By Roman Kaplun, Senior Engineering Manager at CleanMyMac by MacPaw
The Mac is having a moment — Apple’s most recent earnings showed Mac sales up 6% year-over-year, with Tim Cook acknowledging customer recognition was “happening faster than what we had predicted.” At the same time, App Store submissions jumped 84% year-over-year in Q1 2026, with full-year 2025 reaching nearly 600,000 new submissions, the largest annual wave since 2016. Vibe coding tools are widely cited as the driver behind that surge.
The shift is broad. 92% of US developers now use AI coding tools daily and 63% of vibe coding users are not developers at all. They are designers, marketers, and individuals building tools through natural language prompts.
What is worth examining is what happens when this wave reaches software operating at a deeper level of a user’s system. Free, open-source Mac utilities are appearing on GitHub, many positioning themselves as a CleanMyMac alternative or as replacements for other established Mac tools. After 17 years of building at this layer of macOS, the conversation around “free alternative” tends to skip something important: what it actually takes to build a tool that works reliably inside macOS over time.
CleanMyMac, an all-in-one Mac care app within the MacPaw ecosystem that handles junk, duplicates, malware, and performance issues, has been part of that conversation directly.
Why macOS Development Is a Continuous Engineering Job
This is probably the most underappreciated thing about building for the Mac. With each major release, macOS changes internal APIs, file system behavior, privacy permissions, application container structures, and sandboxing rules in ways that directly affect how cleaning tools behave. A folder safe to remove today may contain essential files after the next update. An internal API that works in one release may silently break in the next, returning empty or incorrect results.
The harder challenge is making a tool that keeps working correctly across versions, which requires continuous engineering work over time.
Full Disk Access: A Permission That Requires Responsibility
Most cleaning tools require Full Disk Access to work correctly. Full Disk Access is a macOS permission that gives an application visibility into areas of the system that are normally restricted, including caches, application support data, mail, browser folders, and other user directories.
Requesting this permission is technically simple. Handling it responsibly is a different matter. The important question for any user installing a system utility is whether the tool is transparent about why it needs that access, what data stays on the device, and what safeguards exist if something goes wrong.
What the MacPaw Team Found
Our engineers recently reviewed several vibe-coded Mac cleaning utilities to understand what is actually shipping.
Several tools rely on a small number of hardcoded scan paths, cleaning only a handful of folders rather than reflecting how macOS actually distributes user and system data. Some scanners return invalid or empty results for entire categories, such as Mail attachments or Trash, without surfacing that to the user.
Destructive operations, like RAM clearing or force-quitting applications, were sometimes executed without any confirmation flow or data-saving safeguard. Several utilities also handle Full Disk Access incorrectly, behaving as though the permission has been granted when it has not, which leads to broken scans and unreliable output.
Beyond those operational issues, the team observed direct shell command execution, AppleScript-driven Trash operations, and modifications to system launch agents. These operations require careful handling because unvalidated shell execution and launch agent modifications are the same code paths malware uses to establish persistence on a system.
These are not isolated findings. They are patterns that emerge when a tool is assembled quickly without the engineering practices and security standards that working at this layer of macOS demands. This is consistent with broader industry research: independent analysis of AI-generated code found it produces 1.7x more major issues than human-written code, with 45% of samples failing security benchmarks.
What Sustained macOS Engineering Actually Looks Like in Practice
The team behind CleanMyMac has been building for macOS since 2008. That history translates into a working knowledge of what changes with each macOS release, what edge cases look like across different hardware configurations, and which operations require extra caution. Keeping CleanMyMac safe to use across system updates depends entirely on this ongoing engineering work.
Every potentially destructive action, whether removing duplicates, clearing large and old files, or cleaning similar images, is designed with multiple confirmation and review steps. The goal is to make cleanup predictable, which is a harder engineering problem than making it fast.
It also means working with Apple betas months before public release, so that CleanMyMac is stable and verified from day one of each macOS launch, and maintaining certifications such as ISO as an organization and OPSWAT as an application.
Why This Matters Beyond Mac Cleaners
The vibe-coded utility trend is not limited to cleaning apps. Free alternatives across many categories are appearing on GitHub and being installed by users who assume a signed and notarized app has been built with care. Apple notarization confirms that code passed a malware scan. It does not confirm the application has been tested for correctness, stability across macOS versions, or responsible handling of the permissions it requests.
Apple itself has begun drawing lines. Enforcement against vibe-coded apps in the App Store has been escalating since early 2026, with several tools pulled for violating Guideline 2.5.2. Outside the App Store, the Mac user community is responding too. r/MacApps recently introduced a tiered trust and transparency system to help users distinguish between established developers and unproven projects.
That conversation is worth having across the utility software space as a whole, especially as vibe-coded apps become more popular with Mac users. The question worth asking before installing any tool with deep system access is not just whether it is free, but whether the people who built it have had enough time, and done enough work, to understand what they are touching.