Hidden features of macOS Catalina

Apple's macOS Catalina
Apple’s macOS Catalina

Jason Snell, Macworld:

MacOS Catalina is here, and with it, a bunch of top-line features: Mac Catalyst, new apps, Sidecar, Screen Time, and Voice Control. But as you might expect, Catalina also includes dozens of small feature changes that are worth investigating. Here are a few of the most interesting hidden features in macOS Catalina.

MacDailyNews Take: Because we test a lot of betas, our favorite macOS Catalina “hidden feature” is macOS Recovery’s “restore from snapshot.” It works like this: If your third-party software is incompatible with an update you just installed, use macOS Recovery to restore from a snapshot of your computer taken right before the installation. macOS and all your apps will work just as they did before you installed the update.

Check out many of macOS Catalina’s features here.

What’s favorite macOS Catalina “hidden feature?”

[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]


  1. At first glance, the new Find My app seems like a good idea. The method Apple uses to disguise your location, even from Apple itself, while allowing your devices to decrypt the location data of your other devices seems sound, but it actually introduces two kinds of security holes that can leave you vulnerable. These holes do not stem from the architecture or cryptography of the solution, but from the way iCloud and Catalina are built and operate. Let’s look at two use cases:

    Let’s say you have lost your iPhone. You can’t wait until you get home to use the Find My app on your Mac, so you ask your friend to help you. They open Find My on their iPhone and tap the Help a Friend link. This opens iCloud in the iPhone’s Safari browser. You try to log in. Here’s where it all goes bad:
    a) You probably have 2FA activated. So Apple displays a notification on your Mac (which is at home) and on your lost iPhone saying that someone is trying to log in to your iCloud account. You cannot authorize the prompt to get the 2FA code since you are not with either of your devices, so your friend can’t help you find our device. You have to wait until you get home to use the Find My app on your Mac; precious time is lost. And worse, if the lost phone is still on, now the thief knows you are trying to find your iPhone and will take steps to make it harder to track the device. You have lost an advantage over the thief.
    You should at least be able to log in through Help a Friend without alerting your device about the iCloud login; this search should be silent and invisible.
    Let’s say you have a Mac at home connected to your TV and anyone you live with or who visits you can use this Mac to browse the web or watch Netflix on a big screen. The Find My app is built in to Catalina and it cannot be uninstalled or turned off. You are signed in to this Mac with the same Apple ID you use on your other devices so you can enjoy the benefits of iCloud, such as synchronizing your music across devices. So anyone who uses your TV can find your location whenever they want to, whether you want them to or not. If a burglar breaks in and steals this Mac, they can use Find My to find out where YOU are, and where the rest of your devices are, and either see if you’re getting closer to them to retrieve your stolen Mac, or make plans to steal your other devices.
    You should at least be able to turn off Find My on any device to prevent unwanted access to your devices’ locations and to protect your privacy. And to turn it back on, you should be required to provide a password, and maybe even a 2FA code, to prevent unauthorized parties from being nosy.

    Use Case 1 is entirely plausible; many thieves might turn the device off and never see a notification, but some may not be savvy enough to do that. Use Case 2 may seem farfetched. Even if you feel that neither of these scenarios is likely, they still illustrate problems in the way Find My has been implemented; these problems create new, perhaps unforeseen security and privacy problems for Apple device users.

    Clearly, the developers and UX designers at Apple assumed that you would only be looking for your lost device using one of your other Apple devices. They didn’t consider the effect of signing in to iCloud through a browser (displaying a give-away notification on the lost device), nor did they provide a way to protect access to the Find My app in Catalina. When developing use cases, UX designers need to consider far-out or even seemingly unlikely situations when developing a product.

    While Find My may be successful on the technical level, it is a failure at the human level. Hopefully the fine folks at Apple will release updates to Find My, iCloud and Catalina that plug these security holes sooner rather than later.

    Have you found other use cases where Find My creates new problems?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.