS: broken by design.

Made by the same people who do this bullshit: https://nitter.net/TimSweeneyEpic/status/1747408148799881390#m

I'm just waiting for them to require use of their store on the Mac.

Remember all of the rampant malware and counterfeit software that was plaguing the mac as a platform before Apple added in all of these half-baked security restrictions?

I don't either.

I just installed a game from gog.com that was an unsigned installer pkg that simply unpacked a payload app without setting the quarantine bit using a post-flight script. Like, they probably just expect their users not to care, and they're probably right. Apple need to get off their high horse and just accept that unless users are choosing to use their store, they're not Apple's problem to solve. Unless they are a potential source of enforced rent collection, of course--in that case every effort to put roadblocks in their way must be conceived, and every implausible justification contrived, to make it both Apple's problem and Apple's duty to solve. And, sadly for all right-thinking people, there will be enough apologists for Apple to make it worth their while. :(

Quinn is one of the few helpful people inside Apple, but this kind of gives the game away:

"If, for example, you ship an app that’s blocked by Gatekeeper, you’re likely to lose a lot of customers, and your users’ hard-won trust."

The argument isn't "You really need to get this right to keep your customers and their data secure!" It's "Hey, friend, nice software business you got there. Be a shame if anything happened to it."

I recently tried to use Igor Pro (which I've had installed continuously as I've upgraded/migrated Macs for the last 23 years), and found it wasn't able to load some of its plugin libraries. I finally discovered it had been translocated by Gatekeeper, so knew to search for that specific topic. Fortunately, the great folks at WaveMetrics had a detailed explanation and fix, but you know Apple has lost its way when the Mac troubleshooting and repair section is 5X the length of the Windows section and includes a trip to the Terminal.


Launch Services and Gatekeeper are basically the Windows Registry, only shittier because they're more fragile, totally opaque, and can't be edited directly.

@Adam Alas, the Mac App Store is literally the only user-friendly way to install apps that isn’t subject to Gatekeeper bugs. Even the Control-click workaround doesn’t work if Gatekeeper thinks the app is damaged, probably due to some sort of code signing bug or cache corruption. Instead of making the App Store better they’re making the alternative worse.

Leave a Comment