Apple Continues to Quietly, Remotely Delete and Install macOS Files

Apple lock logo

For the sake of security and Catalina app compatibility, Apple has been remotely deleting and adding files to macOS.

Zoom Related Apps

Previously, we reported that Apple has quietly removed a Zoom installed web server from macOS for security reasons.

[Apple Releases Mac Update to Remove Zoom Web Server.]

Now, we’ve learned, as our Charlotte Henry reports and The Verge clarifies, Apple has removed associated web servers from the RingCentral and Zhumu apps.

These video conferencing apps both used technology from Zoom — they’re essentially white labels — and thus they also had Zoom’s security flaws. Specifically, they installed secondary pieces of software that could take commands from websites to open up your webcam in a video conference without your intervention.

This is good news; Apple is looking out for us. My only complaint is that Apple, a company obsessed with notifications, hasn’t figured out a graceful way of notifying the users of macOS that their OS has been remotely modified by its creator. It’s a challenge to be informative but not alarming, but I think Apple can do it.

Catalina’s won’t run 32-bit apps. You’ve been warned.

Compatibility Notification Data

On July 17, The Eclectic Light Company reported that Apple has recently, remotely installed the file: CompatibilityNotificationData.bundle in:

/System/Library/CoreServices/

Mine is dated July 3rd, 2019. The Eclectic Light Company developer explains:

Inside this Property List are dictionaries inside dictionaries, which list apps which aren’t 64-bit and therefore will be incompatible with Catalina. Each is given a minimum and maximum version number, and may be assigned to an app group….

This bundle is clearly part of preparations for migration to Catalina. The data might be used by the existing Legacy Software item in System Information, but might also be required for another tool which will ship with the 10.14.6 update, due very soon now.

Again, I have only a little heartburn about this. Especially since there are software tools that flag changes to the OS. But like the argument above, for the sake of transparency and trust, Apple might think about a notification system specially designed to alert the average user. That would avoid a situation in which users discover a potentially alarming change from some other source and become annoyed.

It would also assist IT managers who work with Macs that are often offline, such as ships at sea or those taken into SCIFs. That is, if they haven’t been formally notified by some other means.

I expect to see more of these quiet macOS changes from Apple as security threats evolve. (Like the XProtect system that’s been in use for years.) Until Apple decides to keep users informed, we’ll just have to discovered these changes amongst ourselves.

7 thoughts on “Apple Continues to Quietly, Remotely Delete and Install macOS Files

  • Apple must be very, very cautious to not emulate Microsoft’s policy of hijacking your computer to do whatever they feel is appropriate.
    I left Microsoft once and for all after their forced updates caused me to fail in boardrooms because my presentation could not be shown due to a 30-minute upgrade that I had no control over.
    Apple – remember that you are American, remember that your users are free citizens. Learn from Microsoft’s mistakes, do not emulate them.

  • John:

    Culture is a dynamic, living thing, that grows under collective and multivariate influence in ways that none of us can fully anticipate. This applies to all expressions of culture, be it social, political, industrial, technological etc. This can lead to both delight and disconcert in equal measure, one’s personal preferences depending. Just as soon as we become accustomed to things being done a certain way, along comes a change driven by forces we may not have recognised or anticipated in a new direction, rousing us from our comfort zones into a brave new world of uncertainty. While a hearty few may simply roll with these changes, and some even enthusiastically embrace it, most of us are discomfited by it, or resent it or even feel threatened by it.

    Enter the post-PC era of the internet, specifically the Internet of Things (IoT). I realise that you and I may use the term ‘post-PC’ differently. I do not intend that we do not use or have outgrown PCs, rather that the PC is deprecated to but one of many tools subservient to the greater tool of interconnectivity, the cloud or even a platform of connected devices, an ecosystem if you will, that expresses itself through a variety of devices of our choice.

    Back when the PC was sovereign over our personal and workplace digital lives, we enjoyed the autonomy afforded by our beige box’s relative isolation. Our world was in the box, and although the box could connect us to a broader world, our data lived in the box and we could even play with those data without being connected. Importantly, the box was ours to do with as we pleased in that best of Braveheart tradition – Freedom! The software, including the OS, lived in happy isolation unless and until we chose to connect to the outside world, for example, by fax modem (remember those?). Our exposure to potential harm was intermittent, brief, limited.

    Fast-forward a couple or three decades; high speed always on internet and a bevy of interconnected ‘smart’ devices serviced not simply by an interconnected OS but an interactive AI, and we’ve undergone a paradigm shift in terms not only of digital environment (from the box to the internet), but of working space, security needs and therefore, boundary, domain and ownership. That domain, make no mistake, is still being contested in specific areas, such as data ownership, but it has clearly resulted in a paradigm shift in the management and maintenance of the OS(es). Clearly, the manufacturer has always owned the OS, but we used to purchase our own individual copy, not unlike a DVD movie. Now, we no longer purchase it. We download it for free when available and compatible. The OS is an integral part of an ecosystem whole, distributed across all manner of devices in a variety of iterations on our desks, pockets, TV, smart speakers and other devices and on our bodies. For security reasons, these are all regularly patched and updated in an incessant dialectic between the good guys (the manufacturers and hosts) and the bad guys (any malfeasant). The viruses and malware of yesteryear are child’s play compared to today’s well-resourced industrial-level, organised criminal and state-sponsored threats, to which most of us are oblivious.

    We have come to rely on the platform owners/makers, be it Apple, Amazon, MS, Google or other to protect the ecosystem in which we work and play, and keep our data and our loved ones safe. When they don’t, we rightly cry foul. We’ve undergone a cultural migration from the rugged individualist with his/her isolated box on a desk to citizens of the IoT, with expectations of rights and protections; a tech-cultural evolution.

    What Apple and the other big tech companies are doing with these silent, behind the scenes security updates, patches and modifications to the OS is not simply due diligence, it’s their job, their responsibility to which we hold them liable for breaches and lapses, even criminally when intentional or negligent. It is no more feasible to practise the culture of iso-box with only occasional internet access today than it is practise the social norms of the 19th Century with impunity. This is the tech equivalent of public health and safety.

    The challenge is that our tech culture cycles at orders of magnitude faster, in many cases, than does our social culture, even though these two are interwoven. However, while we wait for our social expectations and mores to catch up to our technological ones, and harmonise those cultures, we need the constant vigilance of industry-level protection to protect our tech environment, and our loved ones within it.

  • I was thinking how much I appreciated Apple releasing those fixes to block Zoom’s issue (I use Zoom) but I really agree with John, we need notification before changing things. It shouldn’t be that difficult to do.

    Looking down the road, If Apple blocked an app for another reason other the pure security, in the future, this would be a major issue. I don’t think any Mac user wants Apple telling them what they can and cannot run on their computers. We have that problem on iOS and even Android already (banning Gab, is a perfect example on both cases). We the users are not allowed to chose what we want on iOS but on MacOS we can run what we like (almost, you have to hop through some hoops to run apps like Dissenter browser but it is possible). We need to ensure it stays free to run whatever app we like as users.

  • And what else does Apple do that you’re unaware of? “We did this for your benefit and didn’t want to bother you.” But you wouldn’t let a vendor you bought something from have access to your house to make secure deliveries while you are away – for your convenience. Question every company including Apple.

  • I am not comfortable with Apple remotely deleting and adding any files to macOS without my express permission. Period. I bought my Mac, paid well over market value for it due to the Apple tax, and consider it my personal property. In fact, I bought a personal computer. I use it the way I like; I configure it the way I like; and I want everyone but me to keep their paws off my personal computer. Period.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.