Increasingly, and supposedly with Monterey, built applications by Vuo are being caught by GateKeeper and the user told “xxxx is damaged and can’t be opened. You should eject the disk image.” This can be fixed with a command line “xattr -cr …xxxx” but this is of course far from ideal.
What is the correct way to deal/avoid this?
The “xxxx is damaged and can’t be opened” may come up if you share an .app file over Dropbox or a similar service. You can avoid it by zipping the app file.
Another error that may come up is “xxxx can’t be opened because Apple cannot check it for malicious software”. If you have the option to share the app via Remote Desktop, File Sharing, or a USB flash drive, then you may be able to bypass Gatekeeper. Otherwise, the correct way to appease Gatekeeper is to code-sign, notarize, and staple the app. This requires a paid Apple Developer account and can be done via the command line. (Related feature request: Code sign and notarize exported apps.)
I’ve been creating DMGs.
Should I zip the DMG, or just supply the zipped app?
If you zip the app using Finder’s “Compress…” context menu item, it should preserve all the necessary metadata, so the app should then work if you share the app via Remote Desktop, File Sharing, or a USB flash drive, then the recipient uses macOS’s built-in Archive Utility to extract the zip. (3rd-party compressors and extractors might not work though.)
For DMGs, the “damaged” error could also come from how you’re copying the app into the DMG. We might be able to help if you can describe your full process step by step (or make a screen recording). Another thing you could do is look for any more detailed information in Console.app when the error pops up.