Unfortunately, it's still not a satisfying answer (if correct) because it's still incomplete.
That said, Logitech themselves said the issue was with a certificate being used to secure IPC communication (in a Reddit comment, sadly not in the FAQ like a sane company would). This would be the channel between the front-end GUI and the back-end process that does all the HID remapping logic. So that
combined with this gives us a more complete picture. The GUI expects the back-end to be present/available since the back-end is what actually does the lifting. But when the IPC handshake failed, the GUI basically hung because it wasn't handling the rejection gracefully.
When using XPC for IPC on macOS, one does need to take care to avoid possible exploits from anonymous clients. For example, there was a couple CVEs related to the Sparkle update framework not that long ago due to incomplete security on the XPC service side of the framework:
https://github.com/sparkle-project/Sparkle/discussions/2764, and it's been a pretty ripe area for security research on the platform. Ultimately, an unsecured IPC/XPC service on the Mac is just bad juju and Apple does provide ways to secure an XPC service.
Assuming Logitech is using an XPCListener, a developer can apply code signing requirements to the listener, and macOS will reject any clients not matching those requirements
for you leveraging the built-in codesigning validation. So it seems the most likely answer here is that Logitech set code signing requirements on the XPCListener that were stricter than Apple's for launch. So while macOS allowed the app to launch, the XPC server rejected the expired certificate that was involved. It's not impossible they used a separate certificate to secure the IPC channel that happened to expire at the same time, but then that would be more complicated than just leveraging macOS' codesigning validation against the client. So this is still speculation on my part, but it lines up.
9to5mac.com
