Feature or bug? Why did my retail MacBooks arrive with AMFI developer mode force enabled?

#### Is it expected for a retail purchased, non-provisioned devices configured with AMFI (Apple Mobile File Integrity) developer mode force enabled? I recently bought two MacBooks with AppleCare+ through Apple retail channels that are AMFI developer mode force enabled. I didn't purchase the MacBooks with business or developer accounts. #### Machine 1 A MacBook Pro from Apple.com as a certified refurbished unit (the one mentioned above) for store pickup. After strange mdm type behavior (wifi settings etc. changing without my involvement and what appear to be mdm related network calls) I took it the Genius bar and Apple performed the following actions: - Fresh MacOS install - DFU restore - Logic board replacement Developer mode force enabled persisted on the machine after each of the steps above. In MacOS, are AMFI developer mode force enabled and developer mode managed through devtoolssecurity different settings? Under what circumstances, if any, would you expect AMFI developer mode force enabled with a fresh retail MacBook? ##### Key Differences Summarized | | AMFI Developer Mode "Force Enabled" | Developer Mode via devtoolssecurity / System Settings | | - | ----- | ----- | | **Purpose** | Relaxes core code signature validation for running unsigned/self-signed code at a lower system level. | Allows admin or _developers group users to run Apple-signed debugging and performance analysis tools without a password; allows Xcode to run apps on devices. | | **Control Level** | Deeper system-level setting, often requiring more intrusive modifications or specific provisioning. | User-facing setting, designed to be easily toggled by administrators or developers. | | **Security Impact** | Significantly reduces the overall security posture of the system by relaxing fundamental code integrity checks. | Offers a controlled relaxation of security for development tools, with explicit user consent. | | **Visibility** | Often discovered through system logs (log show --predicate 'eventMessage CONTAINS "AMFI"') or specific diagnostic tools. | Clearly visible and manageable in System Settings > Privacy & Security and via devtoolssecurity command. | | **Control** | Modifying AMFI developer mode force enabled settings on macOS is not part of standard user configuration — it involves low-level system changes that can compromise security and are typically reserved for Apple internal use, MDM provisioning, or advanced development scenarios. | DevToolsSecurity -enable | > "AMFI developer mode force enabled" implies a more profound and potentially less secure state where the system's fundamental code integrity checks are bypassed for development, while the "Developer Mode" controlled by devtoolssecurity is a more granular and user-controlled setting designed for everyday development tasks with Apple's tools.