Clario’s MacKeeper
Several weeks ago, I expressed surprise that MacKeeper had now been notarized. Following discussions with the good folk at Clario who now own and develop this product, and in the spirit of fairness and objectivity, this article looks at the current version of MacKeeper, at what it does, and how it has changed.
[…]
The most obvious question is why, under its new ownership, anyone would want to continue selling a product, however good it might be, under a name which to many of us is synonymous with PUP.
It’s a good question. It sure seems suspicious that the notarized installer package is just a shell that downloads an encrypted binary and sends your Mac’s serial number to their server over an unsecured connection. However, I verified that the final .app file that you end up with is notarized.
Alun Baker has explained that Apple wasn’t prepared to let MacKeeper simply undergo its normal notarization checks, and looked thoroughly at historical issues such as Clario’s business associates and marketing methods as well.
What does this mean? I thought we were told that notarization was a purely automated system, not a way of extending App Review outside of the Mac App Store. Baker seems to be saying that Apple wouldn’t notarize the binary without first investigating historical non-code aspects of the business. That’s really scary. But then, if that’s the standard, how did an app with MacKeeper’s history pass? If Apple was concerned about the history, Clario’s argument would have to be that they’ve changed their ways. Regardless of their intentions, Clario would say that they have. Yet that can only be assessed after the app becomes available and we see what they do with it. So what did this extra review accomplish?
Previously:
- 2020 State of Mac Malware
- MacKeeper Threatens YouTube Video Maker
- MacKeeper Exposes Data on 13 Million Customers
- DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability
- MacKeeper
Update (2020-06-03): See also this thread with Jeff Johnson.
Update (2021-11-26): Lance Whitney:
The new owner has pulled back on the aggressive marketing schemes and rid itself of dubious affiliates. The software itself received a good grade from AV-Test as well as ISO 27001 certification and notarization from Apple. Assuming the company and product have learned from past mistakes, is it worth giving the suite another shot at this point?
Calling Clario a “new owner” is a bit of a stretch. Look at the C-level execs of Clario, and you’ll notice they were once the C-level execs of Kromtech. Clario is nothing more than a whitewash to cover up the past.
Ask yourself why any legitimate company would acquire a product with a super scummy reputation. It would be insanity.