About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Learning Curve

Trial Software for a Tenner a Month?

But there's room for it, and it wins awards.

Get It

Try It

Setapp wins awards, and it's an interesting idea, but is it viable?

Something crept in when Apple tried to smother the ISV market. Access to the computer desktop is coveted - Steve Bass and Bill Gates once put up their dukes, over a silly little icon on the Windows desktop. Payment processors customarily take ~10+% for managing and safeguarding transactions. Now Apple wanted 30% for the same thing. But of course they never put it that way. No, they let you, dear independent software vendor, keep 70% of your money.

Sounds like a deal you can't refuse - and for many it is. And no protests are ever heard from the 'Mac community'. Certainly not how the new 'Net Nanny' strictly controls what gets put up on that App Store.

Other suppliers cropped up of course, mostly for mobile platforms. Some took 30% too, as Apple showed them it was possible. Other suppliers take nothing at all. But people love their Apple gadgets!

It's all about exposure. All the marketing in the world can't compete with what's already on the desktop. And for Mac users, it's a wonderful ecosystem. So that's that, right?

Well, perhaps not. Enter one Oleksandr Kosovan of 'Clean My Mac' and 'MacHider' fame.


MacHider was a silly app. It's reviewed here. CleanMyMac was... well... It's reviewed here.

But Setapp is not software by Oleksander. It's a type of 'App Store' that Oleksander (of Kiev, New York City, Santa Clara, take your pick) where you get to 'subscribe' to titles that are otherwise available as shareware...

It might work...

Adam C Engst of TidBITS wrote about it a while back.

'I know, some people really don't like subscriptions. I get it. But sometimes the value proposition is compelling. For many people (me included), paying $9.99 for a month of Netflix beats buying a movie on iTunes for that $9.99 (or more). It's the same with Spotify or Apple Music - you can play a lot of music in a month for the same price as purchasing a single album on iTunes.'

The Setapp website offers some rather above-average pieces on computer maintenance and use, and these don't fall into the broad and welcoming category of pointless clickbait. The Setapp 'app' and the Setapp website are classy creations. A lot of effort has been put into both - as has been put into product marketing.

There are currently 109 applications in Setapp. So it'll take a long time to go through them all.

Shawn King of the Dalrymple vehicle 'The Loop' wrote a promo on 20 February of this year.

'I'm a big fan of the company behind Setapp, Ukrainian-based MacPaw... The list of available apps has grown immensely over the past year...'

But the comments weren't as enthusiastic.

'Same here. There was only one more app I liked and didn't own, so I cancelled and bought the app. Nice idea, but there just aren't enough good Mac apps.'

'$10/month to rent shareware?'

But Shawn was right to Setapp's defence.

'That's one way of looking at it. It's incorrect but you go right ahead and think that way. No one is forcing you to pay the money. You're more than welcome to pay for any of the apps at their full price. Lots of people think the $10/month is reasonable. It's OK that you don't. But please, try and represent it for what it is - it's not renting shareware.'

Whether that was an incorrect assessment is left to the reader.

Setting Up Setapp

So it's free (at least for a while). And one is naturally curious. So let's go - let's see what we find.

And we're up.

What you might miss is that, on some platforms, Setapp goes into /Applications without a murmur. Yes, /Applications is protected by an XA, but check the permissions. Isn't this what MOAB objected to over ten years ago?

Do yourself a favour and change all those permissions (/Applications, /Library, et al) at root to 0755. If something should burp, deal with it then. So you'll know what's going on.

Rocket Typist

Rocket Typist was chosen from Setapp for no particular reason - it was accessible and high on the short list.

This is what Rocket Typist looks like.

So let's try to find out more about the app!

Oops. OK. One more app tested, then it's time to uninstall everything, including Setapp itself. Let's see what happens.

After all, it's good to know if an app can clean up after itself, right? (Some astute readers may have already divined the punchline - hold on.) The option to be selected was of course 'Uninstall Completely'.

So how well did Setapp do?


You probably wouldn't notice this, or even think about it, but Setapp did more than move itself into /Applications - it also created the directory Setapp at the same level. This is where it puts all the apps you decide to use.

And yes, Setapp cleans away both its own image and the directory /Applications/Setapp on complete uninstall. That's the not the problem.

The problem is the (currently) 109 apps in the package. Setapp won't be watching what they do to your system. Oleksander says he's very selective about what apps get into Setapp, but check the reviews here for MacHider and CleanMyMac and decide yourself what that means. Tracker found 6429 items created or modified by this brief test. Six thousand four hundred twenty-nine.

But one more app in Setapp was tested, and this might lend a clue as to what waits within Oleksander's latest offering.

Disk Drill

Disk Drill was chosen because it was interesting - and potentially useful. The prospect is an app that can 'unerase' (as Peter Norton once put it) files already deleted on a number of different file systems. That's gotta be interesting!

Disk Drill would need to get into your private parts. Of course it will. It's expected to go down to kernel/driver level. Just be sure you have a way of keeping track of what it's doing.

And so, several hours later, and yes it takes hours, one finally arrives at this pleasant screen.

And this is when another punchline hits - namely that you still can't do a thing.

The statistics offered - 60,226 'reconstructed files', 219,020 'existing files', 18,537 'labeled files' (?) - are as from a science fiction novel. The system in question is used only for testing software. The user root area, including Xcode's woefully misplaced documentation, contains only 34,000 files (whereof 9,000 go to Xcode). The numbers are simply not accurate, not even close.

A few feeble previews are available, but they're not of much help. This, says Disk Drill, is a recently deleted file. It's not.

Here's another.

This file does not exist on the host system, never has existed on the host system, and never will either.

A scan with Xscan shows that in fact one (1) such 'ICO' file does exist - in /System/Library/Frameworks/Python.framework
- but it's timestamped as being created 31 July 2016, inode info last updated 24 September 2016, contents last modified 31 July 2016 when it was created, and last accessed now.

The information provided by Disk Drill is entirely bogus.

Here's another example of the same thing (and there are countless examples):

There are eight (8) 'BMP' files on the system, part of Tk.framework and, in one case, Python.framework, but they're all, save for the Python BMP, last-modified in 2008 (!). (The Python BMP is stamped as the 'ICO' file: the date of the OS install.)

There have been no system overwrites. The Disk Drill info is simply bogus.

Most importantly - most tragically - you can't do anything. You can't unerase. You can't put the app through its paces. But given that the preview info was already highly suspect, there's little temptation to go any further.

Disk Drill did a lot of work, as evidenced from its log files.

I 2018-03-04T09:03:44 CleverFiles daemon starting, version
I 2018-03-04T09:03:44 Disk disk2 (-null-) appeared.
W 2018-03-04T09:03:44 Disk disk2 is not monitored. No volume path.
I 2018-03-04T09:03:44 Disk disk2s1 (-null-) appeared.
W 2018-03-04T09:03:44 Disk disk2s1 is not monitored. No volume path.
I 2018-03-04T09:03:44 Disk disk2s2 (/Volumes/DiskDrill) appeared.
I 2018-03-04T09:03:44 Disk -null- (/home) appeared.
W 2018-03-04T09:03:44 Disk -null- is not monitored. No bsd name.
I 2018-03-04T09:03:44 Disk -null- (/net) appeared.
W 2018-03-04T09:03:44 Disk -null- is not monitored. No bsd name.
I 2018-03-04T09:03:44 Disk disk0 (-null-) appeared.
W 2018-03-04T09:03:44 Disk disk0 is not monitored. No volume path.
I 2018-03-04T09:03:44 Disk disk0s3 (-null-) appeared.
W 2018-03-04T09:03:44 Disk disk0s3 is not monitored. No volume path.
I 2018-03-04T09:03:44 Disk disk0s2 (-null-) appeared.
W 2018-03-04T09:03:44 Disk disk0s2 is not monitored. No volume path.
I 2018-03-04T09:03:44 Can't monitor volume /Volumes/DiskDrill.
I 2018-03-04T09:03:44 Disk disk0s1 (-null-) appeared.
W 2018-03-04T09:03:44 Disk disk0s1 is not monitored. No volume path.
I 2018-03-04T09:03:44 Disk disk1 (/) appeared.
I 2018-03-04T09:03:44 Can't monitor volume /.
I 2018-03-04T09:03:45 RV opens device /dev/rdisk0, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:03:45 RV opens device /dev/rdisk0s1, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:03:45 RV opens device /dev/rdisk0s1, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:03:45 RV opens device /dev/rdisk0s2, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:03:45 RV opens device /dev/rdisk0s3, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:03:46 RV opens device /dev/rdisk0s3, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:03:46 RV opens device /dev/rdisk0s2, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:03:46 RV opens device /dev/rdisk1, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:03:47 Disk -null- (private/var/folders/*/***/T/.DDPreviewDisk) appeared.
W 2018-03-04T09:03:47 Disk -null- is not monitored. No bsd name.
I 2018-03-04T09:03:47 RV opens device /dev/rdisk2s1, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:03:47 RV opens device /dev/rdisk2s2, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:03:47 RV opens device /dev/rdisk2s1, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:03:48 RV opens device /dev/rdisk2s2, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:04:01 RV opens device /dev/rdisk0, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:04:03 RV opens device /dev/rdisk0, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:04:10 RV opens device /dev/rdisk0, flags:0, mode:0, fd:16, errno:2.
I 2018-03-04T09:05:55 RV opens device /dev/rdisk0, flags:0, mode:0, fd:16, errno:2.
2018-03-04 09:03:45.759 Disk Drill[5035:21651] 197	0	0	0
2018-03-04 09:03:45.759 Disk Drill[5035:21651] 9	100	0	309
2018-03-04 09:03:45.759 Disk Drill[5035:21651] 5	100	0	0
2018-03-04 09:03:45.759 Disk Drill[5035:21651] 1	100	0	0
2018-03-04 09:03:45.759 Disk Drill[5035:21651] 175	100	0	2572300
2018-03-04 09:03:45.759 Disk Drill[5035:21651] 12	100	0	8093
2018-03-04 09:03:45.759 Disk Drill[5035:21651] 194	65	0	35 (min 17/max 74)
2018-03-04 09:03:45.759 Disk Drill[5035:21651] 169	100	10	174065376
2018-03-04 09:03:45.759 Disk Drill[5035:21651] 192	100	0	20
2018-03-04 09:03:45.759 Disk Drill[5035:21651] 173	196	100	9633841
2018-03-04 09:03:45.759 Disk Drill[5035:21651] 244	0	0	0
2018-03-04 09:03:45.774 Disk Drill[5035:21651] Opened volume, examining each partition
2018-03-04 09:03:45.774 Disk Drill[5035:21651] Found unallocated space started at 0, size 20480
2018-03-04 09:03:45.776 Disk Drill[5035:21651] Found EFI System Partition (0), filesystem fat32, offset 20480, size 209715200
2018-03-04 09:03:45.777 Disk Drill[5035:21651] Volume: /dev/disk0s1 (EFI,EFI System Partition) mounted: not mounted
2018-03-04 09:03:45.825 Disk Drill[5035:21651] Found Customer (1), filesystem hfs, offset 209735680, size 120101797888
2018-03-04 09:03:45.828 Disk Drill[5035:21651] Volume: /dev/disk0s2 (Customer,Customer) mounted: not mounted
2018-03-04 09:03:45.835 Disk Drill[5035:21651] Found Recovery HD (2), filesystem hfs, offset 120682803200, size 650002432
2018-03-04 09:03:45.844 Disk Drill[5035:21651] Volume: /dev/disk0s3 (Recovery HD,Recovery HD) mounted: not mounted
2018-03-04 09:03:45.846 Disk Drill[5035:21651] Found unallocated space started at 236978136, size 20480
2018-03-04 09:03:45.846 Disk Drill[5035:21651] Found GPT protective partition on position 0 in MBR.\
                                               It starts at sector 1, length is 236978175 sectors.\
                                               For MBR sector size is always 512 bytes.
2018-03-04 09:03:45.846 Disk Drill[5035:21651] GPT area starts from sector 34 to sectors 236978142, sector size is 512 bytes.
2018-03-04 09:03:45.846 Disk Drill[5035:21651] GPT table starts from sector 2 and length is 32 sectors.\
                                               Table contains 128 entries, entry size is 128 bytes.

But its count of files of any sort is wrong, its findings are patently bogus.

Cleaning Up

Cleaning up after abortive software tests is not impossible, but it can't be done with default Mac tools or with any of the 'App Remove/Delete' apps that flood the market.

What's important is to remember that even though Setapp does a decent job of tidying up after itself, it does not and cannot claim responsibility for the 100+ apps it peddles. This is something you have to do on your own. Can you manage?

Phoning Home

The Setapp binary has a number of embedded addresses. Can be good to know. (Little Snitch anyone?) But communication with the mother ship is part of the way Setapp works.



As the setup binary is not a release binary, we get acquainted with the author.

/NSURL+Constants /Users/bamboo/bamboo-agent-home/xml-data/build-dir/AFX-STINST-JOB1/SetappInterface/SetappInterface/SystemManagement

Bottom Lines, Caveats

Obviously, lots of ISVs are not enthusiastic about Apple's App Store. Apple created a group of hermetically sealed mobile devices, all rumoured to originate on Planet Groovy™. Security was initially abysmal - everything running as root, the infamous passwords 'Alpine' and 'Dottie' - but then Apple introduced code-signing. And with that - and with mobile kernels insisting on code-signing, and with that code-signing requiring a root certificate from Apple - the 'walled garden' was a fait accompli. The lockdown was in place.

Apple have always been at odds with the 'open' ideas found elsewhere, on FreeBSD, Linux, and even Windows. No other platform tried to lock hardware to software. Apple had their 'Open Darwin' for a while, run by Apple employees, but it fell apart.

Apple have always been infamous for spiting the industry as a whole. From Steve Jobs arbitrarily changing Best Buy orders to placing limericks in kernel code, Apple's behaviour hasn't exactly been inspiring.

Then came the move to Unix and NeXTSTEP, even though it took a full five years to get a finished product out the door (and thereby give that nasty Microsoft an easy walkover victory for the desktop). GUI internals and externals were deliberately dumbed down. (Apple's HI people found NeXTSTEP too challenging for their traditional clientele - let that sink in.)

The Apple App Store looks great for the mobile user. And for the Mac user. It's so accessible, so easy to use. But what's missing are the 'cracks' - the stuff Apple don't want you to see. Apple won't let anything go up that makes them look bad.

You can't have privilege escalation. That's pabulum on the Unix system. But here you can't do it. You can't get into the guts of the system. And heaven forbid if your product makes Apple look stupid.

Apps in the App Store have to do things the same way as Apple - and if Apple, on a whimsy, suddenly decide they want to do things differently, then the ISVs have to follow suit or find themselves out.

There's no freedom in Apple's App Store. So yes, something like Setapp has a chance. But what are we really looking at here?

At the one end, we have the old sites like Version Tracker. Which basically was a way to check software versions and update if necessary, but became the #1 source of ISV products.

MacUpdate came along, trying to wedge into the market. Their great idea was to promise to put stuff online faster than Version Tracker. Which was easy, as Version Tracker ran a very tight ship (with a great staff) and made sure things were OK before going public. Whereas MacUpdate didn't check anything - beforehand that is. (But after the fact would remove stuff they didn't like - if and when they got around to it.)

Version Tracker ultimately melded into CNET (and got forgot) whilst MacUpdate pulled that good old 'bait and switch' trick. And then suddenly Steve Jobs was showing off three new products rolled into one, and the world was no longer the same.

Current Apple CEO Tim Cook says he doesn't even understand why people want a computer anymore. Scott Forstall's crew who created that first iPhone have now evolved into a group who after the fact make changes in OS X / macOS, and Apple no longer boast of a dedicated computer OS department.

A full 2/3 of Apple's considerable revenues come from mobiles. Yet 'Mac' sales still bring in considerable cash. And Cupertino spoke recently of a wet dream of 'unifying' their platforms - they want their App Store to take off for computer users as well.

So yes, there is a niche available for products like Setapp. And Oleksander and his people, such as Julia Petryk who's doing their PR, are working hard to make things work.

Alarmingly, no one in the 'Mac community' protests against the authoritarianism of the App Store, despite the obvious issues. Once it's found what Apple intend to do with their computer OS - they can wield their 'kill switch' at any time - sporadic brave voices may yet be heard.

'Freedom' and 'Apple' are supposed to be synonymous, aren't they?

Since the Mac App Store hasn't universally delighted users and developers, there's room for Setapp.
 - Adam C Engst
Please, sir, I want some more.
 - Oliver Twist

About Rixstep

Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.

Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.

All Content and Software Copyright © Rixstep. All Rights Reserved.

John Cattelin
Media Contact
ACP/Xfile licences
About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.