Popular App Bartender Buy-out Raises Security Concerns

Probably the most unwanted surprise for many macOS users. The popular macOS app, Bartender, is indeed sold to an unknown third-party. Speculations seem to lead that the new owner is an iOS app publisher, but that is the least of our —or mine— concern. Not only Bartender already needed critical permissions to run, if you are running version 5.0.52, Bartender has already included new analytics framework without notifying the users of the changes. There could be possible changes in pricing model as well, perhaps introducing subscriptions for future Bartender.

What I Have Done (and Recommend)

Now, there is no evidence that links the Bartender was actually exploited. No need to panic. However, until the new owner can provide some insights as to what remains of Bartender, I believe this is a good time to prepare either for departure or clarifications. why does Bartender need location data anyway?

I would recommend either of the options until then:

  • Downgrade to version 5.0.51 (or last known original developer signed version)
  • Try new menu bar management apps, such as Ice

Obviously both have pros and cons. Apps are updated for a reason, and to choose an older version —albeit temporarily— may be an invitation to disaster in the long run. Ice, and many others, are either still in development or have been’t updated in recent years. From my experience on Ice, it’s not a complete substitute. It’s yet to fully support notch screen, such as creating a drop down menu box, or automatically hiding icons to avoid overflow. Or you could try other apps available on the Mac App Store, the ones that are sandboxed in.

Afterthoughts

I believe one of the aspects that are overlooked with the current controversy is sandboxing policy. Apple has been and still is enforcing rather strict sandboxing. The idea is that an app should play in its own “sandbox”, hence the phrase. Bartender is not sandboxed and needs special permissions. It should also be noted that the controversy and the later technical reports mostly came from third-party app distributors. There is a role they play, and while it was enlightening to see how it unfolded, it was disappointing that I could not rely on them to find useful alternatives.

Also this plays as a reminder to all developers: it’s okay to move away, but don’t hide it. One of the major, if not only, issues in this saga is lack of proper communications from neither the original developer nor the new publisher. In fact, if the transition had been announced, most users may be annoyed at worst —in respect of possible subscription— but would not have panicked. A change in ownership and in certificate glaringly reminded us that this might be another elaborate phishing scam or a possible breach. And general lack of documentations on the changes, such as addition of analytics, lack of opt-out from providing additional data, purposes of collecting these data, and a privacy policy were adding more confusions.

On a side note, I’ve seen some humorous comments on how Bartender might be the next victim on the list of getting “Sherlocked”. A menu bar management app is a must-have, and more so for notch screens. Apps love to populate menu bar with its icon, and not all developers provide the streamlined UX to properly take advantage of it. Apple’s decision to add screen real-estate backfired in such a trend, as the current version of macOS lacks proper menu bar icon management. It’s about time to get that feature, just like iOS got a new home screen.

Update June 8, 2024: Applause, the new owner of Bartender, has officially confirmed the change in ownership in the update note for 5.0.53. The new version has also removed Amplitude analytics which was introduced in version 5.0.52.

Leave a comment