User profile for user: Atrox1
Atrox1 Author
User level: Level 1
14 points

Apps downloaded via curl bypass Gatekeeper even with "App Store only" security setting

 I noticed that apps downloaded via curl in Terminal can be opened despite my security settings being set to "App Store only." When I download an app with Safari, I get the expected block: "App can't be opened because it was not downloaded from the App Store."


But the same app downloaded via curl opens without any warning. I checked and the difference is the com.apple.quarantine extended attribute - curl doesn't add it.


Is this expected behavior? It seems like a security gap since Gatekeeper can be bypassed simply by using Terminal to download apps.


macOS version: Tahoe (Darwin 25.2.0)

Posted on Nov 30, 2025 6:08 PM

Reply
2 replies

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Apps downloaded via curl bypass Gatekeeper even with "App Store only" security setting

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up