Apps downloaded via curl bypass Gatekeeper even with "App Store only" security setting

Question

Level 1

14 points

Apps downloaded via curl bypass Gatekeeper even with "App Store only" security setting

I noticed that apps downloaded via curl in Terminal can be opened despite my security settings being set to "App Store only." When I download an app with Safari, I get the expected block: "App can't be opened because it was not downloaded from the App Store."

But the same app downloaded via curl opens without any warning. I checked and the difference is the com.apple.quarantine extended attribute - curl doesn't add it.

Is this expected behavior? It seems like a security gap since Gatekeeper can be bypassed simply by using Terminal to download apps.

macOS version: Tahoe (Darwin 25.2.0)

Posted on Nov 30, 2025 6:08 PM

Reply

Answer 1

Nov 30, 2025 6:26 PM in response to Atrox1

Yes — this is expected behavior, and it is not considered a security gap by Apple.

It’s confusing, but it’s how Gatekeeper has officially worked for years.

Reply

Answer 2

Nov 30, 2025 9:55 PM in response to Atrox1

I don't see it as a security issue or risk. Stop using cURL if it bothers you.

Use your GUI interface if you want to see the alert; Change your user setting if you don't want to see the alert.

ref: Safely open apps on your Mac - Apple Support

Reply