Apple removes Control-click option for skipping Gatekeeper

You'll no longer be able to override Gatekeeper in macOS Sequoia with a keyboard shortcut as Apple continues to crack down on unsigned software.

If you try to install apps on macOS that haven't been signed or notarized, Gatekeeper gets in the way and won't let it run. Apple has removed an age-old shortcut for skipping the Gatekeeper prompt in macOS Sequoia.

Until macOS Sequoia, users could hold Control and click on a freshly installed app to avoid Gatekeeper's warnings about running unsafe software. Now, users must navigate to System Settings then Privacy & Security to allow the app to run.

It's a slight inconvenience for users trying to install apps from the web, but it doesn't prevent them from running the app. In fact, many installers include instructions or a direct link to the System Settings page, so the Control-click shortcut hasn't always been necessary.

The change is likely meant to protect non-technical users from being instructed by malicious installers to bypass Gatekeeper. The extra steps requiring actions in System Settings can create a higher barrier to entry for such attack vectors.

Apple, of course, recommends that any app destined for macOS that is distributed outside the App Store be notarized. The process scans the software for security risks and gives it a ticket for Gatekeeper to treat it as a trusted app.

Some see this as a direct attack on web-sourced software that Apple is babying its customer base with nanny-like protections. In the end, it is just an extra step that could prevent someone from running malware and does nothing to stop people from running what they want on Mac.

macOS Sequoia is due to release later in the fall. It could launch alongside iOS 18 shortly after the iPhone 16 announcement in September.

9 Comments

Xed 2780 comments · 4 Years

About 1 month ago

I'm all for this change. Users need to be aware that unsigned SW is potentially more of a security issue so having the user make more qualified additional steps to run it the first time is not a bad idea. I would've implemented this many years ago, personally.

sflocal 6121 comments · 16 Years

The whining from a certain group is getting old. If this bothers you, go to Linux or Windows. There are choices. Most users of MacOS are regular users, not power users. The majority of users I would think would support this.

Just look at the mess that happens with the wild-west that is Windows. If that is what bakes your noodle, go right ahead to that yard.

elijahg 2792 comments · 18 Years

sflocal said:

The whining from a certain group is getting old. If this bothers you, go to Linux or Windows. There are choices. Most users of MacOS are regular users, not power users. The majority of users I would think would support this.
Just look at the mess that happens with the wild-west that is Windows. If that is what bakes your noodle, go right ahead to that yard.

Right clicking and open is already an inconvenience and different enough to usual that it should cause users to think twice. Has there been some mass infiltration of Macs through running unsigned software via right-click that I am unaware of?

dewme 5635 comments · 10 Years

sflocal said:

The whining from a certain group is getting old. If this bothers you, go to Linux or Windows. There are choices. Most users of MacOS are regular users, not power users. The majority of users I would think would support this.
Just look at the mess that happens with the wild-west that is Windows. If that is what bakes your noodle, go right ahead to that yard.

Both Windows and macOS have provided facilities for signing binaries and assemblies for a very long time. At the same time both Windows and macOS allow users with admin privileges to run unsigned binaries and assemblies. Windows is no more or less of a “Wild West” than macOS, at least when it comes to managed code.

I suppose both macOS and Windows could have clamped down hard and insisted that everything be signed at some point. Unfortunately the boat anchor that is “backward compatibility” and legacy software has kept both operating systems from dropping the hammer. Each one has their own way of waving the “Danger Will Robinson” flag but users become oblivious to the warnings anyway.

in some ways the real “blame” if you want to call it that lies with the software providers who have chosen to place their customers at increased risk by not taking advantage of the more secure security facilities that the OS vendors provide and have provided for quite some time already. You can lead a horse to water …

Hopefully more users will start to question why some software providers are asking them to leave the door unlocked if they way to run their software on a secure system. Perhaps they believe the (fire)wall they’ve erected around their system is secure enough considering the nature of what the app does. All I can say is that if my privacy, security, or financial health is at risk I’m going to consider sighed software to be a requirement, not an option. All of my past customers felt exactly the same way.

icodewell 12 comments · 7 Years

Apple isn't taking something away, per se, but for power users (who are also influencers) it adds another annoyance. This is why I've been an advocate for adding a "Developer Mode" to macOS and Windows which would disable the default restrictions and otherwise configure the experience for pro users.