Manage login items and background tasks on Mac
Before macOS 13, part of the application-design process of helper executables included scripts that installed one or more property lists into specific directories based on the type of service. For a Mac with macOS 13 or later, a new structure in the app bundle simplifies the installation of login items and associated property lists by updating helper executables from earlier versions of macOS. This framework is used to create transparency to the user when you configure login items, launch agents, and launch daemons on a Mac. This framework uses the SMAppService
object to control helper executables that live inside an app’s main bundle. It can also be used to register and control login items, launch agents, and launch daemons as helper executables for an app, and it works with all types of apps, regardless of how they were installed.
Deploying helper apps and executables
An organization has the ability to configure specified items using a new configuration payload. The Payload Content is an array of dictionaries and each specifies a rule for one or more potential items. The first item that matches a rule during an installation notifies the administrator that managed items are being installed. Any subsequent installations of items matching a rule don’t create any additional notifications for the reminder of the day (24 hours after the first notification). As items are discovered and are managed using this configuration, administrators and users should file feedback with app vendors and internal tooling teams to take advantage of the new framework in a bundled app.
End user notifications for apps that are managed within this payload are handled by a single notification, which lets the user know that managed items are being installed and can be viewed in System Settings. While this notification persists on screen, no other notification for managed items occur. If this notification is closed any subsequent managed installs notify the user again. If the notification is “Snoozed” there are no more notifications of login items, launch agents, or launch daemons until the end of the selected time—1 week or 1 day.
Identifying apps using background task management
Administrators should be aware of any items that use helper apps and executables which are deployed by their organization. To help identify what items are deployed and are registered with the new framework, test standard deployment workflows and analyze the resulting configuration for applicable items. For example:
Use the declarative status report for background tasks available with macOS 14 or later.
Navigate to System Settings > General > Login Items, to see a list of any items that are registered with the new framework. To see the item that’s being launched, click the Information button.
Use the command-line tools to gather important system information, reset data for testing and monitor activity using the Console and Terminal apps.
sfltool dumpbtm: Prints the current status of login and background items, including loaded
servicemanagement
payload UUIDs. The output of this command should be included with any feedback you file along with the other items listed in the Reporting Feedback section.sfltool resetbtm: Resets login and background item data. If you use this command between tests, it’s recommended that users also restart their computer.
To monitor Login and background item management activity in Console: Filter on
subsystem:backgroundtaskmanagement
andcategory:mcx
, or use the following command to stream the logs in Terminal:log stream --debug --info --predicate "subsystem = 'com.apple.backgroundtaskmanagement'and category = 'mcx'"
Mac Evaluation Utility version 4.3.0 or later, available from AppleSeed for IT, has the ability to generate test results returning detailed information, similar to
sfltool dumpbtm
. These tests for login items, launch agents, or launch daemons report currently installed applications utilizing Login and Background Item management in macOS. These test results are formatted inline with other Mac Evaluation Utility tests and are exportable as delimited text files for further analysis.
Using an XML configuration profile for background task management
You can use an XML configuration profile to manage background tasks. When you do, all items are compared with all rule types. When an item matches a rule, the item is automatically approved. These are the rule types that are considered when matching:
Application BundleIdentifier: The bundle identifier (also known as the bundle ID) of the application to match, which must be an exact match.
Application BundleIdentifierPrefix: The bundle ID prefix of the application to match.
Developer TeamIdentifier: The team identifier from the code signing attributes, which must be an exact match.
Service Label: The value of the
launchd
.plist Label parameter to match, which must be an exact match.Service LabelPrefix: The prefix of the
launchd
.plist Label parameter to match.
For more information, see the Background task management example and the Managed Login Items MDM payload settings.
Attributions from other applications
Apple maintains a preference file named attributions.plist
that contains many applications’ helper apps or executables that are often use by a specific application. This information can be used to help you identify helper applications and executable files that appear in a user’s login items at startup. For a full reference of these common items and their attributions, review the file located here:
/System/Library/PrivateFrameworks/BackgroundTaskManagement.framework/Versions/A/Resources/