Source: Bryan M. Wolfe / iMore
What you need to know
- Apple has addressed privacy concerns raised following a server outage last week.
- It says its Gatekeeper tool does not include a user's Apple ID or device identity in security checks.
- Apple has promised a new encrypted protocol coming in the next 12 months, and an opt-out option.
Apple has addressed privacy concerns raised about macOS over the weekend following a server outage last week.
A report last week suggested measures used to protect users against malware and such was a privacy concern because it used unique identifiers each time a user opened an app.
Apple has now addressed these claims in an update to its 'Safely open apps on your Mac' support document. In a new section titled 'Privacy protections,' Apple states:
macOS has been designed to keep users and their data safe while respecting their privacy.
Gatekeeper performs online checks to verify if an app contains known malware and whether the developer's signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.
Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.
These security checks have never included the user's Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
Apple has also confirmed plans over the next 12 months to introduce three key changes to this system, they are:
- A new encrypted protocol for Developer ID certificate revocation checks
- Stronger protections against server failure (which started this whole debate)
- An opt-out preference for users
Regarding concerns raised in the initial report, Apple has confirmed to iMore that the certificate revocation checks used at this system are important for security, as certificates can be revoked if a developer thinks it has been compromised or used to sign potentially harmful software.
Apple states that online certificate status protocol (OCSP) is an industry-standard and that it doesn't contain either your Apple ID, the identity of your device, or the app being launched, putting to bed claims that the issue meant Apple could see who you were and what apps you were opening at any given time.
Apple says that OCSP is also used to check other certificates like those used to encrypt web connections, so they are done over HTTP to prevent an infinite loop (no pun intended) where checking if a certificate is valid might depend on the result of a request to the same server, which it wouldn't be able to resolve.
Separately, all apps running on macOS Catalina and later are notarized by Apple to confirm they don't contain malicious software when they're created, and the app is checked again when each time it is opened to confirm that this hasn't changed in the meantime. Apple says these checks are encrypted, and not vulnerable to server failures.
Regarding last week's specific outage, it appears this was caused by a server-side issue preventing macOS from being able to cache the response to the OCSP checks, combined with an unrelated CDN issue, which was causing the slow performance and hangs many users saw last week. Apple says this has been fixed, and that users don't need to make any changes at their end. App notarization checks (the encrypted kind mentioned above) were not affected by the outage last week.
Regardless, Apple will introduce a new encrypted protocol for the former Developer ID checks in the next year, as well as increasing server resiliency and finally, adding an opt-out option for users.
We may earn a commission for purchases using our links. Learn more.

Review: Secretlab's TITAN Evo 2022 is probably the best gaming chair ever
Secretlab's TITAN Evo is its 2022 offering. It's an awesome upgrade on its 2020 model and the perfect gaming chair for any gamer.

iOS gaming recap: PlayStation makes big moves into iOS, Streets of Rage 4
Besides some new games, a huge game maker discussed its plans to move into the mobile space, although it's unclear when. Here's what else you missed this week.

GRAMMY-winning music producer lauds his Mac Studio but still wants Mac Pro
GRAMMY-winning music producer Mike Dean, who has worked with the likes of Kanye, Selena Gomez, and Madonna has taken to Instagram to wax lyrical about his M1 Ultra Mac Studio while still lamenting the fact that he can't buy an Apple silicon Mac Pro.

These accessories will go great with your Apple AirTags
Apple's AirTag doesn't have any hooks or adhesive for attaching to your precious items. Luckily there are plenty of accessories for that purpose, both from Apple and third parties.