Yesterday, I wrote about this strange privacy bug on Apple’s system. It turned out NOT to be a bug after all. It is more of a quirk on how macOS works.
Mac App Store apps can be pirated!
Let’s say you purchased an app (under your Apple account) through the Mac App Store and downloaded and installed that app on your Mac. You can then:
- Copy that app from macOS’s “Applications” folder into an external USB disk
- Insert the external USB disk into another person’s Mac.
- Copy that app from that external USB disk into ANY folder in the other person’s Mac.
Surprisingly, even if that other person did NOT pay for that app under his/her Apple account through the Mac App Store, the copied app will still work on his/her Mac!
So, does that mean that any purchased Mac App Store apps can be pirated since it will still work on any Mac?
If you think you can pirate Mac App Store apps, think again
If you think this quirk of macOS allows you to pirate Mac App Store apps, you will want to reconsider.
Every app that you download from the Mac App Store (whether free or purchased) embeds information about your Apple ID. So, if you distribute that app widely, it can be traced back to your Apple ID.
What happened yesterday?
Kids from a school were airdropping the Big Day Countdown + app into each other’s Mac. That app is a paid one purchased from Mac App Store under someone’s Apple account. In fact, that app has spread far and wide among kids in that school.
That widely-distributed Mac App Store app eventually made its way accidentally (through iCloud sharing and syncing) into my communally shared Mac in another user’s account. That app was copied into an obscure folder. That was why I could not find it in my Mac’s “Applications” folder.
Here is the interesting part…
macOS detected the presence of that widely-distributed Mac App Store app (that was stored in an obscure folder) and attempted to update that app through the Mac App Store. Because the Apple ID of the original person who purchased that app (through the Mac App Store) is embedded into that widely-distributed app, the update process asked me for the Apple ID password of that original person. In other words, that widely-distributed app will still work, but it cannot be updated.
This explains the symptoms I saw yesterday.
Quirk in macOS
So, this is not a bug in Apple’s backend system. It is a quirk on how macOS works.
In a way, I understand why that quirk exists. Let’s say you have a Mac with multiple user accounts, each with a separate Apple ID. Let’s say one of the users purchased and installed an app through the Mac App Store under his/her Apple account. That app will work for every other user on the Mac, even though only one of them purchased that app. You can call that a quirky feature of macOS since it is designed to be a multi-user operating system.
If macOS refuses to run a Mac App Store app that is downloaded from another user’s Apple account, this quirky feature of macOS will fail. But this quirky feature means that Mac App Store apps can be pirated. But as I mentioned above, whoever tries to pirate a Mac App Store app will be caught because his or her Apple ID is embedded in that app.
So, that solves yesterday’s mystery!