ErrorNotes

Fix "App is Damaged and Can't Be Opened" on macOS

beginner๐ŸŽ macOS2026-03-19| macOS Catalina (10.15), Big Sur (11), Monterey (12), Ventura (13), Sonoma (14) โ€” affects apps downloaded from the internet or transferred via USB/AirDrop

Error Message

"App" is damaged and can't be opened. You should move it to the Trash.
#macos#damaged-app#gatekeeper#quarantine

TL;DR

Run this in Terminal, then try launching the app again:

xattr -cr /Applications/YourApp.app

That clears the quarantine flag macOS put on the app. Works 90% of the time.

What's actually happening

Every file you download from the internet gets tagged with a hidden extended attribute called com.apple.quarantine. macOS adds this flag automatically โ€” you never see it happen. When you double-click the app, Gatekeeper reads that flag and checks the app's code signature against Apple's notarization database.

That error fires when Gatekeeper fails the check. The usual culprits:

  • The app was downloaded outside the Mac App Store and isn't notarized
  • The quarantine attribute is present but the signature check returns an error (common with older apps or apps distributed via direct download)
  • The app was copied from another machine, USB drive, or via AirDrop, which can corrupt the quarantine metadata
  • A macOS update tightened Gatekeeper rules, blocking apps that worked perfectly before

The app is almost never actually damaged. The binary is fine. macOS is just being overly cautious.

Fix 1: Remove the quarantine attribute (recommended first step)

Open Terminal and run:

xattr -cr /Applications/YourApp.app

The -c flag strips all extended attributes. The -r flag makes it recursive โ€” it hits every file inside the .app bundle, not just the top-level package.

If the app isn't in /Applications, adjust the path:

xattr -cr ~/Downloads/YourApp.app

Shortcut: type xattr -cr (with a trailing space), then drag the .app directly onto the Terminal window. The path fills in automatically.

Verify: Confirm the quarantine attribute is gone:

xattr /Applications/YourApp.app

If com.apple.quarantine no longer appears in the output, the flag was cleared. Try launching the app.

Fix 2: "Open Anyway" in System Settings

Prefer not touching Terminal? The GUI route works too:

  • Try to open the app โ€” macOS will block it and show the error dialog
  • Open System Settings โ†’ Privacy & Security (or System Preferences โ†’ Security & Privacy on older macOS)
  • Scroll down to the bottom of the Privacy & Security section
  • You'll see a message like "YourApp was blocked from use because it is not from an identified developer"
  • Click Open Anyway
  • macOS will ask you to confirm โ€” click Open

Clicking Open Anyway registers a permanent exception in Gatekeeper. You won't be prompted again for that app.

Fix 3: Right-click open (bypass first-launch check)

Sometimes a simple right-click workaround does the trick without touching the terminal:

  • Right-click (or Control-click) the app
  • Select Open from the context menu
  • Click Open in the confirmation dialog

This only works once โ€” after that, the app launches normally. But it doesn't always work when the error says "damaged" specifically; Fix 1 is more reliable in that case.

Fix 4: Re-download the app

Still stuck after all that? The app archive itself might genuinely be corrupted:

  • Delete the current copy and download it fresh from the official source
  • If it came in a .dmg or .zip, compare the checksum against what the developer publishes
# macOS native
shasum -a 256 ~/Downloads/YourApp.dmg

# Alternative (requires GNU coreutils via Homebrew)
sha256sum ~/Downloads/YourApp.dmg

Paste the output next to the checksum on the developer's download page. If they don't match, the file is corrupt โ€” download it again.

Fix 5: Temporarily disable Gatekeeper (use sparingly)

Running a batch of unsigned internal tools in a dev environment? You can disable Gatekeeper globally:

sudo spctl --master-disable

This flips System Settings โ†’ Privacy & Security โ†’ Allow apps downloaded from to Anywhere. Apple hides that option in the UI, but the CLI exposes it.

Re-enable when done:

sudo spctl --master-enable

Don't leave Gatekeeper off. It's your first line of defense against unsigned malware.

Checking an app's signature yourself

Want to know exactly why Gatekeeper is rejecting an app? These three commands tell you everything:

# Check code signature
codesign --verify --deep --strict --verbose=2 /Applications/YourApp.app

# Check notarization status
spctl --assess --verbose /Applications/YourApp.app

# List all extended attributes
xattr -l /Applications/YourApp.app

If spctl returns rejected, the app isn't notarized โ€” Fix 1 or Fix 2 is your path. If codesign shows invalid signature errors, the bundle itself may be genuinely corrupt and you need to re-download.

Why this happens more on Apple Silicon (M1/M2/M3)

M-series Macs run stricter Gatekeeper checks than Intel Macs ever did. Intel-only apps on Apple Silicon have to go through Rosetta 2 โ€” and if they also have a quarantine flag problem, you hit the damaged error on top of the architecture mismatch. Fix 1 still resolves it. If the developer never shipped a universal binary or an Apple Silicon native build, the app may not run at all regardless of what you do with quarantine flags.

Verification summary

  • After xattr -cr: run xattr /Applications/YourApp.app โ€” com.apple.quarantine should not appear
  • After "Open Anyway": app should launch without any dialog
  • After re-download: shasum -a 256 output matches the checksum on the developer's site

Related Error Notes

Fixing 'zsh: bad CPU type in executable' on Apple Silicon Macs

zsh: bad CPU type in executable: ./filename

Fix 'extra characters at the end of L command' in sed -i on macOS

sed: 1: "filename": extra characters at the end of L command

Fixing 'ssl.SSLCertVerificationError: certificate verify failed' on macOS

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)