Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
55,467
17,808


Following the release of macOS Big Sur on Thursday, Mac users began to experience issues with opening apps while connected to the internet. Apple's system status page attributed the situation to issues with its Developer ID notary service, with developer Jeff Johnson specifying that there were connection issues with Apple's OCSP server.

macosmojaveprivacy.jpg

Shortly after, security researcher Jeffrey Paul shared a blog post titled "Your Computer Isn't Yours," in which he raised privacy and security concerns related to Macs "phoning home" to Apple's OCSP server. In short, Paul said that the OCSP traffic that macOS generates is not encrypted and could potentially be seen by ISPs or even the U.S. military.

Apple has since responded to the matter by updating its "Safely open apps on your Mac" support document with new information, as noted by iPhoneinCanada. Here's the new "Privacy protections" section of the support document in full:
macOS has been designed to keep users and their data safe while respecting their privacy.

Gatekeeper performs online checks to verify if an app contains known malware and whether the developer's signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.

These security checks have never included the user's Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
Apple clarifies that user-specific data is not harvested during the security check and that it plans on removing all IP information from the logs. In addition, it plans on introducing several changes to the system over the next year, including:
  • a new encrypted protocol for Developer ID certificate revocation checks
  • strong protections against server failure
  • a new preference for users to opt out of these security protections
Some users have advocated blocking the traffic to Apple's authentication servers, but it appears that Apple will provide this option to end-users in the future as well.

Article Link: Apple Addresses Privacy Concerns Surrounding App Authentication in macOS
 
Last edited:

LeadingHeat

macrumors 6502a
Oct 3, 2015
822
2,030
Nice to see them clarify their privacy statement even further. I know no company is perfect, but Apple really does put user privacy at their core and I appreciate that. Everything done on device, and the things like this (where it has to check if it’s known-bad malware) obviously has to check and compare against some server containing a master list. I like that in this case, everything is end to end encrypted and nothing identifying the user is included. Props
 

dracarysar

macrumors newbie
Nov 15, 2020
17
161
The larger issue here in my opinion is that Apple is bypassing firewalls and vpn apps and exposing your public ip. If you go to the trouble of using a vpn to hide your traffic apple shouldn’t be bypassing those measures and broadcasting unencrypted packets.

Although this particular traffic is relatively harmless, the very idea that they thought that was a good design decision is disturbing.
 

Bandaman

macrumors 68000
Aug 28, 2019
1,773
3,364
The larger issue here in my opinion is that Apple is bypassing firewalls and vpn apps and exposing your public ip. If you go to the trouble of using a vpn to hide your traffic apple shouldn’t be bypassing those measures and broadcasting unencrypted packets.

Although this particular traffic is relatively harmless, the very idea that they thought that was a good design decision is disturbing.
They didn't explain or acknowledge this at all.
 

PutTheFBackIn

macrumors member
May 10, 2016
94
828
Still hella sketchy. I still trust Apple more than any other big tech company... but honestly not by much.

Exactly.

Apple pushes the whole privacy thing as a marketing tactic, not because they actually care about it. And stories like this (and like the contractors listening to Siri recordings) prove that. There’s no telling what other shady tactics are being used by Apple on its users.

You’re actually more trusting than I am because I don’t think Apple is any better than the rest of them when it comes down to brass tacks.

But I’m a realist. We live in a tech world. I commit to the Apple ecosystem because it’s the most convenient for me and my needs. But does that mean I trust or think Apple is a good-natured, whole-hearted entity? Um... no. LOL
 

mannyvel

macrumors 65816
Mar 16, 2019
1,085
1,850
Hillsboro, OR
A non-alarmist take on this.


Seriously, if you don't like it turn Gatekeeper off, because you obviously understand all the risks involved in doing that.
 

dracarysar

macrumors newbie
Nov 15, 2020
17
161
Anyone that thinks apple is not logging and tracking everything you do and turning it over to the government is delusional.
At the very least, assuming they won’t hand over what they have when asked is delusional.

They may fight the fbi over device encryption, but that likely has more to do with not wanting to add back doors that could be exploited for jail breaking.

They log a LOT more than they should for a company that is advertises themselves as putting privacy first. If you don’t believe me request the data apple has stored about your Apple ID using the form on their website.

Not trying to bash them here. I do think they do a lot better than pretty much every other large company. At least they aren’t selling your data. Just don’t assume because they advertise privacy that they are not doing anything that would be considered invasive to a lot of people.
 

dracarysar

macrumors newbie
Nov 15, 2020
17
161
It's an unfortunate fact of software development that not all decisions made are necessarily the best ones they could have been for all possible outcomes, and sometimes you even know some of the resulting problems when you're making the decision.
They likely did it to prevent a vpn or firewall from causing what happened the other day.

Still though, they should at least acknowledge and address it now that it’s been discovered. They didn’t even mention this aspect of the security researcher’s article.
 

Bandaman

macrumors 68000
Aug 28, 2019
1,773
3,364
They likely did it to prevent a vpn or firewall from causing what happened the other day.

Still though, they should at least acknowledge and address it now that it’s been discovered. They didn’t even mention this aspect of the security researcher’s article.
This was the absolute biggest concern of the article and they ignored it entirely.
 

Kung gu

macrumors 65816
Oct 20, 2018
1,380
2,428
The larger issue here in my opinion is that Apple is bypassing firewalls and vpn apps and exposing your public ip. If you go to the trouble of using a vpn to hide your traffic apple shouldn’t be bypassing those measures and broadcasting unencrypted packets.

Although this particular traffic is relatively harmless, the very idea that they thought that was a good design decision is disturbing.
This was the absolute biggest concern of the article and they ignored it entirely.
This address was more regrading OSCP and servers and IP logging and opting out of such things
 

ksec

macrumors 68000
Dec 23, 2015
1,940
2,103
What they should do is more like old AntiVirus where Signatures ( or list ) are updated very frequently instead of having macOS phoning home on every App opening.
 

Kung gu

macrumors 65816
Oct 20, 2018
1,380
2,428
All u guys that are still unsure about Apples privacy stance, one thing is for sure, the OTHER tech companies collect much more WAY more, if u are worried about this, then the amount of data Google, Microsoft and facebook collect is beyond ur belief.
 

SeaFox

macrumors 68030
Jul 22, 2003
2,586
896
Somewhere Else
a new preference for users to opt out of these security protections

This is what I was specifically looking for. If the checks are really as innocuous as Apple wants to claim there should be no reason to not allow me, the 'effing owner of the computer, to turn them off. I don't download random apps from sketchy sites so I can do without the babysitting, Apple. I already had to disable the checks they have on High Sierra so I could run some open-source programs I use.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.