[1][2] It enforces code signing and verifies downloaded applications before allowing them to run, thereby reducing the likelihood of inadvertently executing malware.

[7] In the security & privacy panel of System Preferences, the user has three options, allowing apps downloaded from:

The command-line utility spctl provides granular controls, such as custom rules and individual or blanket permissions, as well as an option to turn Gatekeeper off.

In macOS Sierra, this allows developers to guarantee the integrity of all bundled files and prevent attackers from infecting and subsequently redistributing them.

Security researcher Chris Miller noted that Gatekeeper will verify the developer certificate and consult the known-malware list only when the application is first opened.

[15] With path randomization and signed disk images, Apple provided mechanisms to mitigate this issue in macOS Sierra.

[16] In 2022, a Microsoft researcher shared a vulnerability that abuses the AppleDouble format to set an arbitrary access-control list to bypass Gatekeeper.