Wireguard can only be installed via the Mac App Store, which, upon opening, transmits your permanent/unchangeable hardware serial number and Apple ID (required to download even free apps), which is linked to your phone number, to Apple, thus deanonymizing your VPN's public IP.
I don't use the Mac App Store. I run my VPN on a second device, because I no longer find the macOS to sufficiently preserve my privacy.
It's insane to me that Apple thinks it's okay to demand hardware serial number, name, street address, email, and phone number to download free privacy apps. An organization that had privacy as a value simply would not do that.
Apple has banned apps that want to use the NetworkExtension API from being self-signed, OR by being Apple-approved-developer signed and distributed outside of the App Store. You can download the windows Wireguard client from the Wireguard website, but not the mac one.
They even recently censored the donations link in the Wireguard mac client, because App Store.
The GL.iNet MNG-300v2 "Mango" is tiny and has built-in WireGuard support, and you can even set it up to switch WG on and off using the hardware switch:
If self and Apple-approved developer signing is not allowed, how do developers test their apps that use those APIs?
I don't know a lot about how Mac apps work, but I've heard somewhere that you have to sign all apps to build and install on any device.
That uses a different API that is widely assumed will be removed soon in a future macOS, and as such nobody wants to rely on it or build around it. It also requires root. It is not used by the Wireguard GUI app in the Mac App Store (MAS).
The wireguard-app-from-wireguard is only distributed via MAS, and you cannot build that GUI version that they distribute via MAS yourself, because that version uses the NetworkExtension API and that only works with the appropriate signed entitlement from Apple, which as of very recently didn't get issued outside of MAS apps.
I don't use the Mac App Store. I run my VPN on a second device, because I no longer find the macOS to sufficiently preserve my privacy.
It's insane to me that Apple thinks it's okay to demand hardware serial number, name, street address, email, and phone number to download free privacy apps. An organization that had privacy as a value simply would not do that.
Apple has banned apps that want to use the NetworkExtension API from being self-signed, OR by being Apple-approved-developer signed and distributed outside of the App Store. You can download the windows Wireguard client from the Wireguard website, but not the mac one.
They even recently censored the donations link in the Wireguard mac client, because App Store.