Mac
Mac says an app is damaged and can't be opened
Fix "<app> is damaged and can't be opened" or "can't be opened because Apple cannot check it for malicious software" on macOS — the safe Open Anyway path, the quarantine fix for trusted apps, and the override never to use.
Problem summary
I'm here because macOS won't open an app — it says it's 'damaged and can't be opened', or 'can't be opened because Apple cannot check it for malicious software', and offers to move it to the Trash. This is almost always Gatekeeper (macOS's app-safety check), not a literally broken app — and Tahoe tightened it. This page gives the safe fix first (Open Anyway), the quarantine-clearing command for apps you genuinely trust, the malware caveat that comes with it, and the one global override you should never run.
Confirm whether you trust the app's source.
xattr -l /Applications/<App>.app
Downloaded yourself from the official site / App Store → safe to override per-app.
Never on software you can't vouch for.
Layer path
Step-by-step runbook
Start here. Do each check in order, compare it to the expected result, and stop when the evidence explains the failure or the safe stop point applies.
Read the message correctly
Check: Treat 'damaged'/'cannot be checked' as Gatekeeper, not corruption.
Expected result: You approach it as a trust decision, not a re-download reflex.
If not: If genuinely corrupt, re-download later.
Decide trust
Check: Confirm the app came from an official source you chose.
Expected result: You only override for software you vouch for.
If not: Untrusted → Trash it.
Use the supported override
Check: Privacy & Security → Security → Open Anyway.
Expected result: A per-app exception opens it without weakening the system.
If not: No button → targeted quarantine removal.
Clear quarantine (trusted only)
Check: `the "Remove quarantine for a trusted app" command below`.
Expected result: The trusted app opens; protection stays on elsewhere.
If not: Still failing → re-download/verify.
Never go global
Check: Avoid `spctl --master-disable`; re-enable if previously set.
Expected result: System-wide Gatekeeper protection remains intact.
If not: Handle every app individually.
Decision tree
If: App is from a source you don't trust / didn't install.
Then: Gatekeeper is correctly blocking possibly-malicious software.
Action: Move it to the Trash; do not override.
If: Trusted app; 'Open Anyway' button is present.
Then: Unnotarized-but-trusted app blocked by Gatekeeper.
Action: Use Privacy & Security → Open Anyway (the supported per-app path).
If: Trusted app; no 'Open Anyway' (the 'damaged' quarantine case).
Then: Download-quarantine flag triggering the block.
Action: `xattr -dr com.apple.quarantine /Applications/<App>.app` for that app only.
Safe stop: Never on software you can't vouch for.
If: Tempted to silence all such messages.
Then: Global Gatekeeper disable would expose the whole Mac.
Action: Do NOT run `spctl --master-disable`; handle apps individually.
If: Trusted, dequarantined app still won't open.
Then: Genuinely corrupt download or architecture/OS mismatch.
Action: Re-download from the official source; verify with `spctl`/`codesign`.
Evidence table
| Symptom | Evidence to collect | Likely layer | Next action |
|---|---|---|---|
| '<app> is damaged and can't be opened.' | App was downloaded (has com.apple.quarantine) and isn't notarized. | Gatekeeper + quarantine, not corruption. | Open Anyway, or `xattr -dr com.apple.quarantine` for trusted apps. |
| 'Cannot be checked for malicious software.' | Unnotarized app from an identified/unidentified developer. | Notarization gate. | Privacy & Security → Open Anyway. |
| Block appeared only after updating to Tahoe. | 26.2+ hardened Gatekeeper enforcement. | Stricter enforcement, same app. | Per-app Open Anyway / quarantine removal. |
| App you didn't install is being blocked. | Unknown provenance. | Possibly unwanted/malicious software. | Delete it; don't override. |
| Trusted app still fails after dequarantine. | `spctl`/`codesign` show unsigned, or wrong arch. | Corrupt download or architecture mismatch. | Re-download from official source; check arch/OS. |
Commands and settings paths
Inspect the quarantine attribute before acting
xattr -l /Applications/<App>.app
Where: Terminal on the Mac.
Expected: Shows com.apple.quarantine with the download source/timestamp.
Failure means: Its presence confirms the 'damaged' block is quarantine, not corruption.
Safe next step: Decide trust, then remove it (trusted apps only) or delete the app.
Remove quarantine for a trusted app
xattr -dr com.apple.quarantine /Applications/<App>.app
Where: Terminal on the Mac (trusted software only).
Expected: Strips the download-quarantine flag so the app opens.
Failure means: If it still won't open, it may be corrupt or the wrong architecture.
Safe next step: Re-download from the official source.
Read Gatekeeper's verdict and signing status
spctl -a -vv /Applications/<App>.app ; codesign -dv --verbose=4 /Applications/<App>.app
Where: Terminal on the Mac.
Expected: Shows accepted/rejected and the signing identity / notarization.
Failure means: Rejected/unsigned explains the block and whether to trust it.
Safe next step: For unsigned untrusted apps, don't override — delete.
Re-enable Gatekeeper if it was globally disabled
sudo spctl --master-enable
Where: Terminal on the Mac.
Expected: Restores system-wide Gatekeeper protection.
Failure means: If `spctl --status` shows 'assessments disabled', the Mac was exposed.
Safe next step: Keep it enabled; use per-app overrides instead.
Hardware and platform boundary
Change only when
- Prefer apps from the Mac App Store or notarized developers — they open without any of this, because they pass Gatekeeper cleanly.
- For your own builds (developers), use a Developer ID certificate or ad-hoc signing instead of disabling Gatekeeper.
Evidence that matters
- The app's source and notarization status — that's what the message is about.
- Per-app overrides (Open Anyway / targeted quarantine removal), not global ones.
- A way to verify signing (`spctl`, `codesign`) when in doubt.
Evidence that does not matter
- Whether the file is literally 'damaged' — it usually isn't; it's a trust gate.
- The exact wording ('damaged' vs 'cannot be checked') — both are Gatekeeper.
- Third-party 'unlocker' tools — the built-in steps are safer.
Avoid
- `sudo spctl --master-disable` — it disables Gatekeeper for the whole Mac.
- `xattr` quarantine removal on software you can't vouch for.
- Following a website's bypass steps to install 'free' paid software (malware vector).
Related tool/checklist
Use the linked tool when you need a guided plan from your exact symptoms instead of a static checklist.
Backup plan builderLast reviewed
2026-06-02 · Reviewed by HomeTechOps. Reviewed against Apple's 'Safely open apps on your Mac' guidance and the Tahoe Gatekeeper hardening; frames the 'damaged'/'cannot be checked' message as a Gatekeeper/notarization trust decision, leads with the supported Open Anyway path and trusted-only `xattr` quarantine removal, and is explicit that `spctl --master-disable` (and dequarantining untrusted apps) is the override never to use.
Sources/assumptions
- Assumes a Mac on macOS Tahoe (macOS 26), where Gatekeeper/notarization enforcement was hardened (26.2+); exact wording of the block varies (‘damaged’ vs ‘cannot be checked’).
- Commands (`xattr`, `spctl`, `codesign`) follow Apple's documented behaviour; `xattr` quarantine removal is appropriate only for trusted software.
- The advice assumes you can verify the app's source; for unverifiable apps the safe action is not to override Gatekeeper.
Source-backed checks
HomeTechOps turns official docs and conservative safety rules into a shorter runbook. These links are the source trail for the page direction.