Muse Hub runs with excessive permissions on MacOS

The issue is similar to that reported for Linux in https://musescore.org/en/node/339231. Analogous to that case, MuseHub installs a helper application that runs as root. On Mac it sits in /Library/PrivilegedHelperTools and is called com.muse.museservice and is, in fact, owned by root.

This service runs permanently and only stops when MuseHub is uninstalled. It opens bittorrent ports. The appartent functions are

• run as bittorrent host for downloading software and content such as MuseScore and MuseSounds
• install downloaded items without user intervention.

Running a root-privileged process without need is considered bad practice and in fact presents an unknown danger to the integrity and privacy of the system.

For the above mentioned purposes there is no need for root privileges, except perhaps asking the user for permission when a new version of the software is ready to be installed.

There is a partial workaround, different from that on Linux. It consists of completely uninstalling MuseHub, using the Uninstall button on the MuseHub settings page. This stops and removes the service.

This workaround is partial, because the service has already run as root and could potentially have already damaged the system. Also, it results in further unavailability of MuseHub.

The issue has been discussed, and is still being discussed, on many forum topics with broad consensus that this is dangerous practice that should not be.