Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

leman

macrumors P6
Oct 14, 2008
16,103
13,228
See this blog post. Was reported on 9to5 Mac. I wondered what people’s thoughts were on this. Seems concerning to me...



In any kind of security scheme, there has to be a trusted party. If you care about software security, there has to be an agency that verifies signatures and synchronizes certificates. The question is, do you trust Apple to do this or not? If not, you shouldn’t use Apple products.

Apple is aggressively moving forwards with their security policies. Personally, I don‘t have any problem with that. If I wanted to tinker I’ll buy a Raspberry Pi.

By the way, I call BS on “every time you open an app macOS calls home”. More likely there is a local database that is checked first and only in some cases does the data gets synchronized.
 

JMacHack

Suspended
Mar 16, 2017
1,889
2,276
Disgusting, I'm downloading Little Snitch to block this now. I was wondering why my laptop was freaking out yesterday and now I know. Even if I wasn't concerned about privacy, having that affect the user experience is downright annoying.
 

Saturn007

macrumors 6502a
Jul 18, 2010
767
529
Another thread was started on this: https://forums.macrumors.com/threads/apple-spying-on-you-with-apple-silicon.2267897/

It is worrisome. If I’ve downloaded an app from Apple's App Store, that should be security enough. Apple shouldn't be tracking me every time I open an app, when I use it, for how long, logging where I am, my ISP, etc.

Worse, as the article points out, the data transmission is *unencrypted* and available to the NSA'S PRISM program — meaning it's not just Apple that has access to it!

Finally, even the concerns are being hyped in some quarters or worries overdrawn by some, it hurts Apple reputation and branding as the guardian of people's privacy!
 
  • Like
Reactions: RogerWade

playtech1

macrumors 6502
Oct 10, 2014
432
413
This is pretty concerning, if true. I appreciate Apple will say it's about avoiding malware, but it's absolutely not OK to collect this level of data without informed consent.
 

boss.king

macrumors 603
Apr 8, 2009
5,067
3,794
In any kind of security scheme, there has to be a trusted party. If you care about software security, there has to be an agency that verifies signatures and synchronizes certificates. The question is, do you trust Apple to do this or not? If not, you shouldn’t use Apple products.

Apple is aggressively moving forwards with their security policies. Personally, I don‘t have any problem with that. If I wanted to tinker I’ll buy a Raspberry Pi.

By the way, I call BS on “every time you open an app macOS calls home”. More likely there is a local database that is checked first and only in some cases does the data gets synchronized.
Isn't that the whole point of the app store and making people jump through hoops to install apps from outside of it? If I've already got my apps from a supposedly secure source, why does Apple need to regularly reverify it before I can use the same app that was fine the last time they checked, and why do they need to log that information? This isn't me being snarky or facetious, I'm genuinely asking what the possible benefit to me as a user is?
 

Madhatter32

macrumors 6502a
Apr 17, 2020
882
1,810
If true this revelation is an outrageous breach of trust. Why would anybody actually trust Apple with this information? It is not that Apple is inherently more trustworthy than any other big tech firm like Goggle or Microsoft. But even if it is more trustworthy for some, those people have no reason to trust Akamai, who apparantly receives the information unencrypted per the report. I personally do not think there is any justification whatsoever for this kind of intrusive non-stop surveillance without a warrant.
 

cmaier

Suspended
Jul 25, 2007
25,407
33,439
California
If true this revelation is an outrageous breach of trust. Why would anybody actually trust Apple with this information? It is not that Apple is inherently more trustworthy than any other big tech firm like Goggle or Microsoft. But even if it is more trustworthy for some, those people have no reason to trust Akamai, who apparantly receives the information unencrypted per the report. I personally do not think there is any justification whatsoever for this kind of intrusive non-stop surveillance without a warrant.
Do you understand what a warrant is? Because if you do, you realize that what you just said is nonsense.
 

boss.king

macrumors 603
Apr 8, 2009
5,067
3,794
This is a silly thing to worry about. In any signature scheme, there is a trusted entity that checks the signature.
Until a server crumbles somewhere and now your apps don't launch for seemingly no reason. I know it's rare, but surely they should have planned for that eventuality.
 
  • Like
Reactions: bklement

deeddawg

macrumors G4
Jun 14, 2010
11,791
5,873
US
Until a server crumbles somewhere and now your apps don't launch for seemingly no reason. I know it's rare, but surely they should have planned for that eventuality.
Huh? At least some folks regularly use their computers when not connected to the Internet. I know it might baffle the imagination in today's age, but it still happens frequently. :p

Of course he doesn’t, he makes a living bashing Apple.
What? The video splash page (or whatever the name is) surely indicates a calm rational discussion of the topic, right? :D

1605302447981.png
 

boss.king

macrumors 603
Apr 8, 2009
5,067
3,794
Huh? At least some folks regularly use their computers when not connected to the Internet. I know it might baffle the imagination in today's age, but it still happens frequently. :p
Sure, I work away from wifi every now and then, but that's not really the norm.
 

bobmans

macrumors 6502a
Feb 7, 2020
528
1,450
See my reply from another thread about this:

Checked the article real quick and it's full of lies, you should not take everything you read at face value.
Had a good laugh reading this, can't believe the author calls himself a "hacker and security researcher".

1. All Macs do this. It's not Apple Silicon exclusive.
2. This article makes it sound so dramatical.
3. Basically if you open an Application from the App store, Apple checks if it's signed correctly to see if it's not tampered with.
4. They're not logging Applications, they're sending digital certificates and basically responding with "OK"/"NOT OK".
5. The results gets cached so a request is only made every 3 to 7 days per application, not "everytime you open an app" like this article claims.
5. OCSP is an industry standard.


That's it, next story please.
 

deeddawg

macrumors G4
Jun 14, 2010
11,791
5,873
US
Sure, I work away from wifi every now and then, but that's not really the norm.
For many, true. My point was more there's enough people who are regularly off-net for one reason or other (*) that applications being unable to open due to inability to phone-home would show up far sooner than the poster I quoted implied.

(*) When I was traveling more for work I'd rarely connect to airport wifi with my laptop, nor did I typically use aircraft wifi -- still got work done using local files.
 
  • Like
Reactions: BigMcGuire

Maconplasma

Cancelled
Sep 15, 2020
2,489
2,211
Well, Louis Rossman does not think it is "a silly thing to worry about." He seems to suggest that there is a lot more going on than simple signature confirmation.

Louis Rossman is the worse piece of trash on YouTube. He hates Apple and tries to make money and clicks on YouTube trashing Apple. Yuk!
 
  • Like
Reactions: Nightfury326
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.