Popular app Bartender was quietly bought, and a shady certificate replacement, insertion of invasive telemetry, and a lack of transparent responses by the new owners has shaken confidence in the Mac community
Bartender on Setapp
Menu bar organization tool Bartender has been around for a long time. For most of its life, it had an excellent reputation, and a responsive developer who communicated clearly with users.
That appears to have changed, recently. It all started with a quiet pair of app certificate shifts which went mostly unnoticed.
That is, until app monitoring service MacUpdater found out, and started asking questions. They posted a warning about the app, saying that "The company and developer behind Bartender was replaced in a silent and dubious matter."
But, there's a lot more to the story than just that warning. CoreCode, the developer of MacUpdater, did a great deal of research on the new owners and the app situation prior to posting the warning. They detailed their discoveries in a Reddit thread on the matter.
Research performed before the warning pointed out that blog entries on the Bartender website shifted to heavily search engine optimized content. This is in contrast to the prior informational entries previously posted by original developer Ben Surtees.
Furthermore, the code signature shifted to new owner App Sub 1 LLC in April for the 5.0.52 beta version. It then shifted again to "Bartender App LLC" in May when version 5.0.52 exited beta. The Setapp version of Bartender is owned by a company called the Applause Group.
MacUpdater also said that it talked to security researcher Patrick Wardle. However, Wardle reached out to us after publication to clarify that he wasn't really involved in examining the app for malicious code.
However, the user-monitoring Amplitude digital analytics framework that includes location data has been added to the app with version 5.0.52 by the new developers, where it did not exist before.
Reddit user "Ordinary_Delivery_79" claims to be the new owner of Bartender. They said that this is a normal process, and they should have been more transparent about the certificate shift.
"Truth be told, we should have notated it on the release notes but, since we could not update them retroactively, we included this fact on our blog & shared it with users as they emailed us.," the user posted. "We've collaborated closely with Ben to understand his vision for Bartender. Our goal is to implement many of the improvements he had planned and address any reported bugs from the past few months to enhance Bartender's performance."
It's easy to find basic information on App Sub 1 LLC, and the Applause group. The former has published a few low-quality apps intended mostly for search attention gathering on the App Store.
And, as the Reddit thread points out, Applause is not a good steward of apps that it buys. It updates apps that it buys rarely, and generally shifts them to a subscription model, disabling the non-subscription version in the process. The most recent example of where it has done so is with text-to-speech app Voice Dream Reader.
Apps shift ownership frequently, but not this messily
Apps get bought all the time, and certificate shifts happen frequently. What is less common is the total lack of transparency by the buyer. The lack of a "goodbye" post from the original developer is unusual, but tied with the actions of the new owner, there are more questions than answers -- and the answers that exist are hazy and not good for users.
At the moment, AppleInsider recommends that users either keep the 5.0.48 version that lacks the telemetry, until at the very least the new developer is more forthcoming. We are expecting a shift to a subscription model given the new owners' modus operandi, and in-app purchase prices have already increased.
As far as a replacement goes, the reddit thread suggests a few. Alternatives include open source Ice, Hidden Bar, Barbee, and for some use cases of the original app, the excellent BetterTouchTool.
Update June 5, 12:09 PM ET: Patrick Wardle reached out to AppleInsider to clarify his involvement in the saga, which as it turns out is not quite how CoreCode represented it in the Reddit thread.