[Known issue] «App is damaged and can’t be opened» error when opening downloaded Apps

[Swiss-Mac-User]

Some Applications downloaded by the script and using curl will, when trying to be (automatically) be opened, show the warning:

«App is damaged and can’t be opened. You should move it to the bin.»

Root cause

macOS security (Gatekeeper) quarantines some Apps, in order to attempt to limit software to the Mac App Store - plus System Integrity Protection is preventing third-party apps from potentially tampering with sensitive parts of the system or injecting code into Apple apps like Finder and Safari.

Unfortunately, at least since macOS 13 Ventura (which tightens security and previous workarounds), my tests were all unsuccessful to programmatically remove the affected Apps out of the Gatekeeper quarantine: I tried removing xattr-attributes, temporarily disabling spctl, and assigning missing xattr-attributes about the downloaded datetime and source.

Hence I see this currently as a won't fix - unless someone finds a clever way how this protection could be circumvented.

Workaround

As the apps are downloaded via their official website, it's unlikely – but not guaranteed – they are expected to be non-malicious and a so called "false positive".

The Apps can be opened using the following manual steps:

1. Right-click the Application and choose "Open"
2. Confirm the additional warning shown

Affected applications

Affected applications are:

• Keka
• Transmission
• Nova
• (non conclusive)

Not affected Apps seem to be:

• 1Password Installer
• Spotify Installer
• Gas Mask
• (non conclusive)