Where do Mac apps store data

Correctly install macOS applications on Mac

Bastian Gruber

Since the introduction of iOS, Apple has copied more and more security aspects from the mobile operating system for macOS. With OS X Lion came Gatekeeper, which has matured over the years.

EnlargeInstall programs correctly on Mac
© Tero Vesalainen / Shutterstock

In 2012, Apple first placed a graphical view of the risk classification for the installation of applications in the system settings. Since then, under "Security" there is a selection of sources for which the user can allow the installation of apps.

These include:

  • App Store

  • App Store and Verified Developers

Before the name change from OS X to macOS, there was also an option "Everywhere", but the system settings no longer show this by default.

EnlargeApple ranks application health into three categories: App Store, Verified, and Unverified Developers.

The "Security" settings can be found in the system settings:

EnlargeYou can access the app restrictions under the "Security" tab

To make changes, first click on the lock in the lower left corner and enter your password:

EnlargeThe lock symbol must be opened by clicking and entering the password in order to be able to make changes

Differences between the categories

Apple wants to prevent malicious code from settling on your Mac. All apps that are placed in the App Store are checked behind the scenes by Apple itself and only have a limited scope in the operating system. In this way, Apple prevents developers from gaining access to private files unnoticed.

Applications that cannot be found in the App Store can still get the Apple stamp. Developers only have to join Apple's developer program, pay 99 euros a year and store their data. A digital signature can then be created. Such apps are then classified as "verified developer" and can be opened directly depending on the system settings.

All applications that are not in the App Store (because developers may not want to adhere to Apple's restrictions or do not want to share revenue with Apple), but are still official app developers, fall under the second classification, "App Store and verified developers ".

EnlargeUsers can restrict the sources from which they allow app installations.

However, this does not result in the aforementioned check from Apple, which is why macOS displays a warning before opening such an application for the first time. So you need to be aware that the application you have just downloaded may contain malicious code. So always first check whether the file was downloaded from an official website by the developer himself.

EnlargeBefore opening an application from a verified developer that is not in the App Store for the first time, macOS displays a warning.

If you have chosen the more restrictive option and only allow applications from the App Store, you cannot start any applications directly that do not come from the App Store. You will see a warning that the application is not from the App Store and therefore cannot be opened.

EnlargeIf you only allow applications from the App Store, you will not be able to open any apps that were installed from a website at first.

This warning does not have to prevent you from installing the downloaded program, nor do you have to make any global changes. The system settings under "Security" give you the option to confirm an exception for this developer.

EnlargeThe option to open applications anyway appears in the security settings and then adds an exception for the manufacturer or source.

The "Security" tab shows the application you last tried to open, and clicking "Open Anyway" sets an exception. This is saved system-wide and from now on you can always start the application with a double click.

Not verified applications

If you work with open source software and developers do not want or can not afford the 99 euros a year, the applications fall under "unverified developers". In the latest versions of macOS, there is no longer a standard setting that allows the installation of this type of application.

EnlargeApplications that do not come from verified developers are completely blocked by macOS. The only way to do this is to go through the system settings to open these programs.

After opening an application without a digital signature, a warning appears suggesting that you put the application in the trash. But that's not the end of the story. As with the last setting, system-wide exceptions can be generated. To do this, go back to the "Security" tab in the system settings and click the "Open anyway ..." button. This means that one-time exceptions can be generated for applications that you trust.

EnlargeAfter macOS blocks the opening of applications, an option appears in the "Security" tab in the system settings to add an exception for this application with "Open anyway ...".

If you don't want to go through the "Security" tab every time, a terminal command can help to bring the old "Everywhere" option back to life. Search for "Terminal" via Spotlight, select the application and a black window will appear after opening it. There you can use the command:

and confirm with Enter. Then enter your password (the letters are not displayed) and confirm again with the Enter key. You can now open the system settings again, and the "Everywhere" option is now available under our "Security" tab.

EnlargeAfter the terminal command, the old option "Everywhere" appears in the selection menu.

This is the least secure option, but from now on the system will leave you alone and no longer display any warnings when opening applications. To deactivate the option, the command is sufficient:

Then the option disappears again. We only recommend this for professional users who work with many applications that are not verified and who know exactly where the installed program came from.

Recommended settings and procedures

The dynamic addition of exceptions makes it easy to configure the security settings as restrictively as possible. If you only select "App Store" in the "Security" tab, all applications that were not installed from the App Store will receive a warning and cannot be opened. You can avoid this via the "Open anyway ..." button in the system settings.

Not comfortable, but safe. Especially when you consider that applications don't take much time to install. So it is conceivable to set the setting to "App Store and verified developers" when setting up the new Mac and to switch to the "App Store" setting after opening and using the apps.

This ensures that no applications are accidentally opened that do not comply with the strictest security guidelines.

Enter password during installation

In addition to these basic restrictions, applications may require a password to be entered during installation. Complex apps often access system-wide settings or change them, or operate in system folders that normal users have no access to.

If this is the case, the user must prove that he or she has the necessary rights on the Mac. Simple applications can simply be placed in the Applications folder and do not access any other files. These do not require an administrator password.

Summary

It is important to understand: Regardless of which settings you have selected, every application can be opened directly via detours in the system settings. The restrictive setting "App Store" only allows applications from the App Store to be opened by default. Permanent exceptions for non-App Store applications can be added via "Open anyway ...".

The second most secure setting is "App Store and Verified Developers". Any application created by a developer with an Apple digital signature can be opened. This is the case for all developers who pay 99 euros a year and have created the application via Xcode. The app itself does not have to come from the app store and can come from a website or DVD.

It is important to understand that Apple cannot perform a direct malicious code check and you are exposed to the risk that the app will access areas in the system that may or may not be to your disadvantage.

The third variant is "Everywhere", which Apple removed from the system preferences. This can be reactivated with the terminal command. You will then no longer see any warnings and all applications can be installed. If you work with open source software a lot, this can be an advantage. But then you have to check for yourself which developers and sources you trust.