Re: Security risk: EA Background Service runs as root on Mac
@mightyspritesims, that's very interesting, not mention concerning. Is there anything individual users can do about this?
Forum Discussion
9 Replies
@PandoraTO The only workaround I can find so far is to go into the activity monitor and force quit the process that is listed as root. This also quits the other background process that doesn't have root access as well. We have to remember to do this manually every time we start the computer and every time we close our game. The EA app automatically starts the processes up again when we go to play a game, and if we refuse to give it root access, the EA app won't start at all
So there's no way to stop it while the game is running, but at least we can stop it at all other times (manually each time)
There is an option in the app to disable automatic updates but it doesn't turn the process off.
@FreddyFox1234 I'm with you, I'd love to be proven wrong here :/
You, the user, with Administrator rights, allow this process to run when you launch EA App and enter your details here and press Ok. If you do not ok this process EA App will not load and you will get the EC106 error.
If you're running Ventura and later go into System Settings > Login items and disable the EA process from launching at startup. You will still have to allow it to run EA App but the process quits around 20 seconds or so after quitting EA App.
If you're running Monterey or earlier you have to manually kill the process every time.
Whilst it's pretty sloppy and it should not require root access, I don't think you need to worry about EA doing anything nefarious with it.
@Bluebellflora You say: "Whilst it's pretty sloppy and it should not require root access, I don't think you need to worry about EA doing anything nefarious with it."
That is more trust than I would place in any company, who is, by definition, comprised of disparate individuals who I may or may not deem trustworthy with the innards of my computer. No company has the right to the constant root access of my computer.
But that is really not the point, here. Even if EA could be 100% trusted to never, never exploit root access to my computer, they have potentially opened a vulnerability that any hacker with decidedly nefarious motives could use to zombie my computer or worse.
This is entirely unacceptable!
I have just been given the "opportunity" to upgrade to the app. It will not even let me quit origin from the normal finder menu, which is grayed out. The only option is to click on the install button. Thankfully Mac allows a program to be quit via the doc or Force Quit.
I absolutely will not install an obvious potential backdoor vulnerability on my Mac. And yes, Apple has the right, and necessity, to be notified of a potential vulnerability to their OS.
It infuriates me to no end that I will not be able to play my game until this untenable situation is either dealt with by closing the vulnerability, or EA can definitively prove no vulnerability exists.
I'm going to copy and paste my reply from the parallel thread running over on the official game forum to put this into context:
Realistically, how likely is it for this to happen? It is more likely that a Mac user downloads and installs something malicious by bypassing Gatekeeper, which does not require root access. Gatekeeper only requires user access https://support.apple.com/en-gb/guide/security/sec5599b66df/ For example, Sims 4 Studio is not a trusted app as far as Apple is concerned, it is not notarised by Apple and is not available on the App Store, yet how many thousands of Mac users have happily downloaded and installed it, bypassing Gatekeeper in the process and blindingly trusting it because it's a well known app in the Sims community and works well (Sims 4 Studio is safe, providing it isn't exploited, just using it as an example here to try and keep everyone grounded and not fan the flames 🙂 )
I have Terminal commands on my website that help Mac Simmers which require root access (sudo) in the command.
If people are that concerned, launch EA App, allow the process when prompted for your password, launch the game then open Activity Monitor and Force Quit the EABackgroundService process. It will cause EA App to hang but the game will still be playable. When you eventually save and quit playing and close the game you will need to Force Quit EA App through Apple > Force Quit.
You say - "I absolutely will not install an obvious potential backdoor vulnerability on my Mac. And yes, Apple has the right, and necessity, to be notified of a potential vulnerability to their OS." but EA App is fully notarised and trusted by Apple which means they will be aware of this process requiring root access, otherwise Gatekeeper will have blocked it. I don't particularly like it either and believe that the process should be killed upon authentication of the service as it is not necessary to keep running but am not concerned.
@Bluebellflora Thank you for your clarification.
I am not a coder, and cannot discuss this from that perspective. But any app that unnecessarily exposes root function sure sounds like a problem to me. That much I have known since the 1980's when I got my first Mac. If that is, indeed, what the EA app does, then I am concerned enough to hold off installing the app, until and unless EA can show me I have no reason to be concerned.
We are already dealing with people exploiting mods, which is a new thing this year. That means The Sims 4 is now "on the radar." That already had me nervous enough to only download mods directly from the modder, not on curseforge.
As far as installing and then having to go through contortions each time I play the game just to be safe, that feels so wrong.
I asked on a developer thread on another forum about shutting things off, and got this as a response: "Recent versions of macOS include a setting in System Settings to disable these kinds of background tasks. Normally I don't recommend that. It is better to simply not use such software instead of trying to hack them up like that. But, in theory, apps should, at some point, get used to this and operate normal if the end user disables these background items."
From my perspective, EA has a responsibility to fix the vulnerability, if one exists. At the very least, give us the ability to shut off the background tasks and still have the app work.
Really appreciate all the info @Bluebellflora . Thanks!
@amjoie wrote:
@Bluebellflora Thank you for your clarification.
I am not a coder, and cannot discuss this from that perspective. But any app that unnecessarily exposes root function sure sounds like a problem to me. That much I have known since the 1980's when I got my first Mac. If that is, indeed, what the EA app does, then I am concerned enough to hold off installing the app, until and unless EA can show me I have no reason to be concerned.
We are already dealing with people exploiting mods, which is a new thing this year. That means The Sims 4 is now "on the radar." That already had me nervous enough to only download mods directly from the modder, not on curseforge.
As far as installing and then having to go through contortions each time I play the game just to be safe, that feels so wrong.
I asked on a developer thread on another forum about shutting things off, and got this as a response: "Recent versions of macOS include a setting in System Settings to disable these kinds of background tasks. Normally I don't recommend that. It is better to simply not use such software instead of trying to hack them up like that. But, in theory, apps should, at some point, get used to this and operate normal if the end user disables these background items."
From my perspective, EA has a responsibility to fix the vulnerability, if one exists. At the very least, give us the ability to shut off the background tasks and still have the app work.
You state you prefer to download mods from the modder rather than Curseforge...... what if the modder added executable malicious code to the CC file you downloaded? Or if they had their account hacked and the clean file was replaced by a nasty one, would you know? How would you know? You're more exposed with your current practice than you are using EA App.
I found the thread you referenced (in bold above). It is on Apple's Developer Forum and you received excellent and sound advice and replies that have essentially confirmed not to worry and this poses no further security risk than any other reputable software and indeed, you're at further risk by bypassing Gatekeeper than running an Apple notarised app like EA App. Choosing to quote that last paragraph is creating a false impression of the answers you received.
For anyone reading this who is still concerned, please follow that link to read the conversation in context.
I'm not interested in further discussing this. There is no drama or undue risk here
@Bluebellflora I apologize for not clarifying that the modders, the ones I download directly from, are above reproach, like MCCC and LittleMsSam. No worries there. I am very careful with what I put on my computer. But you had no way of knowing that, and your reply in that regard was valid, and something I might have cautioned someone about, too. 🙂
I did not link to the developer forum because I did not know if a link would be allowed. To summarize, the most helpful answer I got was a "yes and no" along with (paraphrasing here not a full quote) the chances of a hacker bothering with that vulnerability are slim because coding Unix/Mac is really hard. On one hand that makes me feel better, but on the other hand, the risk still exists.
I probably should have told you that I play my game on an old intel Mac that runs best on Monterey, which is not nearly as safe as Sonoma. I should have mentioned I use a malware solution that stops suspect processes rather than having a list of bad actors to defend against. It might not even allow the EA App for Mac to install. So that was also on my mind.
The bottom line is, I did not want to lose my game, because it means so much to me, and I felt backed into a corner with no escape. Origin was working just fine, and they are keeping it working for people who cannot upgrade, so I wanted the option to continue just like things were, but I was not given that option. EA is going to force me to use their new app or not play at all.
Perhaps I overreacted, in your opinion and quite possibly in the opinion of others. But I felt no desire to be contrarian or argumentative. I just needed to feel safe enough to make it possible for me to continue to play my game.
I have looked into this further, and read more of the "lots of programs/apps are as unsafe or more unsafe" type of thing followed by "don't worry about it." To me, it feels a great deal like being told "when you walk the streets of New York City, the Big Apple, just stay alert." Not the kind of advise that makes me feel safe.
The best solution would be for EA to make the app more safe and less invasive. I cannot depend on them doing that.
So I talked with my daughter and we came up with an alternative solution. She is helping me finance a new iMac, and I will remove everything but The Sims 4 on one of the two computers, and then play offline unless I need to update.
Everything I must keep safe will be on the other computer, which will stay online.
That way, I will not have to worry about safety on the computer with the app installed, because it will be very easy to simply reinstall my game should that ever become necessary, since nothing else will be on that computer. And it is a simple thing to keep redundant backups of my Saves and other game data.
Some people may feel this is going way overboard, but since it has been several years since I upgraded to a new Mac, to me it feels like a really good solution. Being able to play my sims means that much to me. Maybe it shouldn't, but it does.
Ok I think I'm about ready to gather the info here into a useful short summary solution post.
Given Apple's rating It doesn't seem that this is a security risk really. More of a case of "it shouldn't be like that".
It sounds like the best solution is to upgrade to Sonoma (been meaning to do that anyway) and use Sonoma's system for disallowing certain background processes.
Some remaining questions-
@amjoie
how do you play offline with the EA app? I haven't been able to get it to work offline at all, and many simmers on the official forum are upset that they can't either - people who live in areas with spotty internet, people who like to sim on their train commutes, etc.Never mind, it seems to work for me now! It seems this is one of those things where if you have logged in online, and asked it to remember you, it remembers that you did that and allows offline play for some time before making you log in again.
Does anyone know what the toggle in the app to disable the background service actually does? I disabled mine right away, but the background service still runs.
