macOS often shows this message:
App is damaged and should be moved to the Trash.
But most of the time, the app is just unsigned — not actually damaged.
This repo collects real-world cases, time lost, and proposes a fix.
https://github.com/milisp/misleading-macos-damaged-warning
daviddever23box · 1d ago
How is it costing the ecosystem? And why is this any different than Windows, for example?
And - if you cannot afford a $99 / yr developer ID, how could you possibly afford a signing key for Windows or other platforms?
milisp · 1d ago
Thank you for the thoughtful questions!
Why It’s Different From Windows
On Windows, unsigned apps usually trigger a “Unknown Publisher” warning, which:
- Clearly labels the app as unsigned — not “damaged”
- Still allows the user to easily override the warning and open the app
- Doesn’t falsely imply the app is corrupted
On macOS, the message is:
“App is damaged and should be moved to the Trash”
This:
- Strongly implies the app is broken or dangerous
- Misleads non-technical users into deleting safe software
- Can trigger across all user files or multiple apps after updates, as seen in real cases
Cost to the Ecosystem
It’s not just about the $99/year:
- Small devs, educators, hobbyists, open-source projects often can’t justify the fee for a free tool
- Explaining this to every user takes hours of support time
- Thousands of safe apps are abandoned or ignored due to the scary warning
- Users lose trust in perfectly good software
We’ve estimated:
- Over 1 million users have abandoned apps due to this message
- Devs waste millions of dollars worth of time explaining workarounds
The Goal Here
We’re not asking Apple to remove security — just to make the message accurate.
Changing “damaged” to something like:
“App is not signed and may be from an unknown developer”
…would solve 90% of the confusion, with no loss in security.
milisp · 1d ago
This isn’t just about me — it’s about a misleading message that affects thousands of developers and users.
Even if I pay $99, the warning remains a problem for the entire open-source and indie dev ecosystem.
And - if you cannot afford a $99 / yr developer ID, how could you possibly afford a signing key for Windows or other platforms?
Why It’s Different From Windows
On Windows, unsigned apps usually trigger a “Unknown Publisher” warning, which: - Clearly labels the app as unsigned — not “damaged” - Still allows the user to easily override the warning and open the app - Doesn’t falsely imply the app is corrupted
On macOS, the message is:
“App is damaged and should be moved to the Trash”
This: - Strongly implies the app is broken or dangerous - Misleads non-technical users into deleting safe software - Can trigger across all user files or multiple apps after updates, as seen in real cases
Cost to the Ecosystem
It’s not just about the $99/year: - Small devs, educators, hobbyists, open-source projects often can’t justify the fee for a free tool - Explaining this to every user takes hours of support time - Thousands of safe apps are abandoned or ignored due to the scary warning - Users lose trust in perfectly good software
We’ve estimated: - Over 1 million users have abandoned apps due to this message - Devs waste millions of dollars worth of time explaining workarounds
The Goal Here
We’re not asking Apple to remove security — just to make the message accurate.
Changing “damaged” to something like:
“App is not signed and may be from an unknown developer”
…would solve 90% of the confusion, with no loss in security.
https://github.com/milisp/misleading-macos-damaged-warning