Before opening downloaded software for the first time, macOS requests your approval to make sure you aren’t misled into running software you didn’t expect. By default, macOS Catalina and later also requires software to be notarized, so you can be confident that the software you run on your Mac doesn't contain known malware.
When you install Mac apps, plug-ins, and installer packages from outside the App Store, macOS checks the Developer ID signature to verify that the software is from an identified developer and that it has not been altered. If you download and install apps from the internet or directly from a developer, macOS continues to protect your Mac. If there’s ever a problem with an app, Apple can quickly remove it from the store. Apple reviews each app in the App Store before it’s accepted and signs it to ensure that it hasn’t been tampered with or altered. The safest place to get apps for your Mac is the App Store.
