Downloading Mac apps outside the App Store isn’t the problem. The wrong source is.
While the Mac App Store is the safest place to download software, many legitimate Mac apps are also available through developer websites and software marketplaces.
The bigger risk is downloading from sources you don’t know or can’t verify. Unofficial download sites, fake app pages, modified installers, and sites offering pirated or “cracked” apps — paid apps that have been changed to work for free — can expose your Mac to malware, privacy risks, and unwanted programs.
macOS includes built-in protections that can warn you about some unsafe apps and block others before they run. These protections reduce the risk, but they don’t always catch everything.
This guide explains the risks of using third-party Mac app stores, how to tell whether an app source is trustworthy, and steps to take before installing from a marketplace.
Some third-party Mac app stores are safe to use, especially if they clearly show who made each app, provide regular updates, and offer apps that have passed Apple’s basic security checks. That said, they generally carry more risk than the Mac App Store or a developer’s official website.
The sources to watch out for are unofficial marketplaces and download sites that offer outdated apps, bundle software with malware, or share modified, cracked, or pirated versions of legitimate apps. These sources are more likely to expose your Mac to security or privacy problems.
If you download apps outside the Mac App Store, stick to trusted developers and reputable software sources whenever possible. The more trustworthy the source, the lower the risk.
A third-party app store is any place you can download Mac apps outside of Apple’s official Mac App Store. Apps in the Mac App Store have to go through Apple’s review process before users can download them, which adds an extra layer of screening.
Many developers also make their apps available on their own websites. These downloads are outside the Mac App Store, but they come directly from the software creator, so they’re generally safer than downloading from an unknown source.
Other third-party sources can range from trusted app marketplaces to general download sites with very little screening. The riskiest ones are unofficial download sites, fake app pages, and websites that offer pirated or cracked software. These sites may distribute modified apps, outdated versions, or installers that contain malware, adware, or other unwanted software.
The main reason is that some legitimate Mac apps simply aren’t available in the Mac App Store. Some developers sell their software directly, need features the App Store doesn’t support, or prefer to manage their own updates. This is most common with software like:
Mac users have always been able to install apps from outside the App Store. It’s a normal part of using a Mac, but it does come with extra risk if you download software from an untrusted source.
Not every third-party app store is unsafe, but most don’t have the same checks as the Mac App Store. That’s why it helps to know the main warning signs.
Some download sites don’t offer the app exactly as the developer created it. Instead, they may package the app with extra software, browser extensions, ads, or other unwanted programs.
Even if the app itself is legitimate, these added extras can create security, privacy, or performance problems. Whenever possible, download apps directly from the developer’s website or use a trusted store that provides the original version.
If a normally paid app is being offered for free through an unofficial source, that’s a major warning sign.
Pirated or cracked Mac apps are a common way malware can reach Macs. They may contain spyware, password-stealing software, or other hidden threats.
Many also require you to disable macOS security features before installing them, which can leave your Mac even more vulnerable. If an offer seems too good to be true, it usually is.
Using outdated software can expose your Mac to security flaws that attackers already know how to use. A trustworthy source should provide the latest version of an app and make it easy to receive future updates.
Many software download sites rely on advertising. In some cases, multiple download buttons appear on the same page, making it difficult to tell which one downloads the app you want.
Clicking the wrong button can lead to unwanted software, confusing installer programs, or potentially harmful downloads. If you’re unsure which button is genuine, go directly to the developer’s website instead.
Some apps request permission to access things like your files, camera, microphone, location, browser data, or system settings.
In many cases, these permissions are legitimate. For example, a video-calling app needs access to your camera and microphone. But if a simple calculator app wants access to your personal files, that should raise questions. When a pop-up asks for access, it’s worth pausing to see if the request fits what the app actually does.
Some unsafe sites go to great lengths to look official, copying logos, designs, and even fabricating reviews to look trustworthy.
To avoid being misled, check the website address carefully. It should match the developer’s official website exactly — not a lookalike address with extra words or hyphens.
If you’re unsure, don’t rely on search ads or download pages you land on through sponsored results. Instead, go directly to the developer’s website or cross-check the link from their official social media page.
Apple includes several built-in Mac security features that help make downloading apps outside the Mac App Store safer. These tools can catch many common threats, but they aren’t perfect.
Gatekeeper is macOS’s first line of defense against potentially unsafe software. When you download apps outside the Mac App Store, Gatekeeper checks whether it comes from an identified developer and whether it passes Apple’s security checks.
If the app fails these checks, macOS may display a warning or prevent it from opening.
Developer ID and code signing help macOS check that an app came from the developer it claims to come from and hasn’t been changed since it was released.
When developers distribute apps outside the Mac App Store, they can register with Apple to digitally sign their software. If that signature is missing or doesn’t match, macOS may warn you before letting the app open.
Before many apps can be distributed outside the Mac App Store, developers submit them to Apple for a process called notarization.
During notarization, Apple automatically scans the software for known malware and checks that it has been properly signed by the developer. If the app passes, macOS can see that Apple has checked it.
A notarized app is generally safer than one that isn’t notarized, but notarization isn’t the same as App Store review. App Store review looks more closely at an app’s behavior, privacy policy, and quality. Notarization is mainly focused on known malware and whether the app has been changed.
If macOS tells you that an app can’t be verified or comes from an unidentified developer, don’t ignore the warning.
It doesn’t necessarily mean the app is malicious. Some legitimate developers haven’t gone through Apple’s app verification process, and older apps may also trigger warnings.
Before continuing, make sure you know who created the app and that you’re downloading it from the developer’s official website. It’s also worth understanding why macOS is showing the warning.
macOS can help protect you from unsafe third-party apps by warning you about apps from unknown developers, apps that have been changed, and apps that fail Apple’s security checks. These protections reduce the risk, but they can’t guarantee that every app outside the Mac App Store is safe.
Code signing and notarization are helpful security checks, but they aren’t a full review of an app’s security, privacy practices, or overall quality.
When an app is both signed and notarized, it usually means:
These are good signs, but they don’t make an app automatically safe. A signed or notarized Mac app can still have privacy concerns, security flaws, or intrusive permissions. An app may be signed by a legitimate developer but collect more data than you’d expect, or receive an update later that changes its behavior.
That’s why it’s worth also checking:
Before downloading an app from a third-party source, take a few minutes to verify that the store and the app are trustworthy. No single check can guarantee safety, but the more positive signals you find, the lower the risk is likely to be.
Use this checklist before installing any app from outside the Mac App Store:
Spotting a dangerous download site early can save you from a major security headache. Keep a close eye out for these warning signs when browsing third-party app sources:
If you notice several of these warning signs together, it’s usually best to avoid the download and get the software directly from the developer’s official website instead.
No, they’re not the same. Alternative app marketplaces for iPhone and iPad are separate from third-party Mac app stores, and Apple only allows them in certain regions under specific rules. Mac users, however, have long been able to install apps from outside the Mac App Store.
Apps distributed through iOS or iPadOS alternative marketplaces may still need to meet Apple’s notarization requirements for those platforms, but that is separate from downloading Mac apps from third-party websites or marketplaces. The biggest difference is how much structure and control is built into each system. On iOS, alternative app stores still operate within rules set by Apple, even if they’re outside the main App Store.
On Mac, there isn’t one central system controlling all third-party app downloads like there is on iPhones or iPads. Because of that, some third-party Mac app stores may offer notarized apps, but others may not.
Safety depends much more on your judgment — like whether the app comes from a trusted developer and whether it’s properly signed and notarized.
Whether it’s Mac or iOS, what matters most is who made the app and where you’re downloading it from. A legitimate developer’s app can still be modified or repackaged when offered through the wrong source.
If you think you may have installed an untrusted or unsafe app, act quickly. The goal is to stop the app from doing more harm and check whether it changed anything on your Mac.
A third-party Mac app store can be a reasonable choice if it clearly identifies the developer, provides honest company information, and makes it easy to check whether apps are signed and notarized. These are signs that the store cares about what it distributes.
That said, the Mac App Store and official developer websites are still the safest places to download Mac apps. Apple reviews apps in the Mac App Store, and official websites make it easier to confirm you’re downloading directly from the developer. Both also tend to provide more reliable updates and stronger security protections.
The Mac App Store alternatives to be most cautious about are those that hide developer identity, offer cracked or modified software, or distribute apps that trigger macOS security warnings. If macOS displays a warning about an app from any source, treat it as a signal to investigate rather than something to dismiss.
Third-party Mac app stores can be risky because they may distribute modified installers, outdated app versions, or software bundled with unwanted programs. Some sources also host cracked or pirated Mac apps, which often carry malware.
Yes, Mac users can install apps from outside the Mac App Store, but legality depends entirely on the software, its licensing, and its distribution source. Downloading pirated or cracked software is neither legal nor safe, regardless of the source.
Safe platforms will usually identify the developers, link directly to their official websites, and provide software that has been officially registered and checked by Apple. If a site hides developer details, uses fake download buttons, or offers paid software for free, it’s usually best to stay away.
No, Apple doesn’t officially approve any third-party app store for Macs. While they support alternative app marketplaces on iPhones and iPads, that change only applies to specific regions.
Yes, some reputable third-party sources distribute software that has been properly signed by the developer and notarized by Apple.
Yes. Gatekeeper may block third-party Mac apps from unidentified developers, as well as apps that lack a valid code signature or have been altered since they were signed.
