Bartender change of ownership—potential security issue?

Anything older than (and including) 5.0.49 should be safe (the telemetry has supposedly also been removed from the latest beta release). I’m not sure what Ben’s original policy was on whether he would still be updating v4 and what the new developers will do with it (if anything), but you may want to disable updates until there’s more clarity on this.

2 Likes

Okay, so perhaps it’s not a lie, but there are still too many red flags, all of which could have easily been avoided with some proactive communication.

All we know is that the entity that bought Bartender is backed by a venture capital fund with a poor track record of handling such acquisitions and some poor-quality apps out there, and that their focus is not app development but increasing sales for existing apps. If they are a small team of developers, there’d be no better time for them to introduce themselves than now.

These folks, with their disastrously handled acquisition and communication, not to go through all of that again, make Bending Spoons look good.

3 Likes

It’s all about the risks you want to assume and the trust you have on the software that is running on your computer.

“AU” - Artificial Unintelligence" Although why we need to create unintelligence is a mystery to me - there’s enough of it occurring naturally to meet humanity’s needs.

As in “we are enhancing privacy management to meet our commercial needs”. Reminds me of my local railway line a few years ago: “To improve customer service we are extending all journey times by 3 minutes”

That’s funny dystopia but effective, sadly. People have no idea how long a route ‘should’ take, but they’ll lose it if it takes a minute longer than the transporter said it would. Since the trains can’t be sped up, pad the time!

OK, I should have included the entire Perplexity Pro thread. I didn’t mention Bartender when asking the AI about Setapp’s security record. Here is the entire thread:

Query: “Do you know of any instances of malware or spyware being distributed on the Setapp platform?”
Proplexity answer:
"There are no confirmed instances of malware or spyware being distributed on the Setapp platform. However, there have been concerns and discussions among users regarding the security and trustworthiness of Setapp and some of its associated applications.

  1. User Concerns: Some users have expressed concerns about Setapp behaving like malware. For instance, a user on the MacRumors forum described Setapp as “almost malware” due to persistent issues with unwanted apps appearing in the “Open With” menu even after Setapp was uninstalled[1]. Another user on the Apple Community forum reported difficulties in completely removing Setapp from their system, raising suspicions about its behavior[4].

  2. Reassurances and Trust: On the other hand, many users and experts have defended Setapp, stating that it is not malware. Discussions on the Mac Power Users forum highlight that Setapp is respected among Mac users and developers, and it includes reputable applications like Ulysses and PDFPen[2]. Additionally, Setapp has undergone audits and certifications to ensure its security, as mentioned in their Trust Center[15].

  3. Developer Verification: There are questions about the verification process for apps on Setapp. While Apple performs some level of quality assurance on apps in the Mac App Store, it is unclear if Setapp has a similar rigorous process. However, Setapp claims to curate high-quality apps and has a thorough screening process[3][8].

  4. Privacy and Security Policies: Setapp’s privacy policy outlines their commitment to protecting user data and explains the data collection practices. They emphasize that they do not collect or transfer personal data without user consent[7].

  5. Specific Incidents: There was an incident where Setapp removed AdGuard from its platform due to allegations of connecting to Russian servers, which AdGuard denied, stating their servers are located in Germany[6]. This incident highlights Setapp’s proactive stance on security concerns, even if the allegations were later refuted.

In summary, while there have been user concerns and discussions about Setapp’s behavior, there is no concrete evidence of malware or spyware being distributed through the platform. Setapp maintains that it is a secure and reputable service, supported by audits and a curated selection of apps.

Citations:
[1] Setapp has insidious and scary behavior. | MacRumors Forums
[2] Seeking reassurance about Setapp and CleanMyMac
[3] Setapp & Security / Dev Trustworthiness
[4] https://discussions.apple.com/thread/8611495
[5] Spyware removal guide: How to get rid of spyware on Mac in seconds
[6] https://www.reddit.com/r/Adguard/comments/tal21m/official_response_from_adguard_to_setapp/
[7] Privacy Policy | Setapp
[8] https://macpaw.com/setapp
[9] https://macpaw.com
[10] How to scan and remove malware from Mac
[11] https://www.reddit.com/r/mac/comments/e7k0d8/wasnt_sure_if_setapp_subscription_is_worth_it_so/
[12] A Day Without Business – Charlie Monroe
[13] MacPaw's Setapp becomes one of the first to agree to Apple's controversial DMA rules | TechCrunch
[14] How secure is Setapp? | Nudge Security
[15] https://support.setapp.com/hc/en-us/articles/115000890969-Are-Setapp-apps-safe
[16] x.com
[17] https://www.reddit.com/r/Setapp/comments/omvqik/is_setapp_now_spyware/"

Note that Perplexity lists its sources.

In the interest of brevity, I had previously posted only the summary. Perplexity’s answer provides no guarantees regarding Setapp’s security, but considering the hundreds of apps that it provides, I think that Setapp has an outstanding record. If the version of Bartender provided to Setapp becomes problematic, I don’t think that it will make it onto the platform.

While we are on the subject, is there anyone here that regularly uses more than 10 apps on SetApp?

I’m not abandoning Bartender yet, but I’m keeping my eyes open.

Yes. (20 characters)

I regularly use 15 (about 13 daily and 2 weekly), and there’s another ~5 that I like to use once in a while because they’re best in class but those tasks aren’t part of my regular activities.

I use ~ 25 of the apps on Set App.

But I do not use Set App.

2 Likes

I use 7 of the mac apps on 3 Macs and zero iOS apps so their cost of $162/year is laughable for me.

Since you asked:
Use Regularly
Bartender
Forecast Bar
CleanShot X
Mosaic
PopClip
Default Folder X
Pareto Security
Mission Control Plus
Jump Desktop
Time Out
HoudahSpot
Nitro PDF Pro
ForkLift
CleanMyMac X
iStat Menus

Use Occasionally
Paste
Trickster
PixelSnap
Downie
Archiver

Use Rarely
PDF Squeezer (great app, just don’t need it often)
Wallpaper Wizard
SnapMotion (another good one, just not needed often)

New, Trying Out
DisplayBuddy
Novabench
Prizmo

Just Sitting There
Gemini

I don’t get SetApp and I think I only use 1 of the apps availakle on it but I bought it elsewhere, Clean My Mac is the only one I know is avail, on SetApp that I use regularly.

1 Like

I’ve been curious about CMM for a while. Your mention of it inspired me to create a new topic about it.

1 Like

Fair enough - and certainly reason to start looking for something else that does the job equally well.

But assuming there is not such a replacement yet - what is the risk to continuing to use it? Is this just that you are annoyed someone is trying to make money or is there some actual perceived security risk you fear? Why not keep using it as long as it works since you already paid - and defer your decision until the time you have to pay more money than you want to pay?

1 Like

Is the Weather add-on for iStat Menus included with Setapp or do you have to pay extra for that?

It is a matter of trust. And they’ve lost mine.

Fool me once …

2 Likes

I’m not a FOSS fanatic (if I was I wouldn’t be hanging out here), but using closed-source software requires a higher level of trust than using open-source apps because no one can review the code except the developer/owner.

The new owner’s evasive, dissembling behavior, the inability of third parties to peek behind the curtain, and Bartender’s need for screen-recording permission don’t inspire confidence that I should continue trusting it with my privacy and security.

3 Likes