I have an Electron app that ships with some nested binaries. It is still correctly signing and notarizing, but some users are seeing a warning on Ventura. The app ships as a DMG. Because of some issues with path randomization, the first thing our app does is check if the app is running from /Applications and propmt to move . If the user double clicks on the app instead of moving it in the DMG's UI, they get this prompt. Once they move it to applications, they see a prompt "My App Name" was prevented from modifying apps on your Mac. Except my app was not prevented from modifying apps - it successfully moves to the /Applications directory. There is some other bizarre behavior associated with this: After seeing the warning, my app is added to "Privacy & Security > App Management" in settings with the box unchecked. However, future attempts to reproduce the bug above do not work untli this is removed from the list entirely. If I move the application out of the DMG to ~/Desktop, then start it, clicking 'move to applications' folder does not show the prompt What I have done to debug this: I think it has something to do with gatekeeper, because if I produce the DMG locally without downloading it from the internet I don't see the warning I've looked through console.app when the prompt shows up but haven't found much useful