MacKeeper 4.3 is notarized

I never thought that I’d read the words MacKeeper and notarized in the same sentence, let alone in the title of an article here.

If you’ve only recently come to Macs, then the name may mean little or nothing. A glance at its page in Wikipedia might be illuminating for its damning opinions. The product goes back almost exactly ten years, to its first beta release on 13 May 2010. It had originally been developed by Zeobit, which had been formed only the previous year.

By the release of version 3.0 in 2015, MacKeeper was starting to become notorious. Reviewers and users reported many problems with it, and those who wrote the Q&A sections for major Mac magazines (including me) were bombarded by messages from users wanting to remove it. It had become recognised as belonging to that shadowy category of Potentially Unwanted Programs (PUPs), a euphemism for software to avoid at all costs.

I wrote about it in MacUser volume 30 issue 5 and issue 7, in 2014. Then again when a phishing attack was launched against it in June 2015, and following a major security breach in December of the same year.

In 2016, the Mac security expert Thomas Reed detailed a fake virus scam which had been deployed to trick users into downloading MacKeeper. The app’s developers, by then Kromtech, blamed a “rogue affiliate” which Reed demonstrated was also misleading. He concluded by writing “Malwarebytes Anti-Malware for Mac will detect MacKeeper as PUP.MacKeeper, and will remove the app and all other components.”

Wikipedia’s page on MacKeeper’s developer Kromtech Alliance Corp. is also worth reading, and even more damning than its entry on MacKeeper.

Then late last year, everything seems to have changed at Kromtech. Its blog announced that “Clario, an innovative customer-focused cybersecurity company, has recently acquired the IP and assets of Kromtech, which includes our MacKeeper product”. Recognising its previous bad name, Clario/Kromtech claimed that it had “canceled the marketing partnerships that resulted in aggressive and annoying promotions” and had transformed MacKeeper.

Then just after Easter this year, Clario/Kromtech announced that version 4.3 of MacKeeper had been “officially notarized” by Apple. That article is well worth reading for what else it claims about notarization. According to its CEO “this process doesn’t just consider our technical credentials, but also our wider business practice, marketing methods, partners and agencies. It’s an end to end verification”.

I have a little experience of this notarization process, and can vouch that in the more than 200 notarizations Apple has performed for me over nearly two years, never once has Apple considered any of those issues on any of those more than forty different products. Notarization is explained in detail here by the horse’s mouth: it’s about meeting certain technical requirements, and the finished product passing Apple’s automated tests for malware. Apple doesn’t see any source code, nor does it check that the software isn’t thoroughly pushy and annoying, or totally dysfunctional. I’m a great fan of notarization, but you must appreciate its limitations: it isn’t intended to assure that a product can’t be a PUP. Notarization isn’t even like the product review for the App Store, and heaven knows how many flawed products have passed that review process.

I would have liked to verify Clario/Kromtech’s claims that MacKeeper is indeed now notarized. However, they provide a two-step installer: what you initially download is a package of scripts lacking any software content. Those installer scripts then download and install MacKeeper direct from Clario/Kromtech’s servers. I’m afraid that, after ten years of dealing with MacKeeper’s unpleasant habits, I’m not prepared to let its installer scripts loose on my Mac.

What I can report is that the Installer package is notarized by Apple. It was signed on 31 March 2020, using the developer certificate not of the new Clario, but of “KROMTECH ALLIANCE CORP.” Now there’s a chilling reminder of the past.

Thanks to @tperfitt for drawing my attention to this surprising news.

Postscript

I am grateful to Alice Lamb of Clario who has asked me to clarify the following:

  • The first version Clario notarized is 4.7.21.

  • Apple Notarization is an automated process, but not for MacKeeper. Clario engaged in extensive ongoing correspondence with Apple, providing proof of both its product and company transformation.

  • Clario is in the process of updating old and now incorrect references to Kromtech and are on track to complete this in the next few weeks.

Alun Baker, CEO of Clario said: “I readily admit that MacKeeper’s history has left its brand reputation severely tarnished but since July 2018 the brand has owned up to its past mistakes and undergone a significant transformation. We have invested considerable resources to regain the trust of Mac users worldwide, this included a thorough investigation into all of our third-party affiliates, resulting in the elimination of any that failed to meet our exacting standards. We have also completely reworked the product to include numerous value-adding features, like data breach notifications and the ability to browse, search, and shop ad-free. In addition to being Apple Notarized we have a TrustPilot score of 4.8 and are approved by AppEsteem the only B2C regulator, who, like us, is taking the side of the Consumer.”

I hope to be following this story up next week.