Background: A month or so ago I purchased an app from a developer with (what seemed to me to be) a decent reputation. The app did not work as expected, so I reached out to tech support, who got back to me within a week with the response (all typos, grammar errors, and other verbal weirdness copied verbatim from the original):
Thank you so much for your kind feedback. And I am truly sorry for it takes a lof of time to locate the reason and find the solution. I
sincerely apology for the inconveniences has caused to you.Our DEV team make further diagnosis and find the solution for you.
Would you please give the customized version a try to solve thehttps://drive.google.com/file/[link redacted]
Please download and unzip it to give it a new try.
So, okay. I downloaded the file, unzipped it, and launched — only to get the error message:
[App name] is damaged and can’t be opened. You should move it to the Trash.
I wrote back to tech support, reporting the error message. They responded with the following instructions:
Thank you so much for your kind feedback. Given this rare situation,
would you please refer to below instructions to solve the problems?
Please find the "Terminal" option on your computer;
And then, please Please enter the path below:
sudo xattr -rd com.apple.quarantine / (App location)
After that, please enter the password of your computer. Then, you can
use it.
Now, I am almost completely UNIX-illiterate, and I am reluctant to enter any command into Terminal unless I know exactly what it is going to do — and this appears to be a command designed to turn off security measures. Moreover, a little bit of Googling suggests that this command, whatever it does, is usually recommended when getting a permission error (e.g. "You do not have permission to open the application"), which is not the error I am getting.
So my questions:
- What will this command do?
- Is it safe for me to execute it?
- Is it likely to help?
Best Answer
Breakdown of this command:
sudo xattr -rd com.apple.quarantine /path/to/app/location
sudo
: Execute the remainder of the command with superuser (root) privileges. More information:man sudo
xattr
: Show or modify extended filesystem attributes on a file or directory. Extended attributes are those that go beyond the standard POXIX user/group/other read/modify/write/execute permissions. More information:man xattr
-rd
: These are two separate flags/arguments that will be passed toxattr
.r
means that if you invokexattr
on a directory, the operation will be performed recursively on all files and directories contained within it. Since you are targeting an application, which is actually a bundle (i.e., a structured directory), this flag is necessary in order to reach all of the bundle's contents.d
means that the operation performed will be to delete the specified attribute from the file or directory.com.apple.quarantine
: This is another argument passed toxattr
. It specifies the name of the attribute to be operated upon (deleted, in this case). Thecom.apple.quarantine
attribute is the mechanism by which files downloaded from Safari and some other applications are marked as having been downloaded from the Internet (which is a potentially hostile environment), as opposed to coming from a presumably safe environment, like the Mac App Store or files that you've created yourself. When a user attempts to execute a quarantined binary for the first time, the kernel hooks into thequarantine.kext
kernel extension and the execution is gated by a UI interaction that presents the "This file was downloaded from the Internet. Are you sure you want to open it?" panel./path/to/app/location
: This is the final argument passed toxattr
. It specifies the file or directory whose attributesxattr
will read or modify.When put all together, this command says:
"For every file and folder inside
/path/to/app/location
, delete thecom.apple.quarantine
attribute. Do this all as the root user."Here is why you are being asked to run this:
So the above Terminal command by itself is a perfectly safe and reasonable thing to run on its own. However, in context, you need to be very vigilant: By first running this safe command and then running the app you downloaded, you are allowing a third-party developer to execute their code on your computer without successfully passing security checks - which you already know have failed.
Is this malicious? Impossible to know. The developer may be a totally sincere software engineer who has imperfect English and a buggy app that they are trying to collaboratively debug with you. Or it may be a shady developer who's trying to backdoor you. None of us can answer that for you here.
A couple of things you could do are:
log
command (seeman log
, but also know that this is on the developer to figure out for you).