macOS Gatekeeper Blocking Docker for Developers

The underlying cause for the recent surge in "Docker.app will damage your computer" warnings was a signing certificate that Docker had to revoke. This revocation led macOS's security systems, including Gatekeeper, to flag components like `com.docker.vmnetd` as potentially malicious because their certificate was no longer valid. Docker has since confirmed the issue was not due to malware and has released patches. On January 9, 2025, Docker addressed the problem by releasing Docker Desktop version 4.37.2, which contains a permanent fix. For users on older versions (4.32 through 4.36), specific patches were also made available to resolve the incorrect malware warnings. The recommended action for most developers is a full reinstallation of the latest version to ensure all components are correctly signed. This incident highlights the power of Apple's Gatekeeper, which performs online checks to verify if an app contains known malware or if the developer's signing certificate has been revoked. When a certificate is revoked, Gatekeeper can quickly block the associated software from running, treating it as untrusted even if it was previously notarized and deemed safe. The friction for developers is set to increase with the release of macOS Sequoia. Apple is tightening security by removing the ability to simply Control-click to override Gatekeeper for unsigned or unnotarized apps. Users will instead have to navigate to System Settings and explicitly approve an exception in the "Privacy & Security" panel. This stricter enforcement is part of a larger push by Apple to ensure all software distributed outside the Mac App Store is notarized. The notarization process involves an automated scan by Apple to check for malicious components before an app is distributed. For developers, this means the Hardened Runtime must be enabled and the application correctly signed with a valid Developer ID to pass these checks.