macOS Bartender Auto-Update Signed by Unknown New Owner

Original Article ↗ Hacker News Discussion ↗

Ownership Change & Trust Concerns

  • Users report Bartender auto-updating with a new, unknown signing identity, triggering immediate distrust.
  • Main concern: a popular, privileged utility (screen recording, menu access) is an ideal target for malicious takeover or “poisoned” updates.
  • Many criticize the new owners’ vague, delayed communication and lack of clear identification, describing it as “shady” and tone-deaf.
  • Later posts note that the buyer is now stated to be applause.dev and that the original developer published a statement, but several commenters say the reputational damage is already done and they remain worried.

User Responses & Mitigations

  • Common advice:
    • Disable automatic updates in Bartender.
    • Revert to last version signed by the original developer.
    • Block network access for Bartender using tools like Little Snitch or LuLu.
  • Some uninstall Bartender outright and look for alternatives, saying they’re very reluctant to trust the new owners.

Alternatives & Workarounds

  • Open‑source / free menu bar managers: Hidden Bar, Ice, Dozer; several are reported as abandoned or buggy, especially with notched MacBook screens.
  • BetterTouchTool can partially replicate Bartender’s icon-hiding behavior via menu-bar triggers.
  • Some use system tweaks (defaults write commands) to reduce menu bar icon spacing instead of using a third-party app.
  • Other unrelated but similar “should be built‑in” utilities frequently mentioned: Rectangle, AltTab, Alfred/Raycast, Mos/UnnaturalScrollWheels, window managers, mouse utilities, etc.

macOS Design, Notch, and Built‑In Support

  • Strong sentiment that menu bar management should be native to macOS, especially with notched displays where icons can be hidden with no overflow indication.
  • Some argue it’s a niche need; others say virtually every power user they see has a cluttered menu bar.
  • Discussion that Apple gives more management options only for first‑party icons (via Control Center), reinforcing perceptions of special treatment.

Broader Security & Ecosystem Reflections

  • Thread links this case to other app acquisitions that ended badly (e.g., OTP app issues) and to the general risk of relying on many third‑party utilities.
  • Questions raised about the practical value of Apple’s code-signing and team IDs if users can’t easily verify who actually controls a widely‑installed app.