How to Turn Off & Manage Mac OS X’s Gatekeeper
In response to growing malware and virus concerns in Mac OS X, Apple introduced Gatekeeper, a new security feature, as part of OS X 10.8 Mountain Lion (and later ported it to OS X 10.7 Lion as of version 10.7.5). Gatekeeper prevents a user from launching applications that are not from the Mac App Store or registered developers. Depending on how you use your Mac and what apps you use, Gatekeeper can be both useful and annoying. Here’s how to deal with it.
First, to modify Gatekeeper’s settings, head to System Preferences > Security & Privacy > General. Although it’s not labeled as such, Gatekeeper’s preferences are listed on the bottom half of the General tab.
There are three primary settings for Gatekeeper:
Mac App Store: this allows only apps downloaded from Apple’s Mac App Store to be launched. While the Mac App Store library grows every day, most Mac users will want to run apps that are not yet available in the store (and, with Apple’s shift to sandboxing requirements, may never be), so only choose this setting if you’re sure that the apps you want are already in the store.
Mac App Store and Identified Developers: this setting allows Mac App Store apps, the same as above, and also signed applications from “identified” Apple developers. Identified developers are third-party developers who register with Apple and receive a unique digital certificate to include with their apps. The goal of this arrangement is that Apple will know who created a certain application if it causes problems and users will be able to tell, thanks to the digital certificate, if the app has been altered in any way (for example, if a hacker distributes a modified copy of iWork with malware inside).
It’s important to note, however, that Apple is not approving the apps of identified developers as it does with apps in the Mac or iOS App Stores. It is relatively easy to register with Apple and obtain a certificate with which to sign applications. While Apple does take complaints seriously and will blacklist known developers who distribute malware, it is very possible for a new developer (or an existing developer with a new alias) to be registered and distribute apps with malicious intent. Therefore, users should still exercise caution when launching apps of unknown origin or from unknown developers.
Anywhere: as the setting’s name implies, this will effectively turn off Gatekeeper except for apps and processes that are known to Apple as malicious and are on the company’s blacklist. That means that if you open an app that has hidden malware that is not yet known, your Mac might end up as patient zero in the next outbreak. Still, for experienced users who make smart choices about which apps to download and open, even with this setting the chances of getting malware are relatively low.
If a user attempts to open an app that doesn’t meet the requirements of their Gatekeeper setting, OS X will present a warning explaining why the app is not allowed to be run.
The default Gatekeeper setting in OS X is “Mac App Store and Identified Developers.” If you find yourself getting warnings when trying to open an app from an unidentified developer, you have two choices: 1) you can go into System Preferences and choose a less restrictive setting or, 2) you can use a shortcut to allow a one-time exception to the Gatekeeper settings.
To allow this one-time exception, right-click on the app’s icon and left-click on “Open” (as opposed to double-left-clicking on the icon to open it). This will present a similar warning notifying you that the App is not from the Mac App Store or an identified developer. Unlike the standard warning, however, there is now an “Open” box that will allow you to force the app to launch even if it doesn’t meet Gatekeeper’s requirements.
With this workaround, you can leave Gatekeeper set to any level of protection and still be able to quickly work around it when necessary. This works great when sharing a Mac with kids or non-tech-savvy spouses.