Apple Addresses Privacy Concerns Surrounding App Authentication in macOS

by

Following the release of macOS Big Sur on Thursday, Mac users began to experience issues with opening apps while connected to the internet. Apple's system status page attributed the situation to issues with its Developer ID notary service, with developer Jeff Johnson specifying that there were connection issues with Apple's OCSP server.

macosmojaveprivacy
Shortly after, security researcher Jeffrey Paul shared a blog post titled "Your Computer Isn't Yours," in which he raised privacy and security concerns related to Macs "phoning home" to Apple's OCSP server. In short, Paul said that the OCSP traffic that macOS generates is not encrypted and could potentially be seen by ISPs or even the U.S. military.

Apple has since responded to the matter by updating its "Safely open apps on your Mac" support document with new information, as noted by iPhoneinCanada. Here's the new "Privacy protections" section of the support document in full:

macOS has been designed to keep users and their data safe while respecting their privacy.

Gatekeeper performs online checks to verify if an app contains known malware and whether the developer's signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.

These security checks have never included the user's Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

Apple clarifies that user-specific data is not harvested during the security check and that it plans on removing all IP information from the logs. In addition, it plans on introducing several changes to the system over the next year, including:

  • a new encrypted protocol for Developer ID certificate revocation checks
  • strong protections against server failure
  • a new preference for users to opt out of these security protections

Some users have advocated blocking the traffic to Apple's authentication servers, but it appears that Apple will provide this option to end-users in the future as well.

Popular Stories

iOS 26

iOS 26.3 and iOS 26.4 Will Add These New Features to Your iPhone

Tuesday February 3, 2026 7:47 am PST by
While the iOS 26.3 Release Candidate is now available ahead of a public release, the first iOS 26.4 beta is likely still at least a week away. Following beta testing, iOS 26.4 will likely be released to the general public in March or April. Below, we have recapped known or rumored iOS 26.3 and iOS 26.4 features so far. iOS 26.3 iPhone to Android Transfer Tool iOS 26.3 makes it easier...
Read Full Article32 comments
imac video apple feature

Apple Makes Its Second-Biggest Acquisition Ever

Tuesday February 3, 2026 12:45 pm PST by
Apple recently acquired Israeli startup Q.ai for close to $2 billion, according to Financial Times sources. That would make this Apple's second-biggest acquisition ever, after it paid $3 billion for the popular headphone maker Beats in 2014. This is also the largest known Apple acquisition since the company purchased Intel's smartphone modem business and patents for $1 billion in 2019....
Read Full Article
Apple Logo Black

Apple's Next Launch is 'Imminent'

Sunday February 1, 2026 12:31 pm PST by
The calendar has turned to February, and a new report indicates that Apple's next product launch is "imminent," in the form of new MacBook Pro models. "All signs point to an imminent launch of next-generation MacBook Pros that retain the current form factor but deliver faster chips," Bloomberg's Mark Gurman said on Sunday. "I'm told the new models — code-named J714 and J716 — are slated...
Read Full Article
iOS 26 Home Feature

Apple Gives Final Warning to Home App Users

Tuesday February 3, 2026 8:55 am PST by
In 2022, Apple introduced a new Apple Home architecture that is "more reliable and efficient," and the deadline to upgrade and avoid issues is fast approaching. In an email this week, Apple gave customers a final reminder to upgrade their Home app by February 10, 2026. Apple says users who do not upgrade may experience issues with accessories and automations, or lose access to their smart...
Read Full Article69 comments
Aston Martin CarPlay Ultra Screen

Apple's CarPlay Ultra to Expand to These Vehicle Brands Later This Year

Sunday February 1, 2026 10:08 am PST by
Last year, Apple launched CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. Nearly nine months later, CarPlay Ultra is still limited to Aston Martin's latest luxury vehicles, but that should change fairly soon. In May 2025, Apple said many other vehicle brands planned to offer CarPlay Ultra, including Hyundai, Kia, and Genesis. In his Powe...
Read Full Article90 comments

Top Rated Comments

dracarysar Avatar
dracarysar
68 months ago
The larger issue here in my opinion is that Apple is bypassing firewalls and vpn apps and exposing your public ip. If you go to the trouble of using a vpn to hide your traffic apple shouldn’t be bypassing those measures and broadcasting unencrypted packets.

Although this particular traffic is relatively harmless, the very idea that they thought that was a good design decision is disturbing.
Score: 70 Votes (Like | Disagree)
Kung gu Avatar
Kung gu
68 months ago
Good to see them addressing this and not keeping quiet!!
Score: 57 Votes (Like | Disagree)
jjjlevin Avatar
jjjlevin
68 months ago
im glad apple is actually responding to this. I half expected them to ignore it.
Score: 45 Votes (Like | Disagree)
DiscoToast Avatar
DiscoToast
68 months ago
Still hella sketchy. I still trust Apple more than any other big tech company... but honestly not by much.
Score: 33 Votes (Like | Disagree)
dracarysar Avatar
dracarysar
68 months ago

They didn't explain or acknowledge this at all.
Exactly, which is arguably worse because they are basically acting like that aspect wasn’t a big deal.
Score: 30 Votes (Like | Disagree)
Bandaman Avatar
Bandaman
68 months ago

The larger issue here in my opinion is that Apple is bypassing firewalls and vpn apps and exposing your public ip. If you go to the trouble of using a vpn to hide your traffic apple shouldn’t be bypassing those measures and broadcasting unencrypted packets.

Although this particular traffic is relatively harmless, the very idea that they thought that was a good design decision is disturbing.
They didn't explain or acknowledge this at all.
Score: 26 Votes (Like | Disagree)
Read All Comments