How to Disable Gatekeeper and Allow Apps From Anywhere in macOS Sierra

Gatekeeper, first introduced in OS X Mountain Lion, is a Mac security feature that helps protect your Mac from malware and other malicious software. Gatekeeper checks to make sure the application is safe to run by checking it against the list of apps that Apple has vetted and approved for the Apple Mac Store and/or approved by Apple even if not offered through the app store.

These are the three Gatekeeper options:

  • App Store
  • App Store and Identified Developers
  • Anywhere

In macOS Sierra, however, Apple made some important changes to Gatekeeper that seemingly limit the choices of power users who want to download and use the software beyond the list of apps officially approved by Apple. While these changes are likely meant to further improve the security Macs are known for, they do put constraints on what you can do with your Mac.

But don’t worry, Gatekeeper settings can still be changed in macOS Sierra to allow you access to software that’s not officially approved by Apple.

Keep in mind, though, that users who disable Gatekeeper protection do so at their own risk as you have to be an experienced Mac user to avoid malware and other malicious software. Macs are largely known for being much more secure than Windows computers, but that’s not necessarily the case if you get rid of your Mac’s built-in security features.

With that being said, if you do want to disable Gatekeeper, we’ve got you covered. Let’s take a look at how you can disable this feature in Sierra so that you can use a wider range of applications.

Adjust the Gatekeeper Settings

Traditionally, Gatekeeper offered three settings of increasing security: anywhere, App Store and identified developers, and App Store only. The first choice, as its name describes, allowed users to launch applications from any source, effectively disabling the Gatekeeper feature.

The second choice allowed users to run apps from the Mac App Store as well as from software developers who have registered with Apple and securely sign their applications. Finally, the most secure setting limited users to running apps obtained from the Mac App Store only.

While the secure options were good ideas for less experienced Mac users, power users found Gatekeeper to be too limiting and typically sought to disable it by setting it to “Anywhere.

In macOS Sierra, however, the “Anywhere” option is gone, leaving “App Store” and “App Store and identified developers” as the only two options.

gatekeeper macos sierra default

Disable Gatekeeper in macOS Sierra from Terminal using a command

The Gatekeeper settings can be found in System Preferences > Security & Privacy > General. The Gatekeeper options are located beneath “All apps downloaded from:” with the choice of “Anywhere” missing. With the “Anywhere” option missing, many Mac users thought that Apple had completely taken away the “Anywhere” option.

Thankfully, Apple didn’t turn off the ability to change the Gatekeeper setting to “Anywhere” it just started requiring users to do it from the terminal with a command, which was a way for Apple to ensure that only macOS power users would likely change the Gatekeeper setting to “Anywhere.” For the most part, only macOS power users know how to use the terminal.

To disable Gatekeeper (i.e., set it to “Anywhere”) from the command line, open a new Terminal window then enter the following command:

$ sudo spctl --master-disable

Since you’re using “sudo” you’ll be prompted for your Mac’s root (admin) password. Enter your root password and the command will change the Gatekeeper setting to “Anywhere.”.

If you want to confirm that the Gatekeeper setting has been changed to “Anywhere,” you can launch System Preferences and check the Gatekeeper “Allow apps downloaded from” setting. You’ll now see that “Anywhere” is the Gatekeeper setting.

Click the padlock in the lower-left corner to enter your password and make changes, then select “Anywhere” from the list of Gatekeeper options. The security feature will no longer bug you about apps from unidentified developers.

You’ll also notice that since you ran the command to change Gatekeeper’s “Allow Apps downloaded from” option to Anywhere that option is now listed in the interface as shown in the screenshot below.

gatekeeper macos sierra anywhere

Temporarily Bypass Gatekeeper

Despite its potentially frustrating limitations, Gatekeeper is indeed an important security feature that can prevent you from accidentally launching malicious applications. If you prefer to leave Gatekeeper enabled but still need to occasionally run an app from an unidentified developer, you can temporarily bypass Gatekeeper by opening the app from the right-click context menu.

To illustrate, when you attempt to open an app from an unidentified developer while Gatekeeper is enabled, you’ll receive the following alert telling you the app can’t be launched:

gatekeeper sierra unidentified developer
To temporarily bypass Gatekeeper, right-click (or Control-click) on the app’s icon and select Open.

gatekeeper bypass sierra
You’ll still receive an alert message, but this time it’s only a warning. Clicking Open again will launch the app.

gatekeeper bypass open

Restore Sierra Gatekeeper Settings to Default

If you’ve enabled the “Anywhere” option by using the Terminal command above and later want to reverse it, you can head back to Terminal and run this command:

$ sudo spctl --master-enable

This command reverses the spctl --master-disable command that you ran to set Gatekeeper’s “Allow app downloads from” setting to “Anywhere.”

Final Thoughts

Gatekeeper is a very strong security feature that is meant to protect your Mac from malware and otherwise harmful software. However, while it does offer great protection, it can be very restricting for power users.

Fortunately, there’s a way around this. By following the instructions outlined in this article, you can easily disable Gatekeeper and unleash the power of your Mac.

If you found this article useful, you might want to check out How to Run Mac Software Update via the Terminal.

Also, be sure to take a look at our piece on How to Install MacOS / OSX on a Chromebook.

Have you set Gatekeepers’ “Download apps from” setting to “Anywhere” before? How did you do it? Please leave a comment below.

30 thoughts on “How to Disable Gatekeeper and Allow Apps From Anywhere in macOS Sierra”

Avatar Martine-blablabla says:
After wrote : sudo spctl –master-enable
terminal asks me
Password:
but with a key logo (not the double dot as above) and i cant write anything just “enter” works :
Sorry, try again.
Password:

I cant write my password, how i can do ?
Thanks

Avatar Wolfos says:
You can write your password, it just doesn’t show what you’re typing. Every command you type into the terminal is saved in the system log, which can be viewed by other users. If they showed your password as *** other users could derive the length of your password from the system log, which is a security risk.
Avatar hawkins says:
I get the following
“The developer of this app needs to update it to work with this version of macOS. Contact the developer for more information.”
This is not a gatekeeper issue, is it? Any advice?
Avatar zork says:
Definitively not working on Catalina. You can disable spctl from recovery mode, but once you reboot it is automatically enabled. Anyone can provide a solution ??..
Avatar Leah says:
It won’t work for me either!
I type password in and then it comes up with “command not found
Avatar Zeynep Orhan says:
Worked thanks
Avatar charlie says:
when i put in the command it says permission denied
Avatar Anon says:
Is there a way to forget all allowed apps?
Avatar matthew says:
Anys-MacBook-Pro:~ matthew$ $ sudo spctl –master-disable
-bash: $: command not found

wha?

Avatar Micros says:
Use a double dash. It somehow got converted to a long dash in your comment.
Avatar Oliver Cordingley says:
Don’t type the $, it is used to show that you are meant to be typing in the terminal
Avatar Hacker Space says:
You added a $ the $ already exists as the first character in the terminal
Avatar Ian McKenzie says:
respect
Avatar chazz says:
the command doesn’t work for me
Password:
Usage: spctl –assess [–type type] [-v] path … # assessment
spctl –add [–type type] [–path|–requirement|–anchor|–hash] spec … # add rule(s)
spctl [–enable|–disable|–remove] [–type type] [–path|–requirement|–anchor|–hash|–rule] spec # change rule(s)
spctl –status | –master-enable | –master-disable # system master switch
Avatar Noe says:
Worked PERFECTLY! A million thanks!
Avatar chris says:
Nope! Does not work. I enter the command in Terminal followed by Password only to get another prompt
that requests password with a key next to it. Frustrating.
Avatar Noe says:
I think you are supposed to write the command, hit enter and, when the key appears, type the password ;)
Avatar Oliver Cordingley says:
Just so you know your password isn’t actually shown to you, you just have to assume that it is typing
Avatar ALEX JOLLY says:
thanks …it helps me a lot
Avatar vzRowan says:
Is there an option to “undo” this command? (removing de button)
Avatar vzRowan says:
nevermind, never made it to the end of the article, now i read it, sorry.
Avatar ben says:
perfect!
Avatar Rombout says:
I still see applications are run from a temp folder and not from the applictions folder. I tried manually editing preferences file of such apps but after opening and closing they are reset again to this temp folder. But i did add the Anywhere option again.
Does anyone know some more trick for this?
Avatar Grumpy Mac user. says:
Your issue appears to be because Gatekeeper has some apparently deliberately obfuscated security that is called GateKeeper Path Randomization. This deliberately and secretly vandalises any attempt to modify installed applications.
I can’t find any way to turn gatekeeper off (this article doesn’t help here) but if you copy your app into the Applications directory in finder then you may find it now works… or you may not.
It’s vaguely documented here https://bugs.eclipse.org/bugs/show_bug.cgi?id=507328 where your mac allows you to launch eclipse set a workspace install some addons and them mostly forgets about this as soon as you restart. I can see that preventing modification might be considered a security feature but allowing modification and then removing the modifications without warning seems a deliberate attempt to break applications – perhaps a way to extort money from developers who need to pay to get things signed?
Avatar WX GAMING// Wenxiang//Trollers says:
Thanks this helped me a lot
Avatar disqus_GGYzLlp2oJ says:
It’s not letting me type in my password.
Avatar Bob says:
the password in terminal is never shown for security purposes, just type it in and hit return.
Avatar scoupdogg says:
sigh, probably in the next update this is going too.
i hated Iphone and Liked Mac for the exact same reason, iphone is too walled.
mac is going to same route, probably next option is to move to Chrome OS
Avatar Totellthetruth says:
THanks!
Avatar Beka Kharebava says:
not work !!
iMac:~ mac$ sudo spctl –master-disable
sudo: /etc/sudoers is owned by uid 1, should be 0
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
iMac:~ mac$
Avatar Joe Clay says:
It works. I did it last night. Something is up with your configuration if you can’t use sudo.
Avatar Beka Kharebava says:
What should I do to solve this problem?
Avatar Joe Clay says:
My comment with a link is awaiting moderation, but Google “/etc/sudoers is owned by uid 1, should be 0” since it’s some sort of permissions issue and that line is where the problem is. There’s a guy in the first post that shows up for me who might have a fix with the chown command.
chown root:root /etc/sudoers
Avatar David Raybould says:
Awesome! Thank you.
Avatar RIATA de DIOS says:
nice
Avatar Ben Frain says:
Thanks for this post. Was driving me nuts!
Avatar Joe Clay says:
I hate when they make annoying changes like this. I know what I’m installing and running. I made the app that I was trying to run in automator on one of my other machines FFS.
Avatar Gonzalo Guirao Perez says:
Impossible for me.
Gonzalo-Guiraos-iMac:~ gonzaloguirao$ sudo spctl -–master-disable
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
It tells me to put it to the trash, when I try control Open
Avatar Michael Lin says:
You’ll need to edit your /etc/sudoers file with visudo. Try the command “su”, or switch user, to do this.
Avatar Gonzalo Guirao Perez says:
Thanks I will try
Avatar Elinei says:
THANK YOU! Exactly what I needed.
Avatar jzumbrun says:
And done.
Avatar Jeremy Michael Lelea says:
You Rule!!!!!
Avatar Terry Luanarista F says:
Thank you so much :)

Leave a Reply

Your email address will not be published. Required fields are marked *


Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.