Early access · Summer 2026

Stop the "Apple could not verify" dialog, without disabling Gatekeeper.

A friend sends you a .docx over WhatsApp. You double-click it. macOS says it can't be verified and asks if you want to trash the file. The file is fine; Apple's scan just didn't finish. SafeOpen runs a real scan locally and hands the file to whichever editor you've picked.

You know the dialog I mean.

You double-click a .docx someone sent you on WhatsApp. macOS replies:

macOS alert
Apple could not verify "resume.docx" is free of malware that may harm your Mac or compromise your privacy.

[ Cancel ] [ Move to Trash ]

The file is fine. Apple's XProtect scan just couldn't finish in time, so macOS blocks the open. It will happen again tomorrow, and the day after, with the next doc someone sends you.

The workaround everyone posts on Stack Overflow is to run this in Terminal:

xattr -d com.apple.quarantine /path/to/file

It strips the quarantine flag so macOS stops asking. That's it. It doesn't actually scan anything. And you have to retype it every time, for every new file. Nobody's going to tell their parents to open Terminal.

What SafeOpen does.

You tell macOS that SafeOpen is the default app for, say, .docx files. Double-click a .docx from now on, and SafeOpen gets it first. It runs a local scan (see below for what that actually means), shows a one-line verdict, and if the file's clean it hands off to whichever editor you want to open it in: Word, LibreOffice, Pages, whatever you had set before. If the file's suspicious, you see what tripped the scan and decide what to do.

Two things to be clear about, because I've been told the earlier copy was fuzzy:

SafeOpen scans the file. The editor it hands off to is whatever you want; SafeOpen has nothing to do with which one you pick. "LibreOffice / Word / Pages" aren't features of SafeOpen, they're just example handoff targets.

"Office" at launch means OOXML. Specifically .docx, .xlsx, .pptx. Those are the ZIP-based Microsoft Office formats that also cover what LibreOffice and Google Docs export. OpenDocument (.odt, .ods, .odp) uses a similar container and lands a few weeks later. Legacy .doc/.xls/.ppt (pre-2007 binary CFB format) is v2.

Format coverage

"Open cleanly without the dialog" works for anything with a quarantine bit. Actual inspection ships in stages:

File type	v1 (launch)	Later
OOXML .docx · .xlsx · .pptx	Macro detection, embedded OLE, external-target refs, hash lookup
ODF .odt · .ods · .odp	Ships ~2 weeks after launch; same checks as OOXML
Legacy Office .doc · .xls · .ppt	Hash lookup + handoff	CFB parser, VBA extraction
PDFs .pdf	Hash lookup + handoff	JavaScript + embedded-object analysis
Archives .zip · .tar.gz · .7z	Hash lookup + handoff	Recursive scan of contents
Binaries & installers .dmg · .pkg · unsigned apps	Hash lookup + signature check	Mach-O inspection, entitlement review
Everything else	Hash lookup + handoff

Under the hood.

Closed-source security software is a big ask, so here's what's actually inside before you put an email in the box.

The scanner

For OOXML, SafeOpen unzips the container in memory and walks the parts that matter: word/vbaProject.bin (macros), any oleObject*.bin (embedded OLE), and the _rels entries (external-target refs that can auto-fetch on open). Files are also hashed (SHA-256) and checked against a local database. YARA rules run over the extracted content for known-bad patterns. It's not magic; it's what Microsoft's own AMSI integration and most enterprise mail scanners already do, just running locally on your Mac before the file opens.

The hash database

Sourced from MalwareBazaar (CC0, run by abuse.ch) plus a curated subset of InQuest's public indicators. Ships with the app, refreshed monthly via free app updates. It is not a full AV engine and I'm not going to pretend it replaces one. It catches commodity malware, not targeted attacks. If you're a journalist or activist being hunted by a nation-state, you need more than this.

Network

Zero outbound traffic in the scan path. No telemetry, no "anonymous usage stats", no phone-home. You can verify with Little Snitch or LuLu, or just run sudo tcpdump -i any host not 127.0.0.1 while you scan a file. The only network call in the entire app is the monthly "check for a new SafeOpen version" to the update server, and that's toggleable.

Open source

The scanner engine will be MIT-licensed on GitHub at launch, under the repo safeopen/scanner. That's the part that handles your files. The app shell around it (Launch Services wiring, UI, licensing) stays closed because packaging and signing it as open source is a separate chunk of work I don't want to block shipping on. If that's a dealbreaker for you, the scanner CLI will work standalone for free; SafeOpen-the-app is what you pay for if you want the seamless default-handler experience.

Who's building this

Me. One person. I ran into the dialog often enough to build a fix, then often enough to think other people would pay for it. I'll put my real name and GitHub on the launch page before asking for money. For the validation phase it's a solo side project; if it works I'll treat it like a real product. If it doesn't, I'll post the post-mortem instead of ghosting.

Pricing

$19 one-time

One payment, free updates as long as I maintain it. I picked $19 because it's enough to keep me shipping updates when the novelty wears off, and cheap enough that if it saves you one frustrating morning it's already paid for itself. If it's the wrong price, the signup list will tell me before I charge anyone.

Notarized by Apple (Developer ID)
No file uploads, no telemetry (verifiable)
Scanner engine open source at launch
macOS 13 Ventura and later
No account, no subscription, no "pro" tier
First 100 signups: free at launch

FAQ

How does the scan actually work?

For OOXML (.docx/.xlsx/.pptx): unzip the container, look at word/vbaProject.bin for macros, oleObject*.bin parts for embedded OLE, and the relationships XML for external-target refs that auto-fetch on open. SHA-256 hash check against a local DB (MalwareBazaar + InQuest), plus YARA rules for known-bad patterns. For other types at launch: hash + signature + handoff. It's not a full AV engine and I'm not going to market it as one.

Where does the threat database come from and how fresh is it?

MalwareBazaar (CC0) for the main hash set, plus a curated subset of InQuest's public indicators. Refreshed monthly via free app updates. Not as current as a cloud AV. The tradeoff is that nothing about your files leaves your Mac.

Is it actually open source?

The scanner engine, yes, MIT-licensed on GitHub at launch. That's the part that touches your files. The app shell (UI, default-handler wiring, licensing) stays closed because I'd rather ship than package both. If closed-source app shell is a dealbreaker, the scanner CLI will work standalone for free.

Does SafeOpen upload my files anywhere?

No. No file uploads, no telemetry, no "anonymous usage stats." The only network call is the monthly "check for a new version" ping, and that's toggleable. You can verify with Little Snitch, LuLu, or sudo tcpdump while you scan a file. I'd rather you verify than take my word for it.

Which editor does my file open in after the scan?

Whichever one you had as default before, or whichever you pick per file type in SafeOpen's settings. SafeOpen just scans and hands off. If you were opening .docx in Word, it still opens in Word. If in LibreOffice, still LibreOffice. SafeOpen doesn't view, edit, or touch the file's contents, just checks it.

Who's building this?

One person. Solo side project for now. I'll put my real name, photo, and GitHub on the landing page before launch asks anyone for money. If this doesn't work, I'll post why instead of ghosting the signup list.

Which formats does "Office at launch" actually cover?

Specifically OOXML: .docx, .xlsx, .pptx. These are the ZIP-based Microsoft Office formats, also what Google Docs and LibreOffice export by default. ODF (.odt/.ods/.odp) follows ~2 weeks after. Pre-2007 binary Office (.doc/.xls/.ppt) is later.

Will it keep working when Apple updates macOS?

SafeOpen uses standard Launch Services APIs. If Apple changes them, I update the app. Updates are free for everyone who bought it, forever. No annual renewal, no "pro" upgrade, no bait-and-switch.

Are updates really free forever? What's the catch?

No catch. Everyone who buys SafeOpen gets every future update for free, for as long as I maintain the app. If I ever need more revenue I'll raise the launch price for new buyers, not charge existing ones again. Scanner-engine updates, new file-type support, macOS compatibility fixes: all included.

What's the "first 100 signups get it free" offer?

A thank-you for betting on an unreleased app. The first 100 emails on the launch list get a free license at launch. No strings attached, no upgrade ask later.

Why not the Mac App Store?

Apple's sandbox is too restrictive for a default-handler app to work well. SafeOpen is distributed directly from this site. First launch will ask you to right-click → Open once; after that it's normal.

Drop your email if you'd use this.

This is a validation week, not a launch. If there's real demand I ship in a few weeks and the first 100 emails on the list get it free. If there isn't, I post what I learned and move on. Either way you get one email from me, not a newsletter.