Tuesday, June 2, 2020 [Tweets] [Favorites]

Clario’s MacKeeper

Howard Oakley:

Several weeks ago, I expressed surprise that MacKeeper had now been notarized. Following discussions with the good folk at Clario who now own and develop this product, and in the spirit of fairness and objectivity, this article looks at the current version of MacKeeper, at what it does, and how it has changed.

[…]

The most obvious question is why, under its new ownership, anyone would want to continue selling a product, however good it might be, under a name which to many of us is synonymous with PUP.

It’s a good question. It sure seems suspicious that the notarized installer package is just a shell that downloads an encrypted binary and sends your Mac’s serial number to their server over an unsecured connection. However, I verified that the final .app file that you end up with is notarized.

Alun Baker has explained that Apple wasn’t prepared to let MacKeeper simply undergo its normal notarization checks, and looked thoroughly at historical issues such as Clario’s business associates and marketing methods as well.

What does this mean? I thought we were told that notarization was a purely automated system, not a way of extending App Review outside of the Mac App Store. Baker seems to be saying that Apple wouldn’t notarize the binary without first investigating historical non-code aspects of the business. That’s really scary. But then, if that’s the standard, how did an app with MacKeeper’s history pass? If Apple was concerned about the history, Clario’s argument would have to be that they’ve changed their ways. Regardless of their intentions, Clario would say that they have. Yet that can only be assessed after the app becomes available and we see what they do with it. So what did this extra review accomplish?

Previously:

Update (2020-06-03): See also this thread with Jeff Johnson.

Comments

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment