Steven Redden, Theresa  Gauvin and Brittany Lawrence. 

ADAM ENGST 23 December 2024

The latest installment in the story of how bootable Mac backups will eventually disappear started with a blog post by Shirt Pocket Software’s Dave Nanian. In it, he explained why SuperDuper could no longer make bootable duplicates on M-series Macs running under macOS 15.2 Sequoia, blaming Apple’s asr (Apple Software Restore) utility. This tool is the only way to create a bootable backup.

I read Nanian’s blog post shortly before publishing the final TidBITS email issue of the year, so I only had time to write a short warning (“macOS 15.2 Sequoia Breaks Bootable Backups in SuperDuper,” 16 December 2024) and add a proviso to my suggestion in another article (“OS X.2 Updates Boost Apple Intelligence and More,” 11 December 2024) that now was a good time to upgrade to macOS 15:

Until Apple fixes the bug or we learn more about what’s going on, anyone relying on a bootable backup—as opposed to a data-only backup—should hold off updating or upgrading.

Such is the problem with deadlines. I was curious if the problem with asr affected other backup apps like Carbon Copy Cloner and ChronoSync, but no information was available at that point. However, now that the necessary details have emerged, I have updated my recommendation on updating and upgrading.

Tests Confirm Problems on M-Series Macs

First, I confirmed that the problem was real but limited to M-series Macs. On my Intel-based 27-inch iMac, SuperDuper had no problem completing a backup, and I was easily able to boot my iMac from that backup. However, when I tried the same backup on my M1 MacBook Air, SuperDuper failed quickly with the Resource Busy error that Dave Nanian mentioned.

I also verified that changing SuperDuper’s settings to use the standard “Backup – all files” script with the Smart Update copying option successfully created a data-only backup of the M1 MacBook Air.

Next up, I tried ChronoSync. It wasn’t encouraging to start, with its assistant warning me, “Note: Bootable Backups have been losing relevance on recent versions of Apple hardware and will eventually not be supported. You should consider creating a Data Volume Backup instead.” The app’s developers weren’t being alarmist. Two attempts to make a bootable backup failed, and Econ Technologies confirmed that the reason was the asr bug.

Carbon Copy Cloner’s in-app text was similarly down on bootable backups, noting, “Creating a bootable copy of the source OS requires an Apple-proprietary procedure. CCC provides this functionality in a ‘best effort’ manner. Please click the ‘?’ button to the right to learn about the caveats associated with this procedure.” CCC also failed twice, though again, I don’t definitively know why. The destination SSD has worked fine in the past, and SuperDuper’s data-only backup to it completed with no errors, so I don’t believe it’s a hardware problem.

Regardless of whether asr caused these problems, such uncertainty is problematic when it comes to backups. I feel terrible for Shirt Pocket Software, Econ Technologies, and Bombich Software because they’re trying to provide a longstanding feature that users want—bootable backups—and they’re entirely at the mercy of Apple’s asr tool to do so. As we’ll see, Apple has relatively little interest in supporting bootable backups.

From the Horse’s Mouth: No More Bootable Backups

Shortly after I completed my testing, Mike Bombich posted a blog entry that shared information from a 2020 call with Apple. (He had missed the start of the kerfuffle, being away to help a family member when macOS 15.2 shipped.) As he outlines in the post, Apple made it clear that it was willing to address problems associated with making backups “as long as it did not require making a compromise to platform security.”

From Apple’s perspective, allowing system files to be copied inherently introduces opportunities for attackers to modify system components. Since macOS 10.15 Catalina, the separate system volume is immutable, locked, and validated using cryptography—what Apple calls the “signed system volume.” Any method that allows it to be copied onto a bootable drive must preserve the same verification to ensure nothing has changed.

To mitigate this move away from easily making bootable backups, Apple has invested a lot of effort into macOS Recovery and Migration Assistant. It is now trivial and streamlined to boot a Mac into macOS Recovery, install macOS, and restore user files using Migration Assistant. With a separate system volume, a reinstallation just creates a new, secured, immutable volume and then copies your user files to the data volume. Because Apple controls every part of that process, there’s no worry about the security of the system being compromised.

The other aspect of this topic is the value of an external boot drive to an M-series Mac. While Macs with Apple silicon allow booting from external drives, they remain dependent on their internal storage during that process, as Glenn Fleishman wrote in “An M1 Mac Can’t Boot from an External Drive If Its Internal Drive Is Dead,” 27 May 2021.

The fresh information here is that an M1-based Mac relies on its internal SSD to allow external drives to boot. If the internal SSD has failed or been entirely erased—it contains several hidden volumes—you can no longer boot from an otherwise valid volume on an external drive. Why would Apple do this? To increase security.

Mike Bombich closes his post by explaining that Carbon Copy Cloner will continue to support the Legacy Bootable Copy Assistant because it remains useful for Intel-based Macs. But he stresses that no one should base their backup strategy on bootable backups. While Apple may fix the asr bug, the writing is on the wall, with Bombich saying:

Apple made it unambiguously clear that “bootable backups” and System cloning are fundamentally incompatible with platform security.

I’ve been preaching the need to move on from bootable backups since early 2021, when I wrote “The Role of Bootable Duplicates in a Modern Backup Strategy” (23 February 2021). A slightly updated version of the backup strategy I recommended in that article would include:

• Versioned backup: Everyone should make versioned backups using Time Machine to an external drive, preferably an SSD for higher performance and lower environmental noise. Versioned backups are essential for recovering from corruption or inadvertent user error by allowing you to restore an earlier version of a file, a deleted file, or the contents of a deleted folder. Other apps can make versioned backups, but Time Machine backups are particularly useful because of how Apple integrates them into macOS. It’s a quick process to go back in time and select files, folders, or volumes—though the interface is archaic and awkward—and Time Machine snapshots are the basis of migrations and system restores. Time Machine is far from perfect, but it has insider access to technical and security changes in macOS and generally works acceptably.
• Internet or offsite backup: Local backups are worthless if all your equipment is stolen or damaged by fire or water. Historically, the recommendation was to rotate backup drives offsite, but in the modern world, an encrypted Internet backup service like Backblazeis much easier.
• Nightly data-only duplicate: Data-only duplicates are still a worthwhile part of any backup strategy. Duplicating your data every night adds diversity by relying on different software if Time Machine falls prey to bugs, putting a backup on another external drive (don’t configure Time Machine and your duplicate to share a drive), and eliminating the need for special software to restore data. Plus, if you have to switch to another Mac, a duplicate would quickly let you get back to work on your files. Plus, as Dave Nanian pointed out to me in an email, there’s no downside in making a duplicate bootable even if you don’t anticipate relying on its bootability.
• Cloud-based access to key data: Cloud storage is a weak form of backup, and it’s not a required part of a backup strategy because some people can’t or don’t wish to store data in the cloud. But, for many, cloud storage is an excellent way to access essential data from any device or location—and it may offer you a last-ditch way to retrieve lost files. For instance, $9.99 per month gets you 2 TB of iCloud Drive storage, and Apple’s Desktop & Documents Folders syncing feature could make it particularly easy to get back to work on another Mac. A similar amount of money would provide 1 or 2 TB of storage on Dropbox, Google Drive, or Microsoft OneDrive.
• Backup Mac or another device: Given how hard it is for anyone but Apple to repair Macs, if you can’t afford days of downtime, think about what device you could use for your work if your Mac were to fail and how you’d get your data to it. It might be a laptop you mainly use when traveling, your previous desktop Mac, or even an iPad. Just be sure to take your backup device out for a test run before you need it.

I realize that most people won’t have all five of these, so if you have to choose, I recommend Time Machine paired with Backblaze to protect against disasters that would affect your Mac and Time Machine drive. But whatever you do, please make backups. Losing data is a matter of when, not if.

Finally, let’s return to the question of updating or upgrading to macOS 15.2 Sequoia. Assuming you’re willing to change any bootable backups to data-only backups, I think it’s safe to proceed.

Malcolm Owen | May 29, 2022

Other System Data issues in iOS can quickly fill up all available iPhone storage. 

Your iPhone may have low storage because it's been consumed by System Data, which can potentially consume all available capacity. Here's how to regain space when things get too bloated to function. 

Storage capacity is a significant issue for mobile device users. The available space on an iPhone, iPad, and even a Mac a sensitive concern for everyone. 

Users with expansive storage capacities have less trouble with it than most. Those saving money with more modest storage may be more hard-pressed. 

Usually, you can manage apps by offloading or deleting them to save storage. Maintaining stored videos and files, using cloud storage more, and other techniques can also help to tame storage usage. 

Sure, deleting files and wiping the cache of apps can help, but it won't help an occasional problem involving System Data. Sometimes, System Data can grow to a massive size, and there's very little you can do to fix it.

What's System Data on an iPhone?

By checking your iPhone's storage usage, you will find that iOS handily sorts out its data usage into several categories, including Apps, Photos, Media, iOS, and System Data. 

These are all self-explanatory, with Photos and Media consisting of images, videos, and other typical media-style files. Apps refer to apps downloaded from the App Store and caches of data for each, while iOS is the storage consumed by the operating system itself. 

How to check storage usage in iOS

• Open Settings. 
• Tap General, then iPhone Storage. 
• The bar at the top will graphically show you what storage is being used. 
• The list of apps below shows individual app storage usage. Tap each to see the app size and consumption of related files and options to offload the app and delete the data. 
• At the bottom of the list are listings for iOS and System Data.

System Data, and what the Settings app refers to as "Other System Data," includes many files not covered by other categories. 

System Data doesn't usually take tens of gigabytes of storage, but problems happen. 

The definition within iOS is that System Data "includes caches, logs, and other resources currently in use by the system." This doesn't state what the data is, but it can consist of various logs, temporary data stores, and other elements that aren't strictly considered part of any of the listed apps. 

Then some elements are used by iOS but aren't owned by a particular app. For example, downloading different Siri voices or installing fonts can expand this section, but they aren't defined as being used by just one app or the operating system itself.

Why is System Data using all of my iPhone storage?

This data will also "fluctuate according to the system needs." This means that temporary data can be written to the storage as System Data, removed when iOS doesn't need it anymore. 

However, the problem is that you can't see what the types of data used in this category consist of, nor can you delete it. 

Generally speaking, Other System Data can be a few gigabytes in size at first. Depending on how you use the iPhone, it can grow and shrink by several gigabytes over time. 

The bloating problem comes into play if that change in the size of Other System Data continues on an upward trajectory. Over time, some users may see that their iPhone's System Data takes up a lot of space, possibly tens of gigabytes. 

In the case of one AppleInsider writer, Other System Data grew to almost 85 gigabytes, consuming virtually all of the available remaining storage and causing device problems. 

It is unknown exactly why this occurs, but it is likely from one or more caches or logs being continually added to over time. Crucially, these logs may not be deleted at a pace to keep up with writes. 

Left for too long, this can be all-consuming. 

Since there's no way to see what caused it directly or selectively delete problematic System Data elements, users may be left with very few options available. 

How to cut down on System Data usage

You can do a few things to cut down the amount of System Data being used, and they vary in severity of what you have to do to your iPhone and its data. This guide will start with the least intensive option. 

Remember that these are intended to be taken after other reasonable measures, such as deleting unwanted videos or other files to free up space. 

Also, remember to back up your iPhone before continuing. The last thing you want to do is delete precious data when trying to recover space. 

Safari and Messages

The first way is to try and cut down on cache usage by a select number of Apple-produced apps. This can include caches by Safari and Messages, which can sometimes take up the System Data category. 

You can manage Messages and Safari's cache to try and cut down System Data usage. 

For Messages, this could be as simple as opening Settings, then tapping Messages, and scrolling down to Message History. Here you can change how long you "Keep Messages" from "Forever" to a lower figure such as one year or 30 days.

Clearing the Safari Cache is a little bit more involving but still useful. 

How to clear the Safari cache in iOS

• Open Settings.
• Tap Safari. 
• Scroll down and tap Clear History and Website Data. 
• On the warning pop-up, select a timeframe and then tap Clear History.

Per-app caches

On the off chance it is a particular app causing the problem, you could try to delete the app if you have a clue as to what app is being wasteful with space. For example, apps that use a lot of videos can potentially use such caching, but without necessarily deleting the caches afterward. 

Offloading and deleting apps may wipe some errant caches. 

There's no guarantee this will delete the problematic cache capacity you want to be removed. But it should still reduce how much of it is in active use. 

It is advisable to try offloading the app before a full delete, namely removing the app but retaining your related documents and data. 

How to offload or delete apps in iOS

• Open Settings. 
• Tap General. 
• Tap iPhone Storage. 
• Scroll and tap the relevant app. 
• Tap Offload App, then Offload App to confirm. 
• Alternately, tap Delete App, then Delete App to confirm.

Backup Restoration

The nuclear option is to restore your iPhone from a backup. This entails backing up all data on the iPhone, factory resetting the iPhone, then restoring from the backup. 

While you will get back all of your user data and continue to use apps, you may have issues involving two-factor authentication apps and other related problems following a device setup. 

Backing up and resetting the iPhone is the last real option available. 

In the AppleInsider editorial staffer's case, restoring from a backup did solve the problem, so it is worth taking the time to do this if you can. 

How to backup an iPhone and restore from backup.

• To backup the data, connect the iPhone to your Mac or PC, and open either Finder or iTunes. 
• Select the iPhone, then select the General tab. 
• Select "Back up all the data on your iPhone to this Mac."
• Tick "Encrypt local backup" to preserve account passwords and any Health data. 
• Select Back Up Now and wait for it to complete. 
• Disconnect the iPhone. 
• Open Settings and select General then Transfer or Reset iPhone. 
• Tap Erase All Content and Settings. Tap Continue and follow the prompts to complete. 
• After it is wiped, connect the iPhone back to the Mac or PC, open Finder or iTunes, and select the iPhone. 
• Under General, click Restore Backup. 
• Select the most recent backup you just created, then click Restore. Follow the on-screen prompts.

ADAM ENGST 13 December 2024

Apple has integrated ChatGPT into Siri with the second set of Apple Intelligence features that debuted in this week’s operating system releases (see “OS X.2 Updates Boost Apple Intelligence and More,” 11 December 2024). Don’t get too excited.

I’ve been trying to use this feature in the betas and now in the release versions of macOS 15.2 and iOS 18.2, and if anything, it has increased my frustration when interacting with Siri. Worse, I fear that some deeper issues may argue against the integration of Siri and ChatGPT.

Functional Problems

A few of the functional problems I’ve encountered include:

• You must enable ChatGPT separately for each device, so the first time you issue an involved query to Siri on a new device, your query will fail, and you’ll be prompted to enable ChatGPT. It doesn’t feel welcoming.
• On my M1 MacBook Air, I am continually told that ChatGPT is unavailable and to try again later, even while it works fine on my iPhone 16 Pro. My MacBook Air is seemingly cursed because Apple Intelligence summarization never works on it, either. A call to Apple support is in my future.
• For privacy reasons, Siri asks if you want to use ChatGPT on each prompt that goes beyond what Siri can answer internally or with a simple search. That’s annoying, but you can eliminate the confirmation step in Settings > Apple Intelligence & Siri > ChatGPT > Confirm ChatGPT Requests.At least ChatGPT got the general area of Settings right.
• On my M1 MacBook Air, triggering Siri by clicking its Dock icon brings up Type to Siri, and I have to click the microphone button to be able to dictate to it. That’s a change: on my 27-inch iMac, which doesn’t support Apple Intelligence, clicking the Siri button causes Siri to listen to the microphone instantly.
• On the iPhone, you can invoke Siri by holding the side button or using “Hey Siri.” However, if you want to continue the conversation with ChatGPT, you may find that Siri doesn’t always listen while its splooshy animation jiggles around the edge of the screen. Holding the side button down was more reliable but more awkward. Similar animations appear at times when you can’t dictate, too, so you can’t assume fancy graphics mean Siri is listening.
• Depending on what words you use, Siri may give you a seemingly random response or provide Web search results rather than allowing you to engage with ChatGPT. Those random responses may even come during a discussion with ChatGPT. To ensure your prompts go to ChatGPT, say its name somewhere in your prompt.
  
• Although you can talk to ChatGPT using Siri, its responses always come back as text. That’s fine in many cases, but anyone accustomed to ChatGPT’s Advanced Voice Mode (where ChatGPT provides spoken responses) will be disappointed.
• The longer your prompt to ChatGPT, the more likely it is that Siri will stop listening at some point and send whatever it has up to that point. If you think it’s irritating when people interrupt you while you’re speaking, just wait until Siri indicates it’s bored with what you’re saying.
• There’s no way to review the ChatGPT transcript to refer to previous responses—you can see only the last response. However, if you sign into your ChatGPT account in Settings > Apple Intelligence & Siri > ChatGPT, you can view the full transcripts of all your chats. (Signing into my ChatGPT account also fails on the M1 MacBook Air. Cursed, I say!) At least you can delete abortive transcripts that you mistakenly triggered with Siri.

Deeper Concerns

As frustrating as these issues are, I have deeper concerns. Is Siri a good way to interact with ChatGPT? Will increasing the number of ways Siri can mess up reduce our desire to use it? We hoped Siri’s Apple Intelligence enhancements—and particularly the ChatGPT integration—would make Siri less frustrating. Might the reverse be true?

Apple markets Siri as a digital assistant, capable of carrying out simple commands and performing highly directed searches. In my experience, Siri works fairly well for playing music using artist names, controlling HomeKit devices, setting timers, and making reminders. Some searches, such as asking about tomorrow’s weather, also work reasonably well.

But using Siri to trigger Web searches is frustrating, particularly if you become accustomed to using Siri on a HomePod. Such prompts usually generate, “I’ve found some Web results. I can show them to you if you ask again from your iPhone.” rather than a useful response. Also, although Apple has made slight improvements in Siri’s ability to maintain context in a conversation of late, we have 13 years of experience in failure with anything but single, separate commands. If Siri heads off down an incorrect response path, our only recourse is to shut it up with, “Hey Siri, stop,” and then issue a differently worded request rather than redirecting the conversation.

In contrast, ChatGPT cannot carry out commands of any sort, and it’s not a search engine, although OpenAI recently gave paying ChatGPT Plus users access to such capabilities. Much has been written about how generative AI systems get facts wrong and make things up, and that’s not wrong—if you want to search the Web, use a search engine. ChatGPT is far more valuable for analyzing data, creating content, and exploring unfamiliar topics. It’s designed for conversation, with follow-up queries, comments, and additional information necessary for optimal results. Siri and ChatGPT simply don’t do the same sort of things.

Apple doesn’t want us to anthropomorphize Siri, but that’s nearly impossible when speaking to a digital assistant that responds with a natural-sounding voice. So when Siri responds randomly, sometimes stops listening to you before you’re done speaking, and is generally a lousy conversationalist, it’s impossible to avoid the feelings of pique that a person with similar conversational traits would trigger. You wouldn’t keep trying with such a person, and many of us won’t keep trying with Siri either.

What’s up with Siri’s seemingly random responses? In my conversation above, Siri suggested I call emergency services, created a reminder, did a Web search, thought I was asking for driving directions, and was just generally confused a few times. Yes, my prompts were an attempt to speak naturally, but isn’t Siri supposed to be able to handle that now?

If Apple Intelligence is going to improve Siri, it has to understand what’s being asked and do something sensible. In the past, Siri’s failure mode was mostly binary—it either did what you wanted or failed in a predictable way. With Apple Intelligence, Siri seems primed to fail in ever broader and more unpredictable ways, which could reduce our enthusiasm for using it for even simple tasks.

Apple will undoubtedly keep working on Siri, but I worry that it will be too little, too late. From experience, I know that I’m unlikely to retry a particular task with Siri after failing enough times, as has been the case with trying to add text to a note in Notes.

ADAM ENGST 6 December 2024

A longtime TidBITS reader recently contacted me in a slight panic. While searching on his iPhone for an obituary, he tapped a possible result in the Google search results. The site he was sent to displayed several dire-sounding warnings about how his iPhone had been infected.

He freaked out a bit but immediately closed Safari and hoped all was well. However, 10 minutes later, he received an email from 1Password informing him of a sign-in from a new device or browser extension. That threw him for a loop, so he contacted 1Password support, who confirmed it was a legitimate, coincidental message—seemingly unrelated to the malicious site visit.

I want to share how I helped reassure him that there was no reason to worry so you can repeat the process if you or someone you know experiences a similar Web-based malware lure.

Examining the 1Password Notification

I was first curious about the IP address that 1Password identified. When I asked my friend to check it using What’s My IP, he confirmed that it was indeed his IP address as the source of his new sign-in. That confirmed it was at least one of his devices on his network, not a malicious party elsewhere on the Internet.

While it’s not inconceivable that malware could have compromised his device and signed into 1Password from it, it’s quite unlikely due to an extra step 1Password requires: you need both your account password and a Secret Key to log in. (The Secret Key is essentially a second randomly generated password that’s combined with the account password to create the encryption key that protects your data. It’s only stored locally on your devices.) It’s vanishingly unlikely that malware could somehow have exfiltrated the Secret Key from local storage, decrypted it, and combined it with the account password to log in. Nothing is impossible, but malware with such a capability would be used against high-value targets by criminals or governments, not against random people browsing the Web.

I can’t explain why my friend received this notification despite not signing in to 1Password manually on his iPhone or Mac. Research suggests that the message can be triggered by force-quitting Safari, using iCloud Private Relay, clearing the browser’s cache or history, updating the 1Password extension, having a dynamic IP address change (which causes 1Password to think it’s running on a new device or location), or updating 1Password or Safari. Unexplained 1Password notifications seem to be uncommon, so it’s not that these activities will trigger a sign-in notification, just that they might.

Investigating the Malicious Website

Based on years of reading about iPhone security, I’m confident that iOS is hardened against attacks from random websites. In part, this is because Apple’s hardening efforts have been so successful that any ethically challenged person who discovered such an exploit would sell it for millions or use it for targeted attacks against high-profile cryptocurrency holders, as one example. Normal people would report it to Apple.

So I repeated my friend’s Google search and found the site he had clicked as well as several others, all with article post dates of 13 November 2024. The offending site was sloppily built in WordPress and contains what seem to be AI-generated obituaries. You can tell from sentences like “His sudden passing on [insert date] has left those who knew him grappling with loss.” Other signs include the sketchy gambling ads on the pages and the fact that the name of the deceased changes between the title and the text. Oops.

When loaded, the sites quickly started displaying dire-sounding alerts that claimed my iPhone had been compromised—and suggested a system cleaner app or VPN. Here are some examples.

Tapping any of the links loaded a second page that immediately redirected to a system cleaner or VPN app in the App Store. I don’t know if these apps are legitimate, though I have my suspicions. I may be willing to navigate to malicious sites in Safari, but I’m not so foolhardy as to install potentially malicious apps on a non-test device.

I won’t link to these apps, but I have reported them to Apple for investigation.

Lessons

What should we take away from this experience?

• Coincidences happen: My friend was worried because of the 1Password notification, but as far as I can tell, it was merely a coincidence. Just because two events occur close to one another doesn’t mean they’re necessarily related.
• Don’t panic: The Hitchhiker’s Guide to the Galaxy had it right: Just because a website displays an alarming alert doesn’t mean that anything bad has happened. The scammers are trying to bypass your rational mind by invoking fear and danger.
• Close the tab or window: To make the scam website go away, tap Safari’s tab button in the lower-right corner of an iPhone or iPad and close the offending tab. On a Mac, close the window with Command-W. If you can’t get the tab button to appear on an iPhone or iPad, tap near the very top of the page—this often reveals the Safari framing.
• Don’t install random apps: If a website you didn’t intentionally visit suggests that you install an app and then redirects you to the App Store, don’t do it. Although Apple reviews all apps in the App Store, its vetting process is far from foolproof. Examples exist of legitimate apps being erroneously rejected while dubious ones slip through. You should always assess app trustworthiness based on factors beyond its inclusion in the App Store.
• Obituaries are easily faked: Perhaps the most troubling aspect of this scam is how it preys on people who are grieving, particularly the elderly. Since obituaries are often relatively similar, they’re easy to fake, and it wouldn’t be difficult to create a site that would automatically generate obituaries for every imaginable name. (Similarly offensive are sites that leverage obituaries to generate search traffic and thus ad impressions with poor AI-generated obituaries, including of living people.)

Stay alert out there.

ADAM ENGST 6 December 2024

In “Using Apple’s iCloud Passwords Outside Safari” (1 April 2024), I wrote:

Although Apple released iCloud Passwords only for Chromium browsers—and it seems to work equally well in all the variants I’ve tried—the company has done nothing for Firefox users. However, an independent developer named Aurélien Garnier recently published a Firefox add-on also called iCloud Passwords, so that’s an option for those running Sonoma or recent versions of Windows—it doesn’t work for earlier versions of macOS. It’s not yet well-known, with only 716 users last I checked (versus 2 million for the iCloud Passwords Chrome extension), but I’ve installed it and verified that it works. Although I’m a little hesitant to recommend an independent add-on that interacts with a system-wide password store, it’s open source, and anyone can view its code on GitHub.

Those who have been dissuaded from using macOS 15 Sequoia’s Passwords app as their password manager because of a reliance on Firefox can now make the move with confidence: Apple has taken over the previously independent iCloud Passwords add-on for Firefox.

On 4 December 2024, iCloud Passwords for Firefox developer Aurélien Garnier updated the add-on’s README.md file on its GitHub repository with:

The AMO ( addons.mozilla.org) listing of this extension was transferred to Apple Inc. They are now the sole owners in charge of maintaining their own official iCloud Passwords extension. This repository and source code are no longer linked in any way to it apart from historical reasons.

It remains unclear if Apple acquired the code or hired Garnier, although his LinkedIn profile suggests he remains a technical lead at the Web development agency Avicenne Studio in Paris.

I wouldn’t be surprised if Apple replaced this iCloud Passwords add-on with an official version; it could be that the company simply hasn’t gotten around to such a transition yet.

Regardless, it’s a positive move to see Apple extending its password management features to non-Apple browsers and platforms. Although the current iCloud Passwords add-on doesn’t work in Firefox for Windows, it seems likely that Apple will eventually add Windows support to match its iCloud Passwords extension for Chrome.