Unexpected MDM-like behavior and developer mode on retail MacBook M4

Developer mode is a setting to allow "permission for locally installed apps to run on iOS, iPadOS, visionOS, and watchOS devices" [1]. Based on the documentation, AMFI developer mode refers to the ability to run applications and code signed by Apple Developer certificates (it still doesn't allow arbitrary unsigned code).

On iOS, iPadOS, visionOS, and watchOS devices, you can't normally run applications signed directly by a developer (Apple re-signs applications themselves for distribution through the App Store). However, on macOS, you can run applications signed directly by a developer [2].

I have confirmed that on two physical machines and one VM I have running macOS 15.5 [3] that "AMFI: developer mode is force enabled on this platform" is present in the logs. I would imagine if you go back to an Apple store and get a new Mac it would also display this message.

Further, extracting com.apple.driver.AppleMobileFileIntegrity from the kernelcache on my 15.5 system and performing limited static analysis [4], it appears as though this is a fixed code execution path as part of AMFI initialization routines (meaning there is nothing that can turn this off). There are other branches that are gated behind certain configuration, namely kernel bootargs such as amfi_bring_up_mode, amfi_get_out_of_my_way, etc.

The log message itself: "AMFI: developer mode is force enabled on this platform"; to me if this were true configuration the message would likely not include "force" or "on this platform", which points towards it being a fixed (forced) value (on macOS platform).

So to specifically answer your questions:

1. Yes, a standard retail purchased Mac running macOS is expected to have AMFI developer mode force enabled. This appears to be expected behavior on the macOS platform, despite it sounding unusual.

2. This is not an exploit and unrelated to issues you may be experiencing, if any [5].

3. No remediation steps, see 1 & 2.

Based on the totality of the information, I believe that AMFI developer mode being force enabled is intended specifically on the macOS platform (and not on iOS, iPadOS, visionOS, or watchOS).

[1] Enabling Developer Mode on a device | Apple Developer Documentation

[2] Subject to certain criteria, such as notarization, see: https://developer.apple.com/documentation/security/notarizing-macos-software-before-distribution.

[3] sw_vers output:

% sw_vers

ProductName: macOS

ProductVersion: 15.5

BuildVersion: 24F74

[4] Full disclosure I'm a software engineer but I don't work in reverse engineering so my analysis could be flawed.

[5] You never provided details of the specific network calls that were made that are MDM-related in nature. I have personally had some macOS settings fail to persist or get reset on my system, usually from OS updates e.g. 15.4 to 15.5 (based on my purely anecdotal observations this is most often settings related to the application firewall and analytics/privacy).

If you are having issue with your brand new Mac , return it for one that works as expect out of the box.

you have a limited 14 days for an exchange or refund for any reason—see Returns & Refunds Order status

Returns & Refunds - Shopping Help - Apple

Only items that have been purchased directly from Apple, either online or at an Apple Retail Store

ref: Review and delete configuration profiles - Apple Support

compy1 wrote:

Unfortunately, the issues with the device didn't become apparent until outside the return window.

Thanks for sharing the link. There's never been any visible configuration profiles installed on the device.

Are you familiar with whether developer mode force enabled is expected for a retail, non-provisioned MacBook?

Disable Developer Mode:

"To disable Developer Mode on the device, go to Settings > Privacy & Security > Developer Mode and tap Developer Mode. Toggle the Developer Mode switch to the off position. After you disable Developer Mode, you can’t run apps from Xcode on the device until you enable Developer Mode again."

ref: Enabling Developer Mode on a device | Apple Developer Documentation

Your 90 days of complimentary telephone support begins on the date of purchase.

Call Customer Support  (800) MY–APPLE (800–692–7753)

always available —

 Customer Support  (800) MY–APPLE (800–692–7753)

or on line  https://getsupport.apple.com/

or call  AppleCare Support at 1-800-APLCARE (800-275-2273)

Outside the USA—Contact Apple for support and service by phone

See a list of Apple phone numbers around the world.

Contact Apple Support - Apple Support 

"I have a MacBook M4 Pro recently purchased through Apple retail channels with AppleCare+ that is behaving as though it's an MDM provisioned device."

What retail channel exactly? Please explain in detail as to from where and from whom you purchased the MacBook because it looks to me like you bought a returned or formerly corporately owned MacBook.

compy1 wrote:

Machine 2•

Because of my experience with the MacBook Pro I went and purchased a MacBook Air M4 at the Cupertino visitor center store with AppleCare+ a few weeks ago. I performed the following evaluation:

Booted only into Recovery Mode <-- Note, I have yet to set the machine up with a local account.

• While in recovery mode, I connected to the internet.

• In terminal, I checked the AMFI logs and again saw developer mode force enabled. <-- see below

so are you saying as it turns — this not be an issue...

From your multiple Mac’s in question, It would seem it is default setting for the macOS.

not sure how that translates into an exploit…