What does Mac Gatekeeper do?

Apple has carved itself a niche amongst tech companies in recent years as being the vendor most concerned about its users’ security and privacy. It has implemented a number of features in recent versions of macOS, such as code-signing and sand boxing that are designed to provide greater protection for users’ data. And Gatekeeper is another example of that. Here’s how to use Gatekeeper on your Mac.

What is Gatekeeper?

Gatekeeper is the name Apple gives to technology that works behind the scenes in macOS, to limit what can be installed on your Mac. By default it allows only apps downloaded from Apple’s own AppStore to be installed, though you can change that to allow apps from recognized developers as well. Recognized developers are those who have signed their code and whose signature Apple recognizes.

If you want to install an app from a developer who is not ‘recognized’, you can but you’ll have to override Gatekeeper. The point is to make you think twice before installing anything that may damage your Mac.

Apple doesn’t explain exactly how Gatekeeper works, with good reason – if it did, it would be easier to circumvent.

Why is Gatekeeper important?

Much of the malware that finds its way onto Macs comes in the form of fake downloads or bundled applications. In both cases, the apps that are installed are not those that users think they are installing. By preventing them being installed by default, and forcing you to manually enable installation, macOS is alerting you to their attempt to install and giving you the chance to block them. 

Even with Gatekeeper enabled, potentially unwanted programs (PUPs) still find their way onto Macs, by disguising themselves as part of another application and using that application’s override.

Are there any problems with Gatekeeper?

The only issue is that Gatekeeper prevents all apps that haven’t been code-signed by recognized developers from being installed by default. In some cases that means that perfectly legitimate apps are blocked. In those cases, you can override Gatekeeper and manually allow them to be installed. It’s an inconvenience, but not a big problem.

How to find your undocumented apps?  Not all the apps and programs installed on your Mac are living in your Applications folder. In fact not all of them are clearly visible.

However, there is a way to check which apps are installed with CleanMyMac X. You can use its Uninstaller and Launch Agents utilities to see exactly what is installed on your Mac and, if you want, uninstall anything at the press of a button.

  1. Install, and launch CleanMyMac X — a link to a free edition of the app
  2. Choose Uninstaller from the sidebar.
  3. Scan the list of apps in the main window. If there are any you don’t recognize or didn’t intend to install, decide whether you want to keep them.
  4. If you want to uninstall an app, check the box next to it and press Uninstall

Now, go to the Optimization tab and choose Launch Agents.

To disable a launch agent, click the green dot to the right of it.
To disable a launch agent, check the box next to the launch agents you want to remove.

How to use Gatekeeper on Mac

  1. Go to the Apple menu and choose System Preferences.
  2. Click on the Security & Privacy pane.
  3. Choose the General tab.
  4. Click on the padlock and type in your admin username and password.
  5. You’ll see two options at the bottom of the window under ‘Allow apps downloaded from’. Choose the one you want.
  6. If you try to download an app that’s not from the App Store (or an identified developer if you chose that option), you’ll see a warning dialog. You can then choose to override Gatekeeper and install the app.

There’s no way to turn Gatekeeper off completely, so you’ll need to manually override it each time you install an app that’s not from an identified developer.  You should take a few seconds to think about the app you’re installing before you give it permission to install. As we said earlier, many potentially unwanted programs are installed on Macs because users gave permission to install an app that wasn’t the one they thought they were installing.

According to presentations at the Mac malware conference, Objective by the Sea, up to 20% of Macs have been affected by potentially unwanted programs, which is a form of malware.

If you’re worried about malware on your Mac, there’s a very quick and easy to check for it, using CleanMyMac X’s Malware Removal tool. It scans your Mac and compares what it finds with its database of known malware. If it finds a match, it will alert you and offer to remove it. Here’s how to use it:

  1. Download, install, and launch CleanMyMac X
  2. Choose Malware Removal from the sidebar on the left.
  3. Press Scan.
  4. Hopefully you’ll get a message telling you your Mac is clean.
  5. If not, you can remove the malware by pressing Remove.

It’s worth scanning your Mac for malware once a month or so, that way you can be sure it’s always clean. Never overriding Gatekeeper isn’t a guarantee of staying safe and secure. So, don’t rely on it to keep you safe from malware. Be vigilant, think about what you’re downloading, and make sure you know what is being installed on your Mac.

To conclude, Gatekeeper is a tool Apple built into macOS to limit the apps that can be installed on your Mac. By default it will only allow you to install apps from the App Store, but you can set it in System Preferences so that it also allows you to install apps from identified developers. To install apps from other developer, you’ll have to override Gatekeeper by giving those apps permission to install when you’re prompted.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.