Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: dima.c
dima.c Author
User level: Level 1
8 points

What is ZhuGeSupport.framework service on macOS?

Hi, a similar question has already been asked in "The mystery of ZhuGe Service?" thread.


Though, it was suggested that this services was "just a part of coreaudio", it still looks suspicious. Especially when checking the list of allowed permissions that it has:


$ codesign -d --entitlements - /System/Library/PrivateFrameworks/ZhuGeSupport.framework/Versions/A/XPCServices/ZhuGeService.xpc/Contents/MacOS/ZhuGeService
ZhuGeService.xpc entitlements


Full list doesn't fit here, but here are just some of them:

[String] RosalineSerialNumber                                                                                                                  [String] RoswellChipID
[String] SavageChipID
[String] SavageInfo
[String] SavageSerialNumber
[String] SavageUID
[String] ScreenSerialNumber
[String] SecondaryBluetoothMacAddress
[String] SecondaryBluetoothMacAddressData
[String] SecondaryEthernetMacAddress
[String] SecondaryEthernetMacAddressData
[String] SecondaryWifiMacAddress
[String] SecondaryWifiMacAddressData
[String] SecureElementID
[String] SerialNumber
[String] SysCfg                                                                                                                                [String] SysCfgDict
[String] ThreadRadioMacAddress
[String] ThreadRadioMacAddress64Bit
[String] ThreadRadioMacAddress64BitData
[String] ThreadRadioMacAddressData
[String] TopModuleAuthChipID
[String] TristarID
[String] UniqueChipID
[String] UniqueDeviceID
[String] UniqueDeviceIDData
[String] WifiAddress
[String] WifiAddressData
[String] WirelessBoardSnum


Why would a "mere audio service" need to access all the available hardware identifiers? Or the real purpose of this service is something else, like reporting and tracking the user identification / fingerprint? And who gets this information? The name of the service suggests it has some Chinese roots...


It's very strange to see such unusual naming choice for a core service, if it's really a core service. Although, it's reported as being signed by Apple, but that only raises more questions:


$ codesign -d -vv /System/Library/PrivateFrameworks/ZhuGeSupport.framework/Versions/A/XPCServices/ZhuGeService.xpc/Contents/MacOS/ZhuGeService
Executable=/System/Library/PrivateFrameworks/ZhuGeSupport.framework/Versions/A/XPCServices/ZhuGeService.xpc/Contents/MacOS/ZhuGeService
Identifier=com.apple.ZhuGeService
Format=bundle with Mach-O universal (x86_64 arm64e)
CodeDirectory v=20400 size=1743 flags=0x0(none) hashes=44+7 location=embedded
Platform identifier=13
Signature size=4442
Authority=Software Signing
Authority=Apple Code Signing Certification Authority
Authority=Apple Root CA
Signed Time=Jun 18, 2022 at 3:57:35 AM
Info.plist entries=21
TeamIdentifier=not set
Sealed Resources version=2 rules=2 files=0
Internal requirements count=1 size=72

Posted on Aug 30, 2022 1:52 AM

Reply
Question marked as Best reply
User profile for user: dima.c
dima.c Author
User level: Level 1
8 points

Posted on Aug 30, 2022 5:09 AM

I'm not sure that I've got your point.


That fact that this service resides on the system volume doesn't explain anything about the unreasonable level of granted permissions to this service. To me it just doesn't look right that an "audio service" can access and collect info about all HW identifiers. And on top of that it has something called "com.apple.ZhuGe.private-connection" – what's that, a network connection to report all the collected data?


I'm just trying to find some reasonable explanation for the things that looks unusual to me.

View in context

Similar questions

5 replies
Question marked as Best reply
User profile for user: dima.c
dima.c Author
User level: Level 1
8 points

Aug 30, 2022 5:09 AM in response to PRP_53

I'm not sure that I've got your point.


That fact that this service resides on the system volume doesn't explain anything about the unreasonable level of granted permissions to this service. To me it just doesn't look right that an "audio service" can access and collect info about all HW identifiers. And on top of that it has something called "com.apple.ZhuGe.private-connection" – what's that, a network connection to report all the collected data?


I'm just trying to find some reasonable explanation for the things that looks unusual to me.

Reply
User profile for user: dima.c
dima.c Author
User level: Level 1
8 points

Aug 30, 2022 6:40 AM in response to PRP_53

OK, fair enough. In the end nobody's forcing users to use Apple hardware and software, it's a free choice. I get what you mean, and your point is valid. On the other hand, I'm as a user can be confused by some of the design choices even if they're genuine and authentic. If the service was named differently it wouldn't catch my eye and I wouldn't look at the list of the allowed permissions.


Still, all of the above doesn't solve the disconnect that I have between the stated purpose of the service and it's granted permission level. Anyway, I appreciate your help and time, thanks!

Reply
User profile for user: PRP_53
PRP_53
User level: Level 10
85,495 points

Aug 30, 2022 6:19 AM in response to dima.c

Short and blunt answer.


Apple Designed & Engineered the Operating System as well as the Apple Computers on which it is run.


If it is there it is because Apple Placed it there.


Again, as pervious mentioned As far as I know, neither you nor I are Apple Software Engineers so there is no definitive answer to your question.


If the user is concerned about what Personal Data Apple collects --- >>> Understand and control the personal information that you store with Apple


If still not pleased ----- >


Understand, we are all working Remotely from all around the world. 


Therefore, we do not have the On-Hands experience the User ( you ) have with this computer.


The next best thing for us to having a semi - actual On-Hand experience  with this computer is to follow the steps below


Download the Application Etrecheck directly from the Developer. 


The application is free or paid from added features. 


It will take a Snap Shot -  both the hardware and software.


 The Report will Not Reveal Any Personal Information. 


Post back the Full Report - copy and paste - using the Additional Text Icon ( 3rd Icon to last )


We can have a look at the report for possible issues and may have possible suggestions to resolve the issues.


Reply
User profile for user: PRP_53
PRP_53
User level: Level 10
85,495 points

Aug 30, 2022 7:29 AM in response to dima.c

You are welcome 👍 and thank you too 🇨🇦


Do come back to the Apple Support Communities ( ASC )  in the future, if / or when additional questions may arise


Aside, there are hundreds if not thousands of process running on macOS which are really unknown and personally gave up trying to understand the decision on naming them.


For me, I spend more time enjoying the computer and what it can do to enhance my life.


Outside of that , the ultimate search of macOS will prove fruitless and pointless

Reply

What is ZhuGeSupport.framework service on macOS?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up