Sweepfor Mac
Free Download

Privacy & permissions

How to Allow Apps From Anywhere on Mac (and the Trade-Offs)

Apple hides the 'Anywhere' option but it still exists. Here's how to enable it on macOS, what you give up, and why most users shouldn't.

9 min read

The “Anywhere” option for app installs was visible in older macOS versions. Apple removed the visible UI in macOS Sierra (2016) but the underlying capability is still there. You can enable it from Terminal, and a small subset of users — mostly developers and enthusiasts running unsigned tools — actually need to.

Here’s how to enable it, what it actually does, and the trade-offs you should think through first. Most users should leave it off.

What “Anywhere” actually changes

When Gatekeeper is set to App Store and identified developers (the default), opening an unsigned app triggers a block. You can right-click and choose Open Anyway, which records that one app as approved. Each unsigned app gets approved individually.

When Gatekeeper is set to Anywhere:

  • Unsigned apps open without any prompt
  • Apps with broken or invalid signatures open without prompt
  • Apps that failed notarization open without prompt
  • The first-launch security warning for downloaded items still appears (the quarantine attribute) but doesn’t block the launch

It does not disable:

  • The runtime hardened runtime checks
  • Code signing for system processes
  • SIP (System Integrity Protection)
  • The quarantine attribute (com.apple.quarantine)
  • Per-app privacy permissions (Camera, Mic, etc.)

So even with Gatekeeper at Anywhere, the rest of macOS’s security model is intact. What you’ve changed is which apps can run at all.

How to enable it

Open Terminal (/Applications/Utilities/Terminal.app or via Spotlight) and run:

sudo spctl --master-disable

You’ll be prompted for your administrator password. After running, the Anywhere option appears in System Settings → Privacy & Security under “Allow applications downloaded from.”

To select Anywhere:

  1. Open System Settings → Privacy & Security
  2. Scroll to “Allow applications downloaded from”
  3. The third option, “Anywhere,” now appears
  4. Select it

The setting takes effect immediately. Existing apps continue working as before; unsigned apps you launch in the future open without prompting.

How to undo

sudo spctl --master-enable

The Anywhere option disappears from System Settings, and the setting reverts to “App Store and identified developers” or whatever you had before.

You can also use System Settings to flip back to “App Store and identified developers” without running the Terminal command — but the Anywhere option will still appear in the dropdown until you re-enable Gatekeeper from Terminal.

Audit your permissions in one screenSweep shows every app’s permissions on one page. Revoke in one click. Get Sweep free →

Who actually needs this

A short list of legitimate use cases:

  1. Mac developers running their own debug builds. Your Foo.app straight out of Xcode is unsigned (if you haven’t bothered with a development cert). Anywhere lets you run it without right-clicking.

  2. Power users running niche unsigned tools. A handful of community-maintained utilities aren’t signed because the maintainer doesn’t have a Developer ID. You can right-click → Open Anyway each time, or set Anywhere once.

  3. Researchers and reverse engineers. Working with software that’s unsigned, modified, or otherwise non-standard.

  4. Specific corporate enterprise environments. Sometimes deploying internal-only software is easier with Anywhere than with managed signing certificates.

Outside those categories, you’re rarely well-served by Anywhere. The right-click → Open Anyway flow is a small annoyance per unsigned app, not enough to justify weakening the default protection.

What you give up

The costs of running with Anywhere:

  1. Notarization-scanned malware can run silently. Apple’s notarization pipeline catches a real percentage of known-bad software before it ships. Without notarization checks, that filter is gone for direct-download apps.

  2. Tampered or modified binaries can run. If a download was modified in transit (e.g., a compromised mirror), the original signing identity wouldn’t match. With Gatekeeper’s normal checks, that mismatch blocks the launch. With Anywhere, it doesn’t.

  3. Less friction means worse defaults for occasional risky downloads. The right-click → Open Anyway flow is intentionally a small speed bump that makes you think about whether you actually trust the download. Removing the speed bump removes the moment of pause.

  4. Self-protection wears off. Most users overestimate their ability to evaluate software trustworthiness. Gatekeeper exists partly because users routinely click “Open Anyway” for things they shouldn’t. Anywhere makes that easier still.

What it doesn’t change

Reassuring things about Anywhere:

  • Per-app privacy permissions (Camera, Mic, Photos, etc.) are unchanged. An unsigned app you run still has to ask for those.
  • The first-launch quarantine warning still appears for downloaded items (the file has a com.apple.quarantine extended attribute that triggers the warning).
  • System Integrity Protection still protects /System and other root areas.
  • Apple Silicon’s hardware-backed security (Secure Boot, etc.) is unaffected.

So Anywhere isn’t “everything goes.” It’s specifically a relaxation of which apps can launch, not a removal of the broader security model.

See what your apps actually accessSweep surfaces every camera, mic, file, and location permission on your Mac. Download Sweep free →

The middle path: per-app overrides

For most users who occasionally need to run an unsigned app, the per-app approval flow is the right approach:

  1. Try to open the app — Gatekeeper blocks it
  2. Open System Settings → Privacy & Security
  3. Scroll to the bottom — there’s an “Open Anyway” button for the specific app you tried to launch
  4. Click it, authenticate
  5. Try to open the app again — it opens

This grants the one app a permanent exception without weakening Gatekeeper for everything else. It’s the path Apple intended for occasional unsigned launches.

If you find yourself doing this multiple times a week, Anywhere is more honest than constantly bypassing. Once a month or less, the per-app override is fine.

What’s “notarization” specifically?

When a developer ships a Mac app, they sign it with their Developer ID. They then upload it to Apple, which scans the binary for known malicious patterns and runs it through automated checks. If clean, Apple “notarizes” the app and attaches a ticket — a small cryptographic blob — to the binary.

Gatekeeper looks for that ticket. If present and valid, the app gets the green light.

Notarization isn’t a code review (Apple doesn’t read the source). It’s a malware scan plus a developer-identity binding. It catches the obvious stuff — known malware families, banned APIs, certain anti-features — but isn’t a guarantee of safety.

You can check notarization status with:

spctl -a -vv /Applications/AppName.app

A notarized app shows “accepted source=Notarized Developer ID.”

Tip: Apple sometimes revokes the notarization of an app retroactively if a security issue is discovered. With Gatekeeper at the default setting, those revoked apps stop launching. With Anywhere, they continue running. Worth knowing if you're considering Anywhere for long stretches.

Code signing details

You can inspect any app’s signing with:

codesign -dv --verbose=4 /Applications/AppName.app

You’ll see:

  • Authority chain (who signed it, all the way up to Apple’s root)
  • The hash algorithm
  • The team identifier
  • Various flags

A well-signed, well-notarized app from a known developer has a long, clean Authority chain ending in Apple’s Developer ID Certification Authority. An unsigned app says “code object is not signed at all.” A self-signed app shows a single self-signed authority.

Reading these isn’t necessary for daily use, but if you’re considering whether to trust a particular app, it’s a reasonable sanity check.

What if you’ve turned Anywhere on and want to be safer again?

Run sudo spctl --master-enable in Terminal. Set Gatekeeper back to “App Store and identified developers” in System Settings. Existing installed apps continue working — Gatekeeper only checks at launch time, and apps you’ve already approved stay approved.

If you want a hardline reset, you can clear the Gatekeeper approval database:

sudo spctl --reset

This makes every app that was previously approved go through the prompt again the next time you launch it. Heavy-handed but works.

Audit checklist

A decision, not a recurring audit:

  • Decide whether you actually need Anywhere (developer, power user, researcher)
  • If yes, run sudo spctl --master-disable in Terminal
  • Set Gatekeeper to Anywhere in System Settings
  • Document for yourself when you’ll switch back
  • If no, keep the default and use per-app Open Anyway for one-offs

Skip System Settings — see it all at onceSweep collapses the privacy maze into one screen. Try Sweep free →

The Anywhere setting exists for good reasons but isn’t the right default for most people. The right-click → Open Anyway per-app flow handles 99% of the legitimate “I need to run this unsigned thing” use cases without weakening protection across the board. If you’re running so many unsigned tools that the per-app flow is friction, then enable Anywhere consciously and own the trade-off — and consider re-enabling Gatekeeper when you don’t need the relaxed setting anymore.

← Back to all guides