[derefr]

Presumably because you have Gatekeeper set to "Allow applications from: App Store" rather than "Allow applications from: App Store & Known Developers".

This is just Gatekeeper asking you which code-signing CA certs you want to mark as trusted in its kernel-internal trust store (which is, FYI, a separate thing from the OS trust store): do you want just the App Store CA to be trusted? Or do you also want the Apple Developer Program's "Self-Published App" Notarization CA to be trusted?

Choosing which code-signing CA-certs to trust will, obviously, determine which code-signed binaries pass certificate validation. Just like choosing which TLS CAs to trust, determines which websites pass certificate validation.

Code-signing certificate validation doesn't happen online, though. Just like TLS certificate validation doesn't happen online. It's just a check that the cert you have has a signing path back to some CA cert in the local trust store.

[sooheon]

I have the latter Gatekeeper option, and I often have to click "Allow anyway". I don't see how being forced to click an extra button in a preference pane makes things more secure.

[derefr]

If you're getting the Gatekeeper dialog with the "Open anyway" button (the "Apple cannot verify that this app is free of malware" alert), then this is a specific case: you're on Catalina or later, and the app you're using has a valid code-signature but hasn't been notarized.

This warning only triggers for legacy releases of apps, published before notarization existed. Since Catalina, notarization has been part-and-parcel of the same flow that gets the self-published app bundle code-signed by Apple. AFAIK it is no longer possible to create a code-signed but non-notarized app bundle through XCode. (It's probably still possible by invoking `codesign` directly, and third-party build systems might still be doing that... but they really shouldn't be! They've had years to change at this point! Catalina was 2019!)

Thus, the "Open anyway" option in this dialog is likely transitional. This warning is, for now, intended to not overly frighten regular users, while also indicating to developers (esp. the developer of the app) that they should really get out a new, notarized release of their app, because maybe, one day, this non-notarized release of the app won't be considered acceptable by Gatekeeper any more.

I'm guessing that once a sufficient percentage of apps have been notarized, such that macOS instrumentation reports this dialog being rarely triggered, the "Open anyway" option will be removed, and the dialog will merge back into the non-code-signed-app version of the dialog that only has "Cancel" and "Move to Trash" options. Though maybe in this instance, the dialog would have the additional text "Please contact the app developer for a newer release of this app" (because, unlike with an invalid digital signature, macOS wouldn't assume the app is infected with malware per se, but rather just that it might do low-level things [like calling private OS frameworks] that Apple doesn't permit notarized apps to do.)