macOS

Nuke Chrome's Intrusive Update

If you’ve used Chrome you might not be aware that it comes with a software called Google Updater, and this updater secretly “calls home” on a regular basis and downloads updates to your Google software without either asking before, or notifying you after, doing so. In Developer circles, this is considered very shady practice. Users should be asked for consent and informed when software makes changes to either itself or the user’s computer, and ideally those notifications should tell the user what has been changed and how the changes could impact them.

Check Google Updater settings

Open Terminal and type:

defaults read com.google.Keystone.Agent

If you have the Chrome browser, the output should be something similar to:

{
ActivesInfo =     {
    "com.google.Chrome" =         {
        LastActiveDate = "2017-08-29 14:10:05 +0000";
    };
    "com.google.Keystone" =         {
        LastActiveDate = "2017-08-29 14:10:06 +0000";
    };
};
ReportingAttributes =     {
    "com.google.Chrome" =         {
        "_numaccounts" =             {
            aggregation = 0;
            expiresAt = "2017-09-26 14:10:05 +0000";
            type = KSUnsignedReportingAttribute;
            value = 1;
        };
        "_numsignedin" =             {
            aggregation = 0;
            expiresAt = "2017-09-26 14:10:05 +0000";
            type = KSUnsignedReportingAttribute;
            value = 1;
        };
    };
};
checkInterval = 18000;
"firstRun-1.2.7.43" = "2017-08-29 14:10:06 +0000";
}

Each and every time you open Google Chrome it will check whether or not the updater is installed, and if not, it will reinstall it.

You can change it's settings to a more sparse update check interval. As you can read above the default interval is 18000 seconds, that is each 5 hours.

You can do that by running this command:

defaults write com.google.Keystone.Agent checkInterval 2592000

That will change the updater interval to one month. But the aim (here) is to remove the updater completely. To do that continue reading.

The updater

The updater is installed into your user's Library folder ~/Library/Google/GoogleSoftwareUpdate/. As I said before, you can simply delete this folder, but when you restart the browser it will recreate everything. So no joy with this approach. Another alternative to the nuke would be using a firewall like Little Snitch or Murus or any other decent firewall.

There are two binaries in there that phone home. One is:

~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch

The other is:

~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/Google Software Update.app/Contents/MacOS/GoogleSoftwareUpdateAgent

Uninstall and Null the Updater

First of all, copy these instructions and close Google Chrome. Or open this page using Safari then close Google Chrome.

The trick is to uninstall it, then remove Chrome's ability of creating this folder. Let's first uninstall it.

From the Terminal open the folder in question, so we can see the "magic" happening:

open ~/Library/Google/GoogleSoftwareUpdate

Finder will open the GoogleSoftwareUpdate folder. Now uninstall it with:

~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/Resources/ksinstall --nuke

We can use --uninstall as a uninstall option. But my guess is that --nuke will simply nuke/purge everything including the settings for the updater. So I'll go for nuke!

After you issue the uninstall nuke command the GoogleSoftwareUpdate will simply disappear.

Now we create an empty file with that name in that directory using the root account and change it's permissions/ownership so only the root account will have access to it. This way our user's account (and thus Chrome) will have no rights to write/change it. Google Chrome will simply be denied access to that path, and the updater will not reinstall. To do that issue the following commands:

sudo touch ~/Library/Google/GoogleSoftwareUpdate
sudo chown root:wheel ~/Library/Google/GoogleSoftwareUpdate
sudo chmod 400 ~/Library/Google/GoogleSoftwareUpdate

Use ls to check the file's permissions:

ls -lsa ~/Library/Google/GoogleSoftwareUpdate

The output should be something similar to:

0 -r-------- 1 root wheel 0 Aug 29 11:41 /Users/mach/Library/Google/GoogleSoftwareUpdate*

And here is Chrome winning about it in the Console log:

8/29/17 11:41:39.673 AM Google Chrome[1592]: KSPaths file in the way of subdirectory. [com.google.Keystone.SharedErrorDomain:1003 - '/Users/mach/Library/Google/GoogleSoftwareUpdate' - 'KSPaths.m:720']

8/29/17 11:41:39.673 AM Google Chrome[1592]: KSBundle could not obtain user bundle path. [com.google.Keystone.SharedErrorDomain:1201 - 'KSBundle.m:44'] (KSPaths file in the way of subdirectory. - '/Users/mach/Library/Google/GoogleSoftwareUpdate' [com.google.Keystone.SharedErrorDomain:1003])

Goodbye automatic Chrome updates... won't be missed.

Revert to How it Was

Close Chrome and delete the empty file:

sudo rm ~/Library/Google/GoogleSoftwareUpdate

Re-open Chrome. Chrome should now be phoning home again regularly . 0.o