Notarize an application without installer

I have an application which is distributed without an installer. Just a .zip is given to the users which contains the .app structure of the application. The application is signed with a valid Developer ID and the .zip has been notarized successfully. When I run the security check with the the command spctl -a -vv -t execute the response is "accepted". However this doesn't seem to be a valid check because also old version of the application (without notarization) obtain the same response. The problem is that when the .zip is downloaded this is flagged with the attribute com.apple.quarantine and when the user double click on the .app an error message is shown: *The application MyApp.app can't be opened*. The only way to run the application is manually remove the flag and set the executable permission to the binary. 1. How can I avoid these manual steps without creating a .pkg of the application ? 2. Why Gatekeeper doesn't trust the application which is signed and notarized ?