Apple Details Upcoming Privacy and Security Protections in macOS Mojave

[MacRumors]

Apple is beefing up security in both iOS 12 and macOS Mojave, and in a yesterday's Platforms State of the Union event for developers, Apple outlined a number of new protections that are coming to the Mac with Mojave.

First of all, Apple is extending privacy protections to the camera, microphone, and other sensitive user data that includes mail database, message history, Safari data, Time Machine backups, iTunes device backups, locations and routines, and system cookies.

In macOS Mojave, apps will need express user consent for all API and direct access to these resources, with users able to access their security preferences in the Security section of System Preferences.

Your information, your image, your voice -- they're yours and yours alone to share with apps. macOS Mojave requires apps to get your approval before accessing the camera or microphone on your Mac. The same goes for data like your Messages history and Mail database.

For apps that are distributed outside of the Mac App Store and signed with a Developer ID, Apple is introducing a secondary "Notarize" review process that's designed to detect malware faster and provide Apple with finer-grained revocation tools to revoke a specific bad release rather than a developer's entire certificate.

Notarization will let macOS Mojave users know for sure that a third-party non-App Store Mac app has been double checked by Apple and that it's free from malware. Eventually, Apple plans to require all Developer ID apps to be notarized before they can be installed, but Apple says this is not an app review process and is used exclusively to analyze apps for security purposes.

Apple is introducing enhanced runtime protections that will extend System Integrity Protection features to third-party apps, protecting them from code injection and other tampering.

As in iOS 12, macOS Mojave is gaining support for automatic strong passwords, with Safari automatically creating, autofilling, and storing passwords. Passwords on macOS Mojave will be flagged if they've been reused, making it easier for users to create unique passwords for each login.

Multiple anti-tracking and privacy improvements are coming to Safari to keep your browsing habits private. Right now, advertisers use browser and device characteristics to create a "fingerprint" for you to surreptitiously track you across the web.

Apple is aiming to put a stop to this by sharing only a simplified system profile when you browse the web, giving advertisers less of your data to work with. Improved Intelligent Tracking Prevention also prevents social media Like, Share, and Comment buttons and widgets from tracking you without your permission.

As we covered earlier, macOS Mojave will be the last version of macOS to support 32-bit apps, another move that Apple is making to keep its Mac operating system secure and up to date.

Article Link: Apple Details Upcoming Privacy and Security Protections in macOS Mojave

 

[fairuz]

Can't say I understand much without seeing the details, but I'm glad they're focusing on this. The biggest thing is that app signing be made widely available. There's too much popular software that's unsigned, so people ignore the warnings, and things like the Handbrake and Transmission hacks infect Macs.

 

[djlythium]

THANK YOU, APPLE!

 

[macduke]

It's things like this that keep coming back to Apple—even when they occasionally piss me off! For me the lock-in is the security and privacy above all else.

 

[ThunderSkunk]

things like the Handbrake and Transmission hacks infect Macs

They do? What are we talking here, malware being installed or remote users gaining access to hosts and rooting around for loot or? I ask because a ah... friend of mine... ummm...

 

[rjp1]

Eventually, Apple plans to require all Developer ID apps to be notarized before they can be installed, but Apple says this is not an app review process and is used exclusively to analyze apps for security purposes.

It is not a review process, but a ... review process.

 

[DNichter]

This is great. One of the main reasons I stick with Apple. For comparison, I saw a tweet yesterday - accessing GMail via Google Chrome requested access to the users' microphone in Mojave

 

[H2SO4]

I might pass on 10.14.
“Notarization will let macOS Mojave users know for sure that a third-party non-App Store Mac app has been double checked by Apple and that it's free from malware.”
Whilst the intention is good. I want to install what I want to install.
My choice.

 

[konqerror]

The biggest thing is that app signing be made widely available. There's too much popular software that's unsigned, so people ignore the warnings, and things like the Handbrake and Transmission hacks infect Macs.

App signing stopped working. Malware steals legit developer certificates. Identity and credit card theft allows anybody to buy a certificate. Signing didn't stop Stuxnet, they people behind them broke into and stole a third-party's certificates.

The more "widely available" you make app signing, the less useful it is. If anybody can get a certificate trivially, so can malware writers.

 

[linkmaster02]

I might pass on 10.14.
“Notarization will let macOS Mojave users know for sure that a third-party non-App Store Mac app has been double checked by Apple and that it's free from malware.”
Whilst the intention is good. I want to install what I want to install.
My choice.

For apps that are distributed outside of the Mac App Store and signed with a Developer ID

It sounds like this doesn't apply to apps not signed with a Developer ID.

 

[KALLT]

I might pass on 10.14.
“Notarization will let macOS Mojave users know for sure that a third-party non-App Store Mac app has been double checked by Apple and that it's free from malware.”
Whilst the intention is good. I want to install what I want to install.
My choice.

There is nothing here that even suggests that this control is being taken away.

 

[slatbh]

While I agree with Apple's reasoning, there will be problems with 100% compulsory signing. For example, I live in Brazil and use government issued tax software. To install this software each year, I need to authorise it. It is highly unlikely the the Brazilian authorities will want to be bothered getting Apple's approval of their software. Also, official Brazilian websites often fail with the https security certificate as they don't have theirs signed by the official route, which I think is wrong BTW. So, please Apple consider the edge cases when implementing this, but please also keep security as a high priority.

 

[DNichter]

I might pass on 10.14.
“Notarization will let macOS Mojave users know for sure that a third-party non-App Store Mac app has been double checked by Apple and that it's free from malware.”
Whilst the intention is good. I want to install what I want to install.
My choice.

Will it not allow you to still install? I think that's just saying Apple will give you a green light if they can see it's free from viruses/malware/etc.

 

[nsayer]

There is nothing here that even suggests that this control is being taken away.

I hope that remains the case. I use the compiler in Xcode to build local tools or compile other Unix tools from time to time. I don't distribute those binaries, I merely use them. That's a use case that I hope remains unperturbed.

Having stuff that's widely distributed being signed is good, as long as Apple makes code signing certificates available on a FRAND basis. I don't worry a lot about such certificates being misappropriated for malware, as Apple has the ability to quickly circulate a CRL to prevent that sort of thing from being a widespread problem.

 

[groadyho]

You all can't be that naive. Isp's know everywhere you go anyway.

This is great. One of the main reasons I stick with Apple. For comparison, I saw a tweet yesterday - accessing GMail via Googl requested ac in Mojave

I call a big BS. Gmail never asks for access to microphone in phone or pc. I use and Android and pc exclusively and even in the Such bs misinforma

This is great. One of the main reasons I stick with Apple. For comparison, I saw a tweet yesterday - accessing GMail via Google Chrome requested access to the users' microphone in Mojave

That is the biggest BS ever. I use Gmail, Android, and pc exclusively and there is no microphone permission even associated with gmail. Just storage, contacts and calendar whether using an andrpid phone or pc through chrome or edge.

 

[lec0rsaire]

Apple is really killing it on the privacy and security front. It’s really a great strategy which did wonders for RIM in the past. macOS and iOS are already superior to the competition but these sorts of moves build lots of goodwill with customers.

 

[Will do good]

Thank you Apple.

 

[MallardDuck]

Thank you Apple.

For all the grief we give you on other things you’ve got this one right.

 

[fairuz]

App signing stopped working. Malware steals legit developer certificates. Identity and credit card theft allows anybody to buy a certificate. Signing didn't stop Stuxnet, they people behind them broke into and stole a third-party's certificates.

The more "widely available" you make app signing, the less useful it is. If anybody can get a certificate trivially, so can malware writers.

It's like SSL w/ CAs. Anyone can get a cert, but you can't get a cert for someone else's name. So I can download Handbrake and tell it's safe by looking at the bundle ID instead of computing a SHA256 and matching it against... their site that could be hacked anyway. It's a lot easier to keep your cert safe than it is to keep a website unhackable.

Just requires a little centralization to establish identity. It's a little better than the CAs because only Apple issues and revokes certs, but some CAs have gone rogue, and there's a confusing way of establishing authority (Google has had Chrome blacklist a CA before).

 

[DNichter]

You all can't be that naive. Isp's know everywhere you go anyway.

I call a big BS. Gmail never asks for access to microphone in phone or pc. I use and Android and pc exclusively and even in the Such bs misinforma

That is the biggest BS ever. I use Gmail, Android, and pc exclusively and there is no microphone permission even associated with gmail. Just storage, contacts and calendar whether using an andrpid phone or pc through chrome or edge.

Here is what I saw. Obviously no way to know if 100% true, but looks legit.

 

[alexgowers]

Noooooo!

Why oh why, can we just have a computer that isn’t locked down!?

Apple wants to have a walled garden and for anyone not happy with the App Store is ****ed! I mean what is wrong with some tweaking of macOS features and apps not from the store! It’s the very last reason I use Mac that it’s Linux and you can tweak but it’s got so bad now that it’s no longer a desktop os!

I feel sad.

 

[fairuz]

They do? What are we talking here, malware being installed or remote users gaining access to hosts and rooting around for loot or? I ask because a ah... friend of mine... ummm...

They hacked the websites or mirrors and uploaded a version of the app infected with malware, so people downloaded it. I forget what the malware did, but I know one dev who downloaded the malware had his Mac remotely accessed and source code stolen and ransomed.

The signatures on the site didn't help cause 1. nobody checks those and 2. hackers can sometimes change those anyway. I think both are open source too, but most people don't build from source or audit the code.

Handbrake had a mirror hacked: https://www.macrumors.com/2017/05/07/handbrake-app-security-warning-servers-hacked/
Transmission had it happen to them twice, omg: https://blog.malwarebytes.com/threat-analysis/2016/09/transmission-hijacked-again-to-spread-malware/

 

[RickInHouston]

Noooooo!

Why oh why, can we just have a computer that isn’t locked down!?

Apple wants to have a walled garden and for anyone not happy with the App Store is ****ed! I mean what is wrong with some tweaking of macOS features and apps not from the store! It’s the very last reason I use Mac that it’s Linux and you can tweak but it’s got so bad now that it’s no longer a desktop os!

I feel sad.

Apple doesn't want you to share a device. It's yours and yours alone.?.

 

[fairuz]

Noooooo!

Why oh why, can we just have a computer that isn’t locked down!?

Apple wants to have a walled garden and for anyone not happy with the App Store is ****ed! I mean what is wrong with some tweaking of macOS features and apps not from the store! It’s the very last reason I use Mac that it’s Linux and you can tweak but it’s got so bad now that it’s no longer a desktop os!

I feel sad.

You can always use stuff not from the store, but you have to understand the risk and bypass a warning. At least they make it a lot easier than it is to run Java in a web browser (So hard that I download an old version of Firefox in a Windows XP VM to deal with remote management that requires Java).

Mac isn't and never was Linux, but it's BSD, but that's beside the point.

 

[rb24]

Ummm what about IP address + mac address? Aren't those frequently included with internet communications and pretty good proxies for identity?