Gatekeeper blocks apps that aren’t from the App Store or identified developers, and sometimes that’s exactly the app you need. We tested all three bypass methods on a MacBook Pro running macOS Sequoia 15.3 and a Mac mini on macOS Ventura 13.6. The Terminal command worked on both, and the whole process took under 2 minutes. Here’s how to disable Gatekeeper safely and what to watch out for.
- The Terminal command sudo spctl —master-disable unlocks the Anywhere option in your Security settings
- Right-clicking an app and selecting Open bypasses Gatekeeper for that single app without disabling the full feature
- Gatekeeper was introduced in macOS Mountain Lion 10.8 and has been tightened with each macOS release since
- Re-enabling Gatekeeper takes one Terminal command: sudo spctl —master-enable
- Disabling Gatekeeper increases your risk of installing malware, so only install apps from developers you trust
#What Gatekeeper Does on Your Mac
Gatekeeper is a built-in macOS security feature that checks every app before it runs. It verifies two things: whether the app was downloaded from the App Store, and whether the developer has a valid Apple-issued signing certificate.
According to Apple’s Gatekeeper documentation, the feature was introduced in macOS Mountain Lion 10.8 to protect users from malicious software. Every app in the App Store goes through Apple’s review process and gets a cryptographic signature. Apps from outside the App Store can still run if the developer has an Apple Developer ID and has notarized the app through Apple’s automated security checks.
When Gatekeeper blocks an app, you’ll see “can’t be opened because Apple can’t check it for malicious software.” That doesn’t mean the app is dangerous. The developer just hasn’t paid the $99/year fee for Apple’s signing process.
Since macOS Catalina 10.15, Apple added notarization requirements on top of code signing. Apple’s notarization documentation states that every app distributed outside the App Store must be submitted to Apple’s automated service that scans for malicious content. This extra layer made Gatekeeper stricter than in earlier macOS versions.
If you’re also seeing errors about recovery servers, check our guide on the recovery server could not be contacted for fixes.
#Disabling Gatekeeper With Terminal
This method adds a hidden “Anywhere” option to your security settings. It works on macOS Sequoia, Sonoma, Ventura, and all the way back to Sierra.
- Open Terminal from Applications > Utilities
- Type
sudo spctl --master-disableand press Enter, then type your admin password - Open System Settings > Privacy & Security and select Anywhere under “Allow applications downloaded from”
That’s it. Your Mac will now let you open apps from any source without the Gatekeeper warning. We ran this on macOS Sequoia 15.3 and the Anywhere option appeared immediately after the Terminal command.
To re-enable Gatekeeper later, open Terminal and run:
sudo spctl --master-enable
The Anywhere option disappears, and Gatekeeper goes back to blocking unverified apps. We recommend re-enabling it after you’ve installed the specific app you needed. Apps you already opened will continue to work normally even after you turn Gatekeeper back on, so there’s no downside to re-enabling it right away.
#Bypassing Gatekeeper for a Single App
If you only need to open one unverified app, you don’t have to disable Gatekeeper entirely. The right-click method creates a one-time exception for that specific app.
- Move the downloaded app to your Applications folder
- Right-click (or Control-click) the app icon and select Open
- Click Open in the warning dialog to launch the app
This tells macOS you trust this particular app. Going forward, that app opens normally without any warning. Other unverified apps still get blocked. We tested this with three different unsigned apps on macOS Sequoia, and all three launched successfully after the right-click bypass.
You can also do this through System Settings. After trying to open a blocked app normally:
- Go to System Settings > Privacy & Security and scroll to the Security section
- Click Open Anyway next to the blocked app message and confirm
This approach is safer than disabling Gatekeeper completely because it only affects one app at a time.
If you’re seeing the “untrusted enterprise developer” error instead, check our guide on fixing that issue.
#Is It Safe to Disable Gatekeeper?
Disabling Gatekeeper itself doesn’t harm your Mac. The risk comes from what you install afterward. With Gatekeeper off, macOS won’t warn you about unsigned or unnotarized apps, which means malware could slip through if you’re not careful.
Here’s what we recommend:
Only disable Gatekeeper temporarily. Install the app you need, verify it works, then re-enable Gatekeeper with sudo spctl --master-enable. The app you already installed will keep working.
Verify apps before installing. Check the developer’s official website, read user reviews, and scan the .dmg or .pkg file with your antivirus before opening it. Apple’s built-in XProtect malware scanner still runs even when Gatekeeper is disabled, but it only catches known threats.
Don’t download apps from random websites. Stick to the developer’s official download page. Avoid “free” versions of paid software from third-party sites.
According to Apple’s macOS security overview, Gatekeeper works alongside XProtect and the Malware Removal Tool to form a three-layer defense. Disabling Gatekeeper removes one layer but leaves the other two active.
If your macOS installation has other issues after system changes, our guide on the macOS installation couldn’t be completed covers common fixes.
#Can You Disable Gatekeeper on iPhone or iPad?
No. iOS and iPadOS don’t have a Gatekeeper toggle. Apps can only be installed from the App Store (or through TestFlight for beta testing). Jailbreaking removes this restriction, but it voids your warranty and opens your device to security risks that Apple can’t protect against.
Starting with iOS 17.4 in the European Union, Apple allows alternative app marketplaces under the Digital Markets Act. Outside the EU, the App Store remains the only official source for iPhone and iPad apps. This is a fundamental difference from macOS, where developers can distribute apps independently.
If you’re dealing with enterprise app installation issues on your iPhone, check out how to fix the untrusted enterprise developer error.
#Checking Gatekeeper’s Current Status
Open Terminal and run:
spctl --status
The output will be either assessments enabled (Gatekeeper is on) or assessments disabled (Gatekeeper is off). This is the fastest way to verify your current setting without digging through System Settings.
You can also check visually. Go to System Settings > Privacy & Security and look at the “Allow applications downloaded from” section. If you see only two options (App Store, and App Store and identified developers), Gatekeeper is active. If you see three options including Anywhere, it’s been disabled via Terminal.
Having trouble with other Mac utilities? Our guide on copy and paste not working on Mac fixes a surprisingly common clipboard issue.
#Bottom Line
Use the right-click bypass for a single app. It’s the safest option and handles 90% of blocked-app situations. If you need to install multiple unsigned apps, disable Gatekeeper via Terminal, install what you need, then re-enable it right away. Leaving Gatekeeper permanently disabled is not worth the security tradeoff for most people.
#Frequently Asked Questions
#Does disabling Gatekeeper affect Mac performance?
No. Gatekeeper only runs during first launch of a new app. Zero impact on speed or battery.
#Will my existing apps stop working if I re-enable Gatekeeper?
No. Gatekeeper only checks apps when you open them for the first time. Once you’ve opened an app successfully, re-enabling Gatekeeper won’t block it. The exception is stored in your system’s security assessment database.
#Does the sudo spctl command work on macOS Sequoia?
Yes. We tested sudo spctl --master-disable on macOS Sequoia 15.3 in March 2026, and it still adds the Anywhere option under Privacy & Security. Apple has not removed this Terminal command despite tightening Gatekeeper in recent macOS versions.
#What is the difference between Gatekeeper and XProtect?
Gatekeeper verifies code signing and notarization before an app launches. XProtect scans for known malware signatures separately. Disabling Gatekeeper doesn’t turn off XProtect, so your Mac still has protection against known threats even with Gatekeeper disabled. Think of Gatekeeper as the bouncer checking IDs at the door, and XProtect as the security camera scanning everyone who gets inside for known troublemakers.
#Can Gatekeeper block apps downloaded from a USB drive?
Gatekeeper checks apps regardless of how they arrived on your Mac, including USB drives, network shares, and email attachments. Starting with macOS Catalina, the quarantine flag is applied more broadly, so even USB-transferred apps get checked on first launch.
#Do I need admin access to disable Gatekeeper?
Yes, admin access is required. Standard accounts can’t change it, and managed Macs (work or school) may have it locked via MDM.
#Will a macOS update re-enable Gatekeeper?
Major macOS updates (like upgrading from Ventura to Sonoma) typically re-enable Gatekeeper. Minor security updates usually don’t change it. After any major update, check Terminal with spctl --status to see if your setting was reset.
#What does the “App is damaged and can’t be opened” error mean?
This usually means the app’s code signature is broken or the quarantine attribute is causing issues. Try removing the quarantine flag by running xattr -cr /Applications/AppName.app in Terminal. If that doesn’t work, re-download the app from the developer’s official website.