Relatively quickly with a few searches, we figure out that GateKeeper was the messenger, but why was she being so harsh? Our apps are unsigned (a signature improvement slated for the next release), but damaged? I was offended.
As it turns out, Apple has a decent support article that explains why you might get a "damaged..." message versus GateKeeper's standard message warning the user that the application is unsigned.
The answer to softening GateKeeper's tone (AKA getting her to only prompt with a security message rather than a "damaged" message) lies within the info.plist file within the .app. Kurtis, our .app builder, found that if he sets the following values, then the .app reverts to being a harmless unsigned .app.
<key>CFBundleSignature</key>
<string>????</string>
I hope this solution saves someone else the heartache of deploying a"damaged" .app file.
kindest regards,
Gretchen