hoakley November 9, 2017 Macs, Technology

What is ‘macOS Installer Notification’, and why did I get it?

You may have noticed that yesterday, 8 November, your Mac installed a silent pushed ‘update’ from Apple, named macOS Installer Notification. In case you’re puzzled, this is the best explanation that I can give.

When your App Store pane is set to Install system data files and security updates, you normally expect it to receive security updates, such as those for Gatekeeper, XProtect, MRT, etc., which I announce here, and urgent system patches. Apple has used it in the past to distribute important fixes to bugs in various versions of macOS/OS X.

In this case, Apple appears to have used it to download what looks like promotional material, to nudge those not yet running High Sierra to install the upgrade. It only appears to have been pushed out to Macs running versions of macOS prior to High Sierra.

Although listed in Installations as macOS Installer Notification, that is not what is actually installed. Instead, it creates a new folder at /Library/Bundles, and installs a small bundle there named OSXNotification.bundle. This is signed by Apple using its system installation certificate.

highsierranudge02

OSXNotification.bundle (not macOSNotification!) contains no code, just some resources, including the above icon, and a bunch of strings to support a notification which is timed to occur every week into the New Year. Its notification is intended to persuade you to upgrade now to High Sierra. It does not appear to serve any other, more useful, purpose.

I don’t know whether removing that bundle and the Bundles folder containing it will remove the notification safely; it may be that each week you will see an error message instead.

I don’t know how you feel about Apple using this mechanism to push us marketing material, but I am not impressed.

If your security protection software has detected this tampering with your /Library folder, then award it top marks. It is evidence of our weak security protection that such a bundle can get installed – admittedly using an Apple mechanism, Apple installer, and Apple certificate – without most of us being any the wiser. After all, this is the sort of thing that malware does, isn’t it?

Many thanks to Ben Spector, who kindly adds the following:

What I observed after deleting OSXNotification.bundle was that the daily nudges continued, just missing the badge/icon. I had a hunch that these zombie nudges were arising from some kind of scheduling queue that had not been emptied when I deleted the .bundle.

Based on a Stack Overflow question about removing apps from the Notifications Center (stackoverflow.com/questions/11993145), I found the SQLite database for notifications, including future scheduled notifications. It comprises a set of files named “db”, “db-wal”, and “db-shm”, which can be located with the Terminal command “$(getconf DARWIN_USER_DIR)com.apple.notificationcenter/db” and opened with a SQLite database browsing tool or a text editor using the UTF-8 encoding.

Scrolling through the contents of “db-wal” in TextEdit, I found maybe a couple dozen instances of the strings “Upgrade to macOS High Sierra” and “Enjoy the latest technologies and refinements to your favorite apps.” Those presumably correspond to future scheduled nudges.

I blew my opportunity to do any further research by killing the active instance of usernoted via Activity Monitor while I still had one of the database files open in TextEdit, whereupon the successor instance flagged the database as corrupt and rebuilt it. The new files are significantly smaller and don’t mention High Sierra, though, so I am hopeful that my bungling has at least flushed the remaining nudges from the queue.

9Comments

Add yours

1

Just another user on November 9, 2017 at 11:27 am

This post is greatly exaggerating. Apple has promoted new OS releases in the App Store Update panel before.

This is nothing new.

I just don’t get this post. It’s ok to criticize High Sierra because APFS and eGPU are not yet finished, but this post (and others from you) is on the border to the bashing area.

You only see the negative side, that’s not okay IMHO.

LikeLike
- 2
  
  hoakley on November 9, 2017 at 11:57 am
  
  Thank you.
  If you care to read this article before trying to savage me over it, you will notice that nowhere in it does it mention that panel in the App Store app. It refers instead to an item of software which Apple pushed out using a mechanism which most of us have believed is for security and urgent updates, not for sending us unsolicited marketing material.
  I have never known Apple use this mechanism to send out marketing material. Have you? If so, when and what?
  Observant Mac users who are concerned about knowing what is going on, the security of their Macs, and so on, could also be very worried when an update arrives like this without any idea as to what it might be. We are all used to security updates and know how they appear. I was puzzled as to what this was, and seriously considered whether it might have been malware.
  It also demonstrates a weakness in our protection against malware that probably no anti-virus or other security software even noticed this installer being download and installed on our Macs.
  As to only seeing the negative side, I challenge you to read all the Mac articles that I have written here in the last 3 months, say, and classify them as to whether they are ‘Apple-bashing’ as you seem to think, or informative to users. If you only read a few, you may well have selected those at which you can get most upset.
  I am not, and never have been, a fawning Apple fanboy. I love Macs, and I love macOS, however annoying they might be at times and in parts, and maybe you might want to consider why I should put so much time and effort into this blog just to ‘bash Apple’. I have used Macs for software development (including international commercial products), work, research, science, writing, art, and a great deal more since before 1989, and have written about them for magazines since that time.
  When I see something which I think is not good, or plain wrong, this is my blog on which I can write about it. That’s okay, I hope, or do I have to clear it with Apple PR first?
  Howard.
  
  LikeLike
- 3
  
  Philip Noguchi on November 9, 2017 at 8:05 pm
  
  I wonder if you have every used a recent PC rather than a Mac? I keep a Lenova laptop around for the few times where an updater is only available on the PC.
  
  I can assure you that the constant Microsoft reminders to upgrade to Windows 10 is highly disruptive even on the few times I use the Lenova. Its as though I have to use the PC and also get dinged directly by Microsoft at the same time; punishment x 2.
  
  I see this as two somewhat related issues. High Sierra is not yet a really good update (yet…) for Sierra, and discussions about High Sierra bugs (features!) and their mitigation are highly instructive and valuable. The second is the unasked for dialogue to upgrade a specific machine, that is, one with Sierra installed. I consider that to be like robocalls; I do not ask for them specifically.
  
  My personal feeling is that Eclectic Light Company (Howard) provides invaluable almost daily updates on the Mac ecosystem that has enriched my enjoyment of several Mac laptops, as well as educated me on some very subtle vagaries of Apple’s Mac ecosystem.
  
  To each his own…
  
  LikeLiked by 1 person
4

Just Another User on November 9, 2017 at 4:45 pm

Hey!

First, I love Macs too (since 1991) and I like that you’re digging deep into macOS to deliver detailed information for technical interested users like us (they might call us “nerds”, but I don’t care).

In your other related article on this topic, you wrote: “I don’t recall Apple ever promoting its products there in the past.”

And thats simply wrong. Apple has been doing this for a couple of years. And while silent updates lacks documentation (Apples clearly fails here), it’s IMHO a bit too much to complain about this silent update which delivers graphics for the App Store Update Page… Those are “System Data Files” als labeled in the preferences. I don’t see any problem here.

Sentences like “The number of users upgrading to High Sierra seems to have fallen below Apple’s expectations” or “and lack of major new features in its present form” are, in my opinion, a bit too much of moan.

While APFS itself is not completed, it’s an absolutely great file system. Millions of Macs with integrated SSD where successfully migrated without any problems and data loss. eGPU while still in beta delivers much need graphics boost for Macs with Intel GPU or older AMD/Nvidia GPU. High Sierra is a step forward and I always advise friends & colleagues to wait if Apple releases a new OS, at least for version .2 (better .3).

LikeLike
- 5
  
  hoakley on November 9, 2017 at 5:00 pm
  
  You are welcome to tell me that Apple has promoted its products on the Updates page of the App Store before. However, I stand by my original statement – which is not in this article – that I cannot ever recall it doing so before. That is correct, as you cannot tell me what I can recall. So which products has it promoted there before, and when?
  You also presume that the OSXNotification.bundle which Apple pushed out to me around noon yesterday is responsible for the promotion graphic in the App Store. You’re wrong there: I saw the promo in the App Store several days ago, before that bundle was installed. Furthermore the icon resource (2.6 MB, the largest thing in the bundle) shows a round High Sierra badge, nothing which appears in the App Store. Apple does not need to install additional bundles on all our Macs to run that promo in the App Store.
  If you looked inside the bundle, you’d see that it is actually a notification package, as far as I can see, which will use that badge and localised text to nudge us to upgrade at weekly intervals until the New Year.
  If I go to a garage and speak to a salesperson, I expect to be told all the wonderful things about their cars. If I speak to the head mechanic, I expect honesty and technical accuracy. That is what I try to give, and if you don’t want that, there are plenty of fanboy websites which will reinforce your opinion that High Sierra is wonderful, and the sun shines from Apple’s every orifice. Most of my readers comment that it is refreshing to find honesty, and my striving for technical accuracy.
  Howard.
  
  LikeLike
- 6
  
  jdaniel2014 on November 12, 2017 at 8:53 pm
  
  It is true that Apple has been pushing updates via local notifications for a few years now. Also, this particular update setting does say “system data files and security updates”. People do tend to read into Apple’s actions more of what they expect Apple would or should do rather than what Apple does do, and has historically done.
  
  That being said – it goes both ways. It is far stretch to claim APFS is “an absolutely great file system”. It is new. I’ll give you that. But it is buggy, slow, and still lacks capabilities that HFS+ has. This is a big area in High Sierra where people read into Apple’s products more of what their hopes and dreams are for those products rather than what they really are or what Apple intends for them. Snapshots were one of the big features people touted. Now it looks like snapshots are only for Apple’s own use in Time Machine’s local snapshots feature.
  
  Also, I don’t know where you get the idea that eGPU is going to deliver any graphics boost for older Macs. It requires both High Sierra and a Mac with Thunderbolt 3. There is a very strong possibility that eGPU will be killed before it ever gets released.
  
  LikeLiked by 1 person
- 7
  
  BambiB on January 31, 2018 at 7:18 pm
  
  “Millions of Macs with integrated SSD where successfully migrated without any problems and data loss.”
  
  Frankly, I don’t care about that. Having recently gone through a cycle of dead Mac, corrupted drive, TimeMachine restore fail, I don’t give a fig about “millions of Macs”. My concern is MY Mac, and Apple has not proven to me yet that an “upgrade” to a new file system is any less dangerous than relying upon TimeMachine.
  
  LikeLiked by 1 person
8

BD on November 11, 2017 at 2:53 pm

Howard,

First, thanks for all of the hard work you put into your highly informative website. It’s truly my reference for All Things Mac.

While I understand your take on what Apple has done with a questionable form of advertising, I do wonder if their motivation wasn’t more altruistic knowing users of older versions of macOS or OSX would face more security concerns in the future or useful features the average user might miss not upgrading.

Can we really be sure *everything* a company does is motivated by money? I’m sure all of us go out of way in our jobs to do something simply because it’s the right thing to do, right or wrong, but from our perspective. I do agree it’s bit heavy-handed compared to what they’ve done in the past but I’m not so sure I wouldn’t appreciate it if I were today’s typical Mac user who doesn’t know much more than what it takes to turn on my Mac and use it.

Just another opinion…

best,

BD

LikeLike
- 9
  
  hoakley on November 11, 2017 at 4:07 pm
  
  Thank you.
  Although there is plenty of altruism in Apple still, I’m not sure that this is about that, nor about money.
  In large organisations, particularly those making so much profit, corporate kudos is usually a much stronger motivator. I speculate that the uptake of High Sierra has been rather less than management had expected, let alone hoped for, for reasons which are more obvious to you and I than to those people. Whilst an engineer would see that the need now is to get on and fix the problems with APFS and make High Sierra as good as was promised for all Macs and Mac users, that is not the marketing approach, particularly when you are giving it away.
  Nudging in this way is now widely used in a lot of areas to try to convince people to do things. I think that Apple’s engineers wanted the resources to get their job finished, but the marketers held sway, and what should have been an engineering conduit to our Macs has been taken over for marketing purposes.
  Only a few years ago, we all sucked our teeth when Apple used the push update for the first time, if I remember correctly to patch a DNS vulnerability. We seem to have reached the stage where it is acceptable to use the same mechanism to nudge users to upgrade macOS, even from versions like Sierra which still enjoy full security updates. I don’t think that’s good. What next – if iPhone X sales get a bit lacklustre in the New Year, will we be sent promotional material for that via the same route?
  Whatever Apple did push to our Macs, it certainly wasn’t an urgent security or system update.
  Howard.
  
  LikeLike