Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Here is what I saw. Obviously no way to know if 100% true, but looks legit.

View attachment 764776
It's probably the phone call feature in Gmail. I would be concerned if that popped up without me initiating or receiving a call, though.
[doublepost=1528230068][/doublepost]
Ummm what about IP address + mac address? Aren't those frequently included with internet communications and pretty good proxies for identity?
Can't do much about the IP address. For internal network "security," I know iOS randomizes MAC addresses, dunno about macOS.
 
  • Like
Reactions: jeremiah256
It's probably the phone call feature in Gmail. I would be concerned if that popped up without me initiating or receiving a call, though.
[doublepost=1528230068][/doublepost]
Can't do much about the IP address. For internal network "security," I know iOS randomizes MAC addresses, dunno about macOS.

Yea, he mentions that in the thread. He wasn't using Hangouts or initiating a call or anything, just using Gmail in Chrome like he normally would.
 
Here is what I saw. Obviously no way to know if 100% true, but looks legit.

View attachment 764776
That is not Gmail asking that is Chrome wanting access either for text dictation or As Google goes more towards an AI user interface microphone is essential in that respect. If Siri ever gets smart enough and Apple integrates AI even Apples browser will ask the same thing. Btw, I love AI. Google assistant scheduled an appt for me, ordered our dinner and sent the wife a message to pick the food up all the while I was working on remodeling the kitchen without me lifting any device. And btw it is easy to shut off the device or micrpshone if you're worried it might here something sensitive. Imvho the value outweighs the need for a tin foil hat. Besides privacy is a talking point, in real world applications we lost our privacy long ago.
 
Last edited:
Y'all act like your way more safe using mac and ios but in reality you're not. Vpn, https 1.1.1.1 help but no one is ever secure. Maybe when Mac get Windows market share you'll see. No one wants to hack such a small market share.
Apple's tight control over macOS makes it more secure in practice. There are way too many unknowns and variables involved in a Windows PC. It's like how an iPhone is on average more secure than Android phone, and iOS used to have the greater market share.

That and Unix is always been better than DOS, NT, and whatever else MSFT will make. You really can't trust MSFT's mostly closed-source software to be secure, and they've made many design mistakes from the very beginning and repeated them. Against Apple, Google is the only real contender when it comes to platform software, and even then it's obvious Apple is the main one pushing security and privacy.
 
Last edited:
  • Like
Reactions: mackiwilad
Y'all act like your way more safe using mac and ios but in reality you're not. Vpn, https 1.1.1.1 help but no one is ever secure. Maybe when Mac get Windows market share you'll see. No one wants to hack such a small market share.

That is not Gmail asking that is Chrome wanting access either for text dictation or As Google goes more towards an AI user interface microphone is essential in that respect. If Siri ever gets smart enough and Apple integrates AI even Apples browser will ask the same thing. Btw, I love AI. Google assistant made my Dr appt for me, ordered our dinner and sent the wife a message to pick the food up all the while I was working on remodeling the kitchen without me lifting any device. And btw it is easy to shirt off the device or.micrphone is you're worried it might here talk about something sensitive. Imvho tje value outweighs the need for a tin foil hat. Besides privacy is a talking point in real world applications we lost our privacy long ago.

I have no problem with your perspective, was just pointing it out. It all comes down to the individual, what they value, and who they trust with their data. I don't trust Google because they exist for the sole purpose of gathering user data and advertising. They have a lot more motive than a company like Apple, who wouldn't risk their entire reputation by violating it's customers' privacy. For those that see the value in what they offer in return, that's totally fine. It's just not for me.
 
  • Like
Reactions: mackiwilad
You all can't be that naive. Isp's know everywhere you go anyway.

I call a big BS. Gmail never asks for access to microphone in phone or pc. I use and Android and pc exclusively and even in the Such bs misinforma

That is the biggest BS ever. I use Gmail, Android, and pc exclusively and there is no microphone permission even associated with gmail. Just storage, contacts and calendar whether using an andrpid phone or pc through chrome or edge.
Uh huh...you joined here why? Serious question.
 
  • Like
Reactions: mackiwilad
You all can't be that naive. Isp's know everywhere you go anyway.
And because of that we should abandon all privacy?
That is the biggest BS ever. I use Gmail, Android, and pc exclusively and there is no microphone permission even associated with gmail.
Well, at least on a Windows PC this is no surprise. Regular Win32 desktop applications can access the microphone without ever asking for permission. Only UWP (touch-style) apps from the Windows store are subject to the privacy permissions. Between things like this and telemetry that cannot be disabled Windows 10 isn't exactly known for good privacy.
Just storage, contacts and calendar whether using an andrpid phone or pc through chrome or edge.
Very likely the Gmail web page asked for microphone access because Hangouts is embedded on the page.
 
  • Like
Reactions: fairuz
Privacy is a myth in the current world. Even swiping a credit card gives away your exact location and purchase habit etc etc.
 
I better do not update my relatives laptops with all these warning pop ups or I would have to make it my full time job supporting them.

Like a button could literally say „accept to continue“ and my mother would still call me with a screenshot taken with her crappy phone asking me what she should do. Like reaaaad
 
Noooooo!

Why oh why, can we just have a computer that isn’t locked down!?

Apple wants to have a walled garden and for anyone not happy with the App Store is ****ed!
I haven't seen any indication that Apple won't allow the installation of unsigned apps anymore. So I'm not sure what you are concerned about.
[doublepost=1528231506][/doublepost]
Ummm what about IP address + mac address? Aren't those frequently included with internet communications and pretty good proxies for identity?
Your MAC address isn't visible after the first hop router.
 
  • Like
Reactions: fairuz
Uh huh...you joined here why? Serious question.
Np worries. I joined to learn about whether switching to iOS and Mac were a viable option. I learned many here are misinformed, condescending and jist flat out delusional. I also learned iPhones, Siri and Macs are really not what they seem and often outdated feature wise. Still fun keeping an eye out to see if maybe down the road a switch would be a good fit . I hold no loyalty to any company or brand. But all the people thinking they're safer on Apple products just kills me. I keep it real.
[doublepost=1528231813][/doublepost]
And because of that we should abandon all privacy?
Well, at least on a Windows PC this is no surprise. Regular Win32 desktop applications can access the microphone without ever asking for permission. Only UWP (touch-style) apps from the Windows store are subject to the privacy permissions. Between things like this and telemetry that cannot be disabled Windows 10 isn't exactly known for good privacy.
Very likely the Gmail web page asked for microphone access because Hangouts is embedded on the page.
Hangouts is another possibility but it has to be enabled. It is not enabled by default.
 
Last edited:
This is great. One of the main reasons I stick with Apple. For comparison, I saw a tweet yesterday - accessing GMail via Google Chrome requested access to the users' microphone in Mojave :eek:

Yet another reason I chose to ban google services and products from my life a long time ago. I do everything I can to minimize what the thieves at google and fartbook get from me. Hats off once again to Apple for siding with us folks who don’t want this invasion.
 
  • Like
Reactions: kemo
Yea, he mentions that in the thread. He wasn't using Hangouts or initiating a call or anything, just using Gmail in Chrome like he normally would.
I think Chrome was asking for access to microphone because Chrome/Google supports searching using voice, open Google webpage and there is a Mic icon in the search box, its nothing sinister just someone getting their knickers in a twist over nothing.
 
It's like SSL w/ CAs. Anyone can get a cert, but you can't get a cert for someone else's name. So I can download Handbrake and tell it's safe by looking at the bundle ID instead of computing a SHA256 and matching it against... their site that could be hacked anyway.

No it's not. I want to go to www.example.com, SSL and the CA provide assurance that I am reaching the server that I typed in. In fact, browsers make this check automatic.

The problem is nobody pays attention to, or even knows whether Handbrake should be signed by "The Handbrake Team", "Handbrake LLC", "Joe A. Developer", somebody on their website called "Ethercycle", all of which could be valid or not. There's no way to automate this checking.

The only exception is what Android does and ensures that updates are signed by the same organization that the original install came from, but that doesn't protect the initial install.
 
Can anyone access to Mojave confirm if sizing a folder is instant in Mojave and after trimming the video in quick look can one actually save it? Both things do not work in HS and I don't know if Apple will ever care to fix them.
 
I might pass on 10.14.
Notarization will let macOS Mojave users know for sure that a third-party non-App Store Mac app has been double checked by Apple and that it's free from malware.
Whilst the intention is good. I want to install what I want to install.
My choice.

I am pretty sure that you will still be able to override it, like you can override the signature requirement right now. Its all about sensible security defaults after all.
 
  • Like
Reactions: jeremiah256
No it's not. I want to go to www.example.com, SSL and the CA provide assurance that I am reaching the server that I typed in. In fact, browsers make this check automatic.

The problem is nobody pays attention to, or even knows whether Handbrake should be signed by "The Handbrake Team", "Handbrake LLC", "Joe A. Developer", somebody on their website called "Ethercycle", all of which could be valid or not. There's no way to automate this checking.

The only exception is what Android does and ensures that updates are signed by the same organization that the original install came from, but that doesn't protect the initial install.
It's the same leap of faith the first time. How do you know handbrake.fr is the right domain for Handbrake when you visit their site? CAs give certs for stuff like "www.apple.com.ma.nz" or "ebey.com," and attackers trick people with fake sites this way. Apple can make it easier than that by ensuring no two apps or devs have similar names and disallowing misleading names.
 
Last edited:
  • Like
Reactions: Ener Ji



Apple is beefing up security in both iOS 12 and macOS Mojave, and in a yesterday's Platforms State of the Union event for developers, Apple outlined a number of new protections that are coming to the Mac with Mojave.

First of all, Apple is extending privacy protections to the camera, microphone, and other sensitive user data that includes mail database, message history, Safari data, Time Machine backups, iTunes device backups, locations and routines, and system cookies.

In macOS Mojave, apps will need express user consent for all API and direct access to these resources, with users able to access their security preferences in the Security section of System Preferences.

macosmojaveprivacy-800x508.jpg
For apps that are distributed outside of the Mac App Store and signed with a Developer ID, Apple is introducing a secondary "Notarize" review process that's designed to detect malware faster and provide Apple with finer-grained revocation tools to revoke a specific bad release rather than a developer's entire certificate.

Notarization will let macOS Mojave users know for sure that a third-party non-App Store Mac app has been double checked by Apple and that it's free from malware. Eventually, Apple plans to require all Developer ID apps to be notarized before they can be installed, but Apple says this is not an app review process and is used exclusively to analyze apps for security purposes.

Apple is introducing enhanced runtime protections that will extend System Integrity Protection features to third-party apps, protecting them from code injection and other tampering.

As in iOS 12, macOS Mojave is gaining support for automatic strong passwords, with Safari automatically creating, autofilling, and storing passwords. Passwords on macOS Mojave will be flagged if they've been reused, making it easier for users to create unique passwords for each login.

macosmojavenotarize-800x394.jpg

Multiple anti-tracking and privacy improvements are coming to Safari to keep your browsing habits private. Right now, advertisers use browser and device characteristics to create a "fingerprint" for you to surreptitiously track you across the web.

Apple is aiming to put a stop to this by sharing only a simplified system profile when you browse the web, giving advertisers less of your data to work with. Improved Intelligent Tracking Prevention also prevents social media Like, Share, and Comment buttons and widgets from tracking you without your permission.

As we covered earlier, macOS Mojave will be the last version of macOS to support 32-bit apps, another move that Apple is making to keep its Mac operating system secure and up to date.

Article Link: Apple Details Upcoming Privacy and Security Protections in macOS Mojave
[doublepost=1528233817][/doublepost]So... are we going the route of the old Mac vs. PC ads with Justin Long? The big CIA guy in the background having to approve everything? Seems that way.
 
Eventually, Apple plans to require all Developer ID apps to be notarized before they can be installed, but Apple says this is not an app review process and is used exclusively to analyze apps for security purposes.
Uh-oh. All the other changes are good, but this one is definitely concerning. Is every single new release of a signed application going to require notarization, causing delays when the developer pushes out updates? What constitutes a pass or fail?
 
Eventually, Apple plans to require all Developer ID apps to be notarized before they can be installed,

Wait what does this mean exactly? Will we still be able to install any app, even if it's not "notarized"? I sure hope so.

If I understand correctly, this only applies for "Developer ID apps", and apps that don't have that aren't affected, and can be installed no matter what.

I'm all for security features but in the end I want to be able to have the final say on whether I want to install something or not. Because you know, it's my computer.
 
Noooooo!

Why oh why, can we just have a computer that isn’t locked down!?

Apple wants to have a walled garden and for anyone not happy with the App Store is ****ed! I mean what is wrong with some tweaking of macOS features and apps not from the store! It’s the very last reason I use Mac that it’s Linux and you can tweak but it’s got so bad now that it’s no longer a desktop os!

I feel sad.

I have no doubt that you and I will continue to be able to install anything want either by consciously turning down security or bypassing a security warning.

My 70+ year-old father, however, will be best served by default settings that allow only signed and reviewed apps to be installed, whether from the App Store or directly from a developer.
 
  • Like
Reactions: jlozoya
Uh-oh. All the other changes are good, but this one is definitely concerning. Is every single new release of a signed application going to require notarization, causing delays when the developer pushes out updates? What constitutes a pass or fail?
Better delayed updates than bad ones. This is a far better alternative to having everyone install malware scanners on their computers.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.