What is the "Google LLC" login item and what is it doing? It just added itself to my login items.

harenet wrote:

To clarify, I was responding to John Galt, not to your response, so apologies if there was a misunderstanding there.

Yes. I saw that. But that doesn't matter to most people. They usually just randomly click a "Reply" button. Most often, they reply to themselves.

That said, I don't expect anyone to know these answers. I'm just hoping someone with more skill or knowledge than I have will be able to help me and others with the same questions find the answers.

But it's actually quite a difficult question. The basic, most fundamental, answer is that you are simply supposed to trust Google. Apple's signature-based notification system only provides the legal name of the entity that signed the software.

Sometimes people think that Apple has this massive security team that is doing in-depth security checks on all the apps in the world. There is no such team. There is a team that checks the paperwork to ensure that "Google LLC" actually exists in some jurisdiction and isn't a known malware author. That's it. You are expected to do your own research if you have further questions.

If you are downloading apps from the Mac App Store, then there is another level of automated checks to ensure very basic compliance with Apple App Review guidelines. There is also a very basic human runtime check to ensure apps actually work, aren't fake apps for the illegal drug, gambling, prostitution, etc. industries. But when I say "basic check", remember that it's really, really basic. Large companies like Google are typically exempt for all practical purposes anyway.

Funny enough, the inverse isn't true. Google actually does have a large security team doing in-depth security checks on Apple apps. Their job is to hack Apple devices and software and publish the results - all in the name of improved security, of course. Make of that what you will.

PS: Full disclosure time. One of the reasons that this Apple user interface is so annoying is that I've developed my own app that, in my humble opinion, does a much better job of this. It will tell you exactly what file is using that "Google LLC" signature. It can't tell you what the software actually does. Again, you'll just have to trust "Google LLC", but at least you'll be able to see if it is just another part of (what is claimed to be) the software updating component.

However, my app doesn't allow you to disable those components. I had considered it years ago, but decided right away that I didn't want to be interfering with other people's apps. You installed this "Google LLC" software for a reason. I don't want you using my software to break it. If you don't want to run the software, my app will show you all the pieces. If you decide you don't want to use the software, you can then install it using any legitimate method (which is a whole different, very long discussion - never use "app zappers" or "clean up" apps for this). If there are any pieces left installed, my software will show you what they are and where they are so you can (safely) complete the uninstallation.

Chances are, with a major developer like Google, the app is probably doing what it says it is doing. And it is also probably collecting information too. There isn't anything wrong with that. Maybe they want to know why people run the updater, or why they don't. Collection of information is not necessarily malicious. Sometimes, the information is used to improve the user experience. But you'll never know for sure. It's 100% based on trust.

Alas, the Apple discussion forum rules prevent me (as the author) from giving you a direct link to my app. You can use Google to find it, or someone else can tell you, but I can't.

In addition to the LLC file, it also created three .plist files for me today in ~/Library/LaunchAgents/, two of which are zero bytes long. One is clearly associated with running the Chrome updater. The other two that are empty (keystone) appear to be connected to a component of Chrome called Keystone, but I can't tell if these are unintended. Either Google or Apple should explain what the Google LLC background app does as despite appearing to be from Google, we have no way of determining if it will cause any issues.

Tuinhekje wrote:

Here maybe some useful info about "Google LLC":

You posted a link to an advertisement for a product that should never be installed on a Mac.

As such it is not useful, inaccurate at best, and is likely to lead to additional, unrelated problems.

It was explained that there is no "Google" so the solution is to "uninstall Google" is a least unhelpful and is coming across as pretentious. Uninstall "x", "y" and "z" might be a helpful comment or leave it alone.

Trying once again to put this thread to rest.

I will assume the mysterious Google files being referenced are the same as the Google files referenced in this three threads I posted above. If this assumption is true, and it probably is, I can provide some better answers.

harenet wrote:

What is Google LLC login item?

There is no Google LLC login item. This is a side effect of Apple's awful new System Settings user interface. If these items aren't constructed "just so", then Apple will just dump the name listed in the software's digital signature, instead of the name of the app and a pretty icon. In the example above, Apple was happy with "Google Updater" for some reason. But it was not as happy with "mystery item".

But it looks like "Google LLC" is actually:

[Loaded] com.google.keystone.daemon.plist (Google LLC - installed 2022-10-27)

Executable: /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon

whereas "Google Updater" is:

[Loaded] com.google.keystone.agent.plist (Google LLC - installed 2022-10-27)

Command: /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded

[Loaded] com.google.keystone.xpcservice.plist (Google LLC - installed 2022-10-27)

Command: /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost

Those with a keen eye might notice that these are actually the same file. Really sharp-eyed people might notice that I've only listed 3 files whereas the OP's screenshot seems to indicate 4 files. There's a good explanation for that. I'm just randomly pulling data from someone else's question. People are demanding answers! And the fact that it is physically impossible for us to provide accurate answers isn't good enough. Therefore, here are some wrong answers. Happy?

What is it doing?

Not a clue in the world. Probably something related to Google software update. If not that, then something else.

How is it functionally different form Google Updater?

Apparently, it's the same freaking file. Is that functionally different?

Why is it able to install itself in my log in items without any authentication or opt-in action on my part?

Because at some point in the past, you gave Google full control over your computer and all of your data. Depending on how your computer and the rest of your devices and services are configured, Google could have effective control over all of your devices and all of your data on any cloud service in any cloud service.

How did this happen? Google asked for an administrator password and you provided it. Did you know that this is true of any software developer when you provide your administrator password? Is that scary? It should be.

Can you trust Google with all of that power and that data? It depends. Obviously you do, so that's a moot point. But in truth, Google really doesn't care about your data. They are happy to sell your personal information regardless of what is in it. The details don't matter. What matters is control over and ownership of the data. It all belongs to Google now. All of the labour you've provided to collect this information about yourself is now being sold by Google to anyone who wants it. Is your data safe? Safe from what? Google's not going to post your information on the internet. The people they sell it too probably aren't going to do that either. Hopefully your data doesn't document any activity that was, is, or will be illegal one day, because Google give all of it to the government without fee. At this point in end-stage capitalism, you should consider Google to be just another branch of the US government surveillance apparatus. Technically it's illegal for the US government to spy on its own citizens, so they contract that collection out to Google instead. You freely give all of your information to Google, so it's all good.

All this then leads us back to the question that everyone wants answered. What should you do about this file? Leave it alone, obviously. You don't have anything to hide, do you?

Arthur7 wrote:

Google LLC is a login item of unknown origin to all on the thread.

Absolutely not! It is not a login item of unknown origin. It isn't a login item at all. It originates from "Google LLC".

No one seems to know what it does.

It's Google. It collects personal information. Doh!

No one can say if it is in any way related to Google Updater.

It is absolute related. They are both signed with "Google LLC" (apparently).

Standby and many will be scouring the internet and other resources to answer those questions and some will just return with long-winded sarcastic comments.

You'll never get any long-winded sarcastic comments from me!

It is a save guess to presume: using Google Chrome leads to getting that Google LLC on your computer. But I got that same indication just today, and I don’t have Chrome nor any other Google software installed (at least, none I am aware to come from Google). And the Macbook Pro is quite new, there are no apps installed years agot I have forgotten since.

What I did just prior to the OS indication was starting a movie on YouTube in Safari. Can just browsing a Google-owned website lead to the installation of a background app in my OS?

o_183 wrote:

It is a save guess to presume: using Google Chrome leads to getting that Google LLC on your computer.

First of all, there is no "Google LLC". If you try to search for it on your computer, you'll never find it. It doesn't exist.

The problem is that this is name of the entity that signed the digital signature attached to some app or portion of one. Since this name is in a digital signature, it's actually encrypted. So even if you were to scan the entire hard drive, you would never find the text "Google LLC" at all, because it's encrypted. 😄

I don't why why Apple chose to surface this particular information, and only this information, and only sometimes. Other times, it says "Google Update". Ironically enough, only the "Google LLC" part is reliable. Anyone, even dedicated, committed malware developers could release something and call it "Google Update" and that's what Apple would tell you it was. 😄 That's because the "Google LLC" is part of that encrypted digital signature whereas "Google Update" is just a string.

But I got that same indication just today, and I don’t have Chrome nor any other Google software installed

I'm pretty sure you do. Remember that in addition to not actually existing, any associated files for these things are in hidden folders. They will not even show up in the Finder and your searches will not acknowledge their existence.

Can just browsing a Google-owned website lead to the installation of a background app in my OS?

No.

In my experience, the majority of non-helpful answers appear because the responder failed to read the question. For example, a person will write, "As a last resort, I even tried to unplug and reconnect," and someone will answer, "You need to reconnect the device."

Or one of us will write, "I have no Google software installed," and someone will answer, "The problem is Google software you have installed." Again, more than half the time, they simply don't read the post.

''Because at some point in the past, you gave Google full control over your computer and all of your data."

Well, I DIDN'T and I'm pretty sure many others didn't either. When asking for full disk access, I always deny it, especially to any Google software :) Automatic update checking is always OFF, so there is no reason whatsoever for that login item to be there, especially to install itself there without my specific consent.

"How did this happen? Google asked for an administrator password and you provided it."

Correct me if I'm wrong, but when installing a software on your Mac, aren't you actually providing your administrator password to the OS, so it knows that you have administrator privileges? How and why would that password be passed on to Google? It makes no sense whatsoever.

"All this then leads us back to the question that everyone wants answered. What should you do about this file? Leave it alone, obviously. You don't have anything to hide, do you?"

Now this is THE biggest problem with modern mindset. You know what? I and many others DO have something to hide. It's called PRIVACY, and we especially like to hide it from people people/software who try to invade it!

Oh... and my answer to "what should you do with this file" is DELETE IT, as well as every single piece of privacy invader crap Google software you find on your machine.

In my experience, when "senior" forum members engage in an apparent joint attempt to beat around the bush, it's simply because the topic is not something that should be the focus of a discussion, which in this case is:

Why and how was Google LLC able to add itself to the login items list as a NEW item (apparently even on brand new Macs which have no Google software installed on them!), without having the user's previous consent? Every other software that I use which requires this will ask for my consent BEFOREHAND.