Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

leman

macrumors Core
Oct 14, 2008
19,307
19,295
See this blog post. Was reported on 9to5 Mac. I wondered what people’s thoughts were on this. Seems concerning to me...



In any kind of security scheme, there has to be a trusted party. If you care about software security, there has to be an agency that verifies signatures and synchronizes certificates. The question is, do you trust Apple to do this or not? If not, you shouldn’t use Apple products.

Apple is aggressively moving forwards with their security policies. Personally, I don‘t have any problem with that. If I wanted to tinker I’ll buy a Raspberry Pi.

By the way, I call BS on “every time you open an app macOS calls home”. More likely there is a local database that is checked first and only in some cases does the data gets synchronized.
 

JMacHack

Suspended
Mar 16, 2017
1,965
2,422
Disgusting, I'm downloading Little Snitch to block this now. I was wondering why my laptop was freaking out yesterday and now I know. Even if I wasn't concerned about privacy, having that affect the user experience is downright annoying.
 

Saturn007

macrumors 65816
Jul 18, 2010
1,463
1,330
Another thread was started on this: https://forums.macrumors.com/threads/apple-spying-on-you-with-apple-silicon.2267897/

It is worrisome. If I’ve downloaded an app from Apple's App Store, that should be security enough. Apple shouldn't be tracking me every time I open an app, when I use it, for how long, logging where I am, my ISP, etc.

Worse, as the article points out, the data transmission is *unencrypted* and available to the NSA'S PRISM program — meaning it's not just Apple that has access to it!

Finally, even the concerns are being hyped in some quarters or worries overdrawn by some, it hurts Apple reputation and branding as the guardian of people's privacy!
 
  • Like
Reactions: RogerWade

playtech1

macrumors 6502a
Oct 10, 2014
677
846
This is pretty concerning, if true. I appreciate Apple will say it's about avoiding malware, but it's absolutely not OK to collect this level of data without informed consent.
 

boss.king

macrumors 603
Apr 8, 2009
6,144
6,909
In any kind of security scheme, there has to be a trusted party. If you care about software security, there has to be an agency that verifies signatures and synchronizes certificates. The question is, do you trust Apple to do this or not? If not, you shouldn’t use Apple products.

Apple is aggressively moving forwards with their security policies. Personally, I don‘t have any problem with that. If I wanted to tinker I’ll buy a Raspberry Pi.

By the way, I call BS on “every time you open an app macOS calls home”. More likely there is a local database that is checked first and only in some cases does the data gets synchronized.
Isn't that the whole point of the app store and making people jump through hoops to install apps from outside of it? If I've already got my apps from a supposedly secure source, why does Apple need to regularly reverify it before I can use the same app that was fine the last time they checked, and why do they need to log that information? This isn't me being snarky or facetious, I'm genuinely asking what the possible benefit to me as a user is?
 

Madhatter32

macrumors 65816
Apr 17, 2020
1,452
2,910
If true this revelation is an outrageous breach of trust. Why would anybody actually trust Apple with this information? It is not that Apple is inherently more trustworthy than any other big tech firm like Goggle or Microsoft. But even if it is more trustworthy for some, those people have no reason to trust Akamai, who apparantly receives the information unencrypted per the report. I personally do not think there is any justification whatsoever for this kind of intrusive non-stop surveillance without a warrant.
 

cmaier

Suspended
Jul 25, 2007
25,405
33,471
California
If true this revelation is an outrageous breach of trust. Why would anybody actually trust Apple with this information? It is not that Apple is inherently more trustworthy than any other big tech firm like Goggle or Microsoft. But even if it is more trustworthy for some, those people have no reason to trust Akamai, who apparantly receives the information unencrypted per the report. I personally do not think there is any justification whatsoever for this kind of intrusive non-stop surveillance without a warrant.
Do you understand what a warrant is? Because if you do, you realize that what you just said is nonsense.
 

boss.king

macrumors 603
Apr 8, 2009
6,144
6,909
This is a silly thing to worry about. In any signature scheme, there is a trusted entity that checks the signature.
Until a server crumbles somewhere and now your apps don't launch for seemingly no reason. I know it's rare, but surely they should have planned for that eventuality.
 
  • Like
Reactions: bklement

deeddawg

macrumors G5
Jun 14, 2010
12,246
6,393
US
Until a server crumbles somewhere and now your apps don't launch for seemingly no reason. I know it's rare, but surely they should have planned for that eventuality.
Huh? At least some folks regularly use their computers when not connected to the Internet. I know it might baffle the imagination in today's age, but it still happens frequently. :p

Of course he doesn’t, he makes a living bashing Apple.
What? The video splash page (or whatever the name is) surely indicates a calm rational discussion of the topic, right? :D

1605302447981.png
 

boss.king

macrumors 603
Apr 8, 2009
6,144
6,909
Huh? At least some folks regularly use their computers when not connected to the Internet. I know it might baffle the imagination in today's age, but it still happens frequently. :p
Sure, I work away from wifi every now and then, but that's not really the norm.
 

bobmans

macrumors 6502a
Feb 7, 2020
596
1,750
See my reply from another thread about this:

Checked the article real quick and it's full of lies, you should not take everything you read at face value.
Had a good laugh reading this, can't believe the author calls himself a "hacker and security researcher".

1. All Macs do this. It's not Apple Silicon exclusive.
2. This article makes it sound so dramatical.
3. Basically if you open an Application from the App store, Apple checks if it's signed correctly to see if it's not tampered with.
4. They're not logging Applications, they're sending digital certificates and basically responding with "OK"/"NOT OK".
5. The results gets cached so a request is only made every 3 to 7 days per application, not "everytime you open an app" like this article claims.
5. OCSP is an industry standard.


That's it, next story please.
 

deeddawg

macrumors G5
Jun 14, 2010
12,246
6,393
US
Sure, I work away from wifi every now and then, but that's not really the norm.
For many, true. My point was more there's enough people who are regularly off-net for one reason or other (*) that applications being unable to open due to inability to phone-home would show up far sooner than the poster I quoted implied.

(*) When I was traveling more for work I'd rarely connect to airport wifi with my laptop, nor did I typically use aircraft wifi -- still got work done using local files.
 
  • Like
Reactions: BigMcGuire

Maconplasma

Cancelled
Sep 15, 2020
2,489
2,215
Well, Louis Rossman does not think it is "a silly thing to worry about." He seems to suggest that there is a lot more going on than simple signature confirmation.

Louis Rossman is the worse piece of trash on YouTube. He hates Apple and tries to make money and clicks on YouTube trashing Apple. Yuk!
 
  • Like
Reactions: Nightfury326
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.