ShippingamacOSAppOutsidetheAppStore

A system utility has an awkward shape. You want it constantly available, but you almost never want it taking up space. A normal app, with a Dock icon and a window, gets that exactly backwards. So when I built MacGuard, a Mac utility that folds five tools into one, the very first decision was that it would not behave like a normal app at all.

MacGuard has no Dock icon and no window chrome. It lives entirely in the menu bar and opens as a popover panel.

The mechanism is an NSStatusItem for the menu bar presence and an NSPopover hosting the SwiftUI views. The piece that makes it feel right, though, is the activation policy. Setting the app to accessory mode tells macOS it is a background-style process: no Dock icon, no app switcher entry, no menu bar of its own. It is present when you summon it and invisible when you do not. For a utility, that is the correct default, not a clever trick.

Three of MacGuard's five tools need real system data, and macOS does not just hand that over.

The Activity Monitor panel reads CPU, memory, and disk metrics through low-level APIs like sysctl and the Mach host statistics calls, rather than scraping anything. The Login Items manager uses SMAppService, which is the modern, sanctioned replacement for the old LaunchAgent plist juggling on macOS 13 and up. It gives you a proper API and asks the user for consent, instead of quietly editing files behind their back.

The lesson that kept repeating: there is almost always a first-class API for what you want. Reaching for it instead of a hack means your app keeps working when the next macOS release lands.

Live system gauges want to update every second. Doing that constantly is accurate and also rude to the battery.

The fix was adaptive polling. While the popover is open and you are actually looking, MacGuard polls once a second. The moment it is dismissed, the interval drops to once every ten seconds. Nobody is watching, so nobody needs second-by-second precision. That single change cut the app's background CPU overhead by roughly eighty per cent. Accuracy when it is seen, restraint when it is not.

The uninstaller had its own puzzle. Dragging an app to the Bin leaves debris scattered across Application Support, Preferences, Caches, and Containers inside the Library folder.

MacGuard scans for it using the app's bundle identifier as the primary key, then searches each of those locations with fuzzy matching for the common naming variations. The result is a genuinely clean removal rather than the usual half-job.

A system utility that reads process tables and manages login items is never going to fit inside the App Store sandbox, so MacGuard is distributed directly.

That route is not lawless. It still means signing the app with a Developer ID and notarising it with Apple, so Gatekeeper trusts it on a machine that has never seen it before. You skip App Review, but you take on the responsibility yourself. For a tool that deliberately works close to the system, that trade is the right one.

Build a utility like a utility. Quiet, native, always a click away, and honest about how deep it reaches.