Starting with macOS Catalina, your Mac really, really, really wants to make sure you’re only working with safe software. That’s why you’re probably getting lots of dialogs from apps asking for permission to access different parts of your Mac’s operating system or hardware, update you with notifications, and perhaps to access your contacts, photos, and more.
Apple’s own Gatekeeper tech has been doing this for some time. Naturally, the tech giant wants you to get all your software from the Mac App Store, but it realizes that it may not always be the case.
When you install Mac apps, plug-ins, and installer packages from outside the Mac App Store, macOS checks the Developer ID signature to verify that the software is from an identified developer and hasn’t been altered. By default, macOS Catalina (and I’d suspect macOS Big Sur) also requires software to be notarized. Before opening downloaded software for the first time, macOS asks for your approval if the app isn’t from the Mac App Store.
By default, your Mac’s security and privacy preferences are set to allow apps from the Mac App Store and identified developers. For extra security, you can choose to allow only apps from the App Store.
How to allow only apps from the App Store
- In System Preferences, click Security & Privacy, then click General.
- Click the lock and enter your password to make changes.
- Select App Store under the header “Allow apps downloaded from” and make sure “App Store and identified developers” isn’t enabled.
I personally leave the latter enabled and haven’t had any issues. If your Mac — like mine — is set to allow apps from the Mac App Store and identified developers, the first time you launch a new app, it asks if you’re sure you want to open it. An app that has been notarized by Apple indicates that Apple checked it for malicious software, and none was detected.
If you have set your Mac to allow apps only from the App Store and you try to install an app from elsewhere, it will say that the app can’t be opened because it wasn’t downloaded from the App Store.
If your Mac is set to allow apps from the App Store and identified developers, and you try to install an app that isn’t signed by an identified developer or notarized by Apple, you also see a warning that the app can’t be opened.
If macOS detects that an app has malicious content, it will notify you when you try to open it and ask you to move it to the Trash.
However, if you really want to run software that hasn’t been signed and notarized (though I’d advise against this), you can.
How to allow apps not downloaded from the App store
- Go to System Preferences > Security & Privacy, under the General tab.
- You’ll see a note about the denied app. You can click Open Anyway and take your chances.
Starting with macOS Catalina, Apple has kicked things up a notch. Now every app that wants to send you notifications has to get your permission. You’ll probably want to say “yes” for software such as your calendar and reminder apps. For others, it’s your call.
How to give apps specific permissions
macOS Catalina also requires you to give special permission to apps that want to access things such as:
- Location services
- Your camera and microphone
- Your contacts, calendars, and reminders
- Full disk access
- Access to your Documents and Downloads folders
- Accessibility access
Go to System Preferences > Privacy and you’ll see a list on the left-hand side of the pop-up menu with these items:
- Location Services
- Speech Recognition
On the right-hand side of the screen, you’ll see a list of items that want to access these functions.
To make any changes, you’ll need to click the lock icon at the bottom left of the screen to make changes. Just proceed cautiously; take time to make sure you trust an app before giving it special permission to access your Mac’s functions.