What you need to know
- Apple has addressed privacy concerns raised following a server outage last week.
- It says its Gatekeeper tool does not include a user's Apple ID or device identity in security checks.
- Apple has promised a new encrypted protocol coming in the next 12 months, and an opt-out option.
Apple has addressed privacy concerns raised about macOS over the weekend following a server outage last week.
A report last week suggested measures used to protect users against malware and such was a privacy concern because it used unique identifiers each time a user opened an app.
Apple has now addressed these claims (opens in new tab) in an update to its 'Safely open apps on your Mac' support document. In a new section titled 'Privacy protections,' Apple states:
macOS has been designed to keep users and their data safe while respecting their privacy.Gatekeeper performs online checks to verify if an app contains known malware and whether the developer's signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.These security checks have never included the user's Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
Apple has also confirmed plans over the next 12 months to introduce three key changes to this system, they are:
- A new encrypted protocol for Developer ID certificate revocation checks
- Stronger protections against server failure (which started this whole debate)
- An opt-out preference for users
Regarding concerns raised in the initial report, Apple has confirmed to iMore that the certificate revocation checks used at this system are important for security, as certificates can be revoked if a developer thinks it has been compromised or used to sign potentially harmful software.
Apple states that online certificate status protocol (OCSP) is an industry-standard and that it doesn't contain either your Apple ID, the identity of your device, or the app being launched, putting to bed claims that the issue meant Apple could see who you were and what apps you were opening at any given time.
Apple says that OCSP is also used to check other certificates like those used to encrypt web connections, so they are done over HTTP to prevent an infinite loop (no pun intended) where checking if a certificate is valid might depend on the result of a request to the same server, which it wouldn't be able to resolve.
Separately, all apps running on macOS Catalina and later are notarized by Apple to confirm they don't contain malicious software when they're created, and the app is checked again when each time it is opened to confirm that this hasn't changed in the meantime. Apple says these checks are encrypted, and not vulnerable to server failures.
Regarding last week's specific outage, it appears this was caused by a server-side issue preventing macOS from being able to cache the response to the OCSP checks, combined with an unrelated CDN issue, which was causing the slow performance and hangs many users saw last week. Apple says this has been fixed, and that users don't need to make any changes at their end. App notarization checks (the encrypted kind mentioned above) were not affected by the outage last week.
Regardless, Apple will introduce a new encrypted protocol for the former Developer ID checks in the next year, as well as increasing server resiliency and finally, adding an opt-out option for users.
