No matter how good your security is, you’re still vulnerable to fraud. There’s nothing in macOS to protect you, fraudulent apps are commonly notarised and some are even supplied from the App Store. Software firewalls such as Lulu and Little Snitch can’t help either, and keeping macOS up to date is ineffective.

Fraud is a broad category covering apps that aren’t exactly malicious but aim to extract money from you, to those that don’t come close to doing what they claim. By far the most common and obvious are those that promise loans and other financial benefits, then just fleece you. Sadly, those aren’t uncommon in the App Store, and there are several independent folk who generously devote their time to identifying those that have slipped past Apple’s scrutiny, which appears more focussed on detecting true malware.

One category that is becoming increasingly popular are apps that promise access to AI including ChatGPT and Claude. There’s almost an endless list of apps claiming to be ‘chat clients’ with often substantial in-app subscriptions. While some may well be genuine and good value, others have been shown to be fakes that will just relieve you of money.

For money and financial apps, and AI helpers, the best advice is to buy from authoritative sources, and to double-check that what looks genuine really is. Never drop your suspicion.

The category that I’m more concerned with here are apps that claim to optimise your Mac, in terms of its memory, storage or performance. Among the claims made are ‘cleaning’ memory, freeing up disk space by deleting duplicate files, and ‘securely’ erasing SSDs. For this I’m grateful to an anonymous reader for drawing my attention to an app being sold outside the App Store that makes bold claims for managing your SSDs. How can you distinguish the bogus from the genuine? Here, I’ll consider in detail two common claims, saving space by deduplication, and secure erase.

Deduplication and APFS

One of many valuable features in APFS is the ability to make clone files. Select a file in the Finder and Duplicate it, or drag-copy it to another location on the same volume, and macOS won’t create a fresh copy of that file, but a clone. Initially, and until you make changes to either clone, the two files share the same data on disk, so the cloned copy doesn’t take up any additional space, apart from its tiny entry in that volume’s file system.

If you want to free up real space in a disk, you don’t need to bother with clone files, as they are as economical as you can get. So any effective method of detecting duplicates to erase them and free up disk space, must work out which copies are actually clones, and as a minimum inform you.

There’s even one wonderful app that turns cloning to advantage, by detecting identical files that could be replaced by clones to free up real space. It’s Hyperspace: Reclaim Disk Space, from the App Store, which is also innovative in that you only need pay for it by results.

Any app that claims to deduplicate the standard file system in macOS, APFS, must at least explain how it detects and handles clone files. If it doesn’t, don’t trust it on your Mac as it’s likely to disappoint.

Secure erase and SSDs

Another of the claims made by the app is the ability to perform a ‘secure erase’ of an SSD. Anyone who has used a hard disk is well aware that disposing of a hard disk that has contained sensitive information requires you to securely erase it, by writing non-data to the whole of its storage several times, to make it unrecoverable. The concept of securely erasing an SSD might therefore seem similar.

Unfortunately not, as SSDs are more complex devices, and your Mac only knows the logical location of stored data, not its physical location within the SSD, which pulls all sorts of tricks to improve its speed and lifetime.

One of the most troublesome in this context is what is termed overprovisioning. That 1 TB SSD might have a real capacity of 1.1 TB or more, but the SSD won’t let you see or access that extra space. What’s more, those 100 GB will move around, and won’t remain contiguous, in a single block. So if an app tries to fill the SSD to capacity with non-data, there should still be 100 GB that isn’t in use, and can’t be accessed.

Traditional secure erasure thus doesn’t work with SSDs, which is just as well as they have limited lifetimes, and wiping the whole SSD would only age it further. Wiping it several times in the way you should with a hard disk would be even worse.

Many SSDs have a built-in function to ‘sanitise’ that can be called by specialised software available from its manufacturer, but verifying that really does perform a full and secure erase isn’t possible for normal users. This leaves two good solutions:

• if the data is encrypted, destroy the encryption key(s);
• if the data is unencrypted, physically destroy the SSD.

For internal SSDs in Macs with T2 or Apple silicon chips, that are encrypted using hardware, the method of choice is EACAS, Erase All Content and Settings, available in all fairly recent versions of macOS. That will render the contents of the Data volume inaccessible even to the most determined and well-funded. There is none better, and this is available and just as effective if you haven’t enabled FileVault.

External SSDs used to store sensitive data should already be encrypted, although that won’t have the benefit of hardware encryption, FileVault proper, or EACAS. Simply erasing each volume should destroy its encryption keys, although they might remain recoverable. If you really do need to ensure no one can access old data, the only safe solution is to physically destroy the SSD to render it unusable. In the most sensitive cases, a heavy-duty shredder can be used.

If the software doesn’t explain all this, then don’t trust it with your sensitive data.

Objective assessment

Fraudulent software often targets features that are notoriously difficult to assess objectively. How could you compare use and performance of memory before and after using a product claimed to ‘optimise’ memory? Having parted with $20, say, many of us want to believe that we spent that money wisely and succumb to confirmation bias. If you like that sort of thing, I’ll happily write you a bespoke app that does nothing other than look impressive, and cost you as much as you’re prepared to pay.

This becomes even more fraught with deduplication and secure erase.

Apps that claim to deduplicate but don’t (and can’t) identify clone files happily tell you how much space they have recovered, based on the total size of files deleted. If they don’t identify clone files, then they can’t measure how much real free space they have recovered, and their accounting will invariably overestimate their performance.

Assessing whether an SSD has been securely erased can only be performed by a data recovery specialist, and is a service that you’d have to pay for. You can’t rely on whether a third-party data recovery tool can bring back any of the erased data, although if it can, you can be confident that the procedure failed. It’s also worth bearing in mind that products commonly claim to conform to an established standard, but that only prescribes what should be done, and doesn’t assess whether it has been done correctly or effectively.

Support articles

One of the most sensitive indicators of potential fraud is in support and blog articles published on the vendor’s site. If those have clearly been written by AI, or have been copied from elsewhere, that’s a strong warning sign. In the example reported to me, an article purporting to explain how to free up disk space gave an account of deleting snapshots in Terminal, rather than using Disk Utility. That’s a sure sign that was obtained from AI, rather than written by a human who knows anything about macOS.

Reading credentials

Finally, never misinterpret claims made of an app’s credentials. Although every App Store app is reviewed by Apple, experience has shown that’s far from being a reliable protection from fraud. Only this last week it has been claimed that one fake app in the App Store has defrauded users of a total of $9.5 million in cryptocurrency.

All developers are now required by Apple to notarise those apps supplied outside the App Store. However, notarisation doesn’t involve any human review process, and no attempt is made to detect whether an app is fraudulent in any way. All notarisation aims to do is detect those apps that are truly malicious, and inevitably some malware has been notarised by Apple.

I’m afraid that when it comes to checking potentially fraudulent apps, you’re still responsible for making your own decisions. Please choose wisely.