An important change to Gatekeeper seen on 10.12 Sierra is described in the "Shipping your Signed Code" documentation.

Starting with Sierra, any newly downloaded application will be isolated to a read-only disk image to prevent access to the file system.

To whitelist the application, and obtain full access to the file system, the end-user must run the application from the /Applications folder. By moving the application to the /Applications folder and running it from there, the application is added to a whitelist and can then be moved to a different location on the same machine.

If the application is moved to a different machine, the quarantine will be enforced again until it is moved to the /Applications folder of the new machine.

This change of behavior affects all downloaded application on Sierra, including 4D apps downloaded from www.4D.com as well as your own application that you distribute to your end-user via download.

---

Often people will download an application, extract the application from the ZIP file, then run the application from the downloads folder. Sometimes the end-user may move the application to a different folder, perhaps a subfolder located inside of the /Applications folder.

If you do this on Sierra the application will be isolated to a read-only disk image which can affect the application.

The only way to get your application to have the regular access expected is to move the application to the /Applications folder (not a subfolder of the /Applications folder but the actual /Applications folder itself)

---

The easiest and best way to exempt yourself from this new behavior is to distribute your application as a Signed DMG or a Signed Installer created via Packages. This way the applicatication is not affected by the App Translocation.