Bartender Developer Explains and Apologizes for Quiet Acquisition

Originally published at: Bartender Developer Explains and Apologizes for Quiet Acquisition - TidBITS

After two days of uproar, the original developer behind the popular Mac menu bar utility Bartender has apologized for not being more upfront about selling the app to a development company.

I’ve read some of the furor on this botched communications. Some sources are saying that they not only updated the application signature, but that the new owners have suddenly (and stealthily) added telemetry collection to the product - apparently without the means of opting out. Has that concern been confirmed or addressed?

What’s the latest release you can download that is from before the acquisition, and doesn’t include the new Amplitude telemetry framework? Is it https://www.macbartender.com/B2/updates/5-0-51/Bartender%205.dmg?

The reddit article gives links for previous versions, but also says that the size of 5.0.51 jumped from 8 to 10 MB when the telemetry was added and it was re-released.

The version of 5.0.51 I just downloaded is 9,894,676 bytes in the .dmg. codesign says it was signed by Surtees Studios Limited (8DD663WDX4). The app was created in January. So is this one safe?

I’m an extremely long-time Bartender user. I hope this doesn’t sound like I’ve donned my tinfoil hat, but I am concerned that there is no assurance that the above statement actually comes from Ben Surtees.

It seems likely that both sites where this statement was posted are currently under the control of Applause. As a commenter on the original Reddit thread has pointed out, an ICANN lookup indicates that the registration of surteesstudios.com was updated in February 2024, and that domain is currently redirecting to macbartender.com (try loading https://www.surteesstudios.com/foo and you are taken to a 404 page on the macbartender.com domain). People are reporting that emails to the original developer’s bens@surteesstudios.com email address have been bouncing for months.

If the new owners ghost-wrote or straight-up manufactured this statement, that’s a terrible move. If the original developer is not available to comment, then the new owners should be honest about that.

If the original developer ChatGPT-ed the statement himself, then so be it! But after all the obscurity, I’m not finding a generic-sounding statement posted to websites apparently no longer in control of the original developer very reassuring.

I don’t personally think Applause is a malware or spyware risk. I think they are what they appear to be: a business that buys up niche apps and then squeezes money out of them. But the kind of permissions Bartender relies on make trust in the app developer far more crucial than for the kinds of mobile apps Applause built its business model on. Applause’s other recent acquisitions have also not been without uproar: I wish Voice Dream Reader a bright future, but they have breached Apple’s Guidelines. Apple must protect consumers with swift action – Mosen At Large.

(I’m also a very-long-time TidBits reader and this, of all things, is what finally drove me to make an account! Sorry, lurker by nature!)

At this point I’m out. Bartender, which always seemed to have good support, is getting deleted. Too many shady-sounding aspects to this to leave it on my computer.

It’s too bad. I’ve used Bartender since version 1 which I bought in 2012 and paid for every update since then.

Kevin

I blocked Bartender v5 in Little Snitch; seems the least I can do, short of deleting BT5 wholesale. Regardless, it sure looks like BT is on its way out as the new owner can’t be trusted. Too bad, I sure like BT’s functionality.

Update: I just uninstalled BTv5 and got “Hidden Bar” from the Mac App Store. Very basic, but it does the essential thing.

Trust arrives on foot, but leaves on horseback!

I rolled back to .48 and removed all the rules in little snitch to make sure to check where it was trying to talk to.

Hah, that explains why Bartender 5 keeps trying to connect to Amplitude, which was blocked by Little Snitch. I was completely unaware that Bartender changed hands.

Do these excepts from a Mastodon thread by Craig Hockenberry completely reflect your concerns about Bartender’s permissions or do you have additional concerns:

The problem with Bartender is that you are giving Accessibility and Screen Recording permissions to an unknown entity. With Accessibility APIs you can control the Mac (including other apps). With Screen Recording APIs you can see everything that’s happening. Both of those things require trust, and the new owners being silent about the matter does not gain that. I wouldn’t touch it with a ten foot pole until that communication happens.

Also remember that Bartender is not running in a sandbox, so it has a lot more access to the system than something from the Mac App Store.

Like being able to establish network connections without entitlements. Or accessing data outside of the app’s container.

And since it’s likely the app launches automatically and runs continuously, it’s trivial to exfiltrate anything that’s collected.

At this point, it feels like someone bought a really nice back door.

The app is a tiny utility. The statement on the Surtees Studios website about

I came to the realization that supporting all the users and maintaining the app at the high standard I expect and you deserve was too much for one person

sounds like BS. Every developer can do whatever they want with their apps. But at least they should be honest.

After reading this Mastodon thread I’m wondering how you deleted it.

Did you simply drag the application to the Trash, or did you also delete any associated files, perhaps with help from Hazel?

I’ve used Little Snitch to disable outgoing connections from Bartender 5. In the longer term I’d like to see Apple offer this kind of utility built-in to the OS, or better still, get rid of the notch!

I use App Cleaner, as mentioned in that Mastodon thread. I’ve had good results with that for quite some time now. (Previously I used AppZapper, but if I recall correctly it’s no longer supported and that’s why I switched.)

I guess I’m not as worried about the permissions it has being a problem as I can always change them in settings myself. I’m not at my Mac now, but will of course check them, too.

Kevin

What’s puzzling to me is that the company that bought the app, Applause, supposedly buys apps all of the time and is supposed to make the transition easy for the developer. You would think with that experience, they wouldn’t botch the transition.

I’ve disabled the check for updates option and will stick with 5.0.49. No reason to give them even more info they can sell to trackers. Hard to tell why the original dev sold it though. I will have to look into the GitHub alternative though.

I’ve switched to ice.

The only thing I’ll miss of Bartender is the “search for menu item” feature but I expect that to come to ice in due course.

Terrible name, though, ice. Talk about unsearchable and undiscoverable.

[Just moving this over from a separate thread to keep everything in one place—I didn’t want to preserve chronology when moving it because it would have sorted before the original article. -Adam]

Just FYI for all; I’ve been using this app for a while, again especially after getting the MacBook Air with the notch.

Popular Mac app Bartender appears to have been quietly sold approximately two months ago, with neither the prior owner nor the current owner providing customers or potential customers with information on the sale.

The transaction came to light after some Reddit users saw a warning from MacUpdater letting them know that the company behind Bartender had been silently replaced. MacUpdater warned users that updates to the app from version 5.0.52 could be potentially unsafe due to the lack of transparency surrounding the situation.

Bartender’s new owners replied to the Reddit thread and confirmed that Bartender had been acquired, but did not explain why customers had not been notified nor why there had been a certificate change without said explanation.

This was discovered initially by MacUpdater and there is a long reddit thread about it, with a summary at the top:

And, while I haven’t tried it myself yet, for those interested there is apparently an open-source possible alternative called Ice (which requires Sonoma):

(This I learned in a mastodon post by Steve Streza.)

I installed Ice and uninstalled Bartender yesterday. For me Bartender is/was better, particularly for dealing with the way Apple deals with icons that would be behind the notch. It’s too bad Apple hasn’t dealt with this better - for a while today I couldn’t access all of the icons there, including OneDrive, and once OneDrive is running the only way to access its settings (that I could find) is to option-click the icon - opening the app again simply opens the OneDrive folder in the Finder.

I thought about trying to find an older version of Bartender until it stops working, but then I figured that was just a long wait until something changes and an update would be required. I may still go back to that if I can’t manage the menu bar with Ice - but I think I have it working ok, with the search icon banished, WiFi, battery, and fast user switching icons put in control center, the date removed from the clock icon (and I may switch to analog to get a bit more space), and using terminal commands to change the default spacing between icons in the menu bar. Which, for the curious, is supposed to be:

defaults -currentHost write -globalDomain NSStatusItemSpacing -int *X*
defaults -currentHost write -globalDomain NSStatusItemSelectionPadding -int *X*

Where “*X*” is the spacing that you want; apparently “6” is the default spacing (at least on my M2 MacBook Air) from the testing I’ve done with changing these values. I should add that you need to logout/login to have the changes take effect. The instructions I read online suggested that “killall ControlCenter” would make the changes, but it doesn’t for me.

I did use AppCleaner to remove Bartender, and that seemed to get everything, but I did first turn off the settings in Settings / Privacy & Security (under Accessibility and Screen & System Audio Recording) that Bartender has you set to allow it to work.

MacRumors today posted an article with info on six potential alternative apps (including Ice), plus a link to a tutorial on how some of Bartender’s functionality can be replicated using BetterTouchTool (which keeps revealing itself to be a far more versatile utility than it appears on the surface.)

I just added this bit to the piece, confirming my belief that the post from Ben Surtees was legitimate.

Since the initial publication of this piece, I have corresponded via email with Ben Surtees, who confirmed that he wrote the post:

I did write the post, to try and help clear up some of the concern caused by the lack of clarity. I also linked this to the same on surteesstudios.com so people could tell it was me (surtees studios is still mine). The reason the base url redirects is so that people looking for Bartender support get to the bartender website, in some of the license emails it linked to surteesstudios.com

He also said that he had spoken to Applause about the addition of the Amplitude digital analytics framework, which he believes they added purely “to get an idea of the user base.” He didn’t believe they thought it would cause such an uproar, which it probably wouldn’t have without the signing certificate issue drawing attention. I have also reached out to Applause and will update this article if I hear back.