Apple Addresses Privacy Concerns Surrounding App Authentication in macOS

Following the release of macOS Big Sur on Thursday, Mac users began to experience issues with opening apps while connected to the internet. Apple's system status page attributed the situation to issues with its Developer ID notary service, with developer Jeff Johnson specifying that there were connection issues with Apple's OCSP server.

macosmojaveprivacy
Shortly after, security researcher Jeffrey Paul shared a blog post titled "Your Computer Isn't Yours," in which he raised privacy and security concerns related to Macs "phoning home" to Apple's OCSP server. In short, Paul said that the OCSP traffic that macOS generates is not encrypted and could potentially be seen by ISPs or even the U.S. military.

Apple has since responded to the matter by updating its "Safely open apps on your Mac" support document with new information, as noted by iPhoneinCanada. Here's the new "Privacy protections" section of the support document in full:

macOS has been designed to keep users and their data safe while respecting their privacy.

Gatekeeper performs online checks to verify if an app contains known malware and whether the developer's signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.

These security checks have never included the user's Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

Apple clarifies that user-specific data is not harvested during the security check and that it plans on removing all IP information from the logs. In addition, it plans on introducing several changes to the system over the next year, including:

  • a new encrypted protocol for Developer ID certificate revocation checks
  • strong protections against server failure
  • a new preference for users to opt out of these security protections

Some users have advocated blocking the traffic to Apple's authentication servers, but it appears that Apple will provide this option to end-users in the future as well.

Top Rated Comments

dracarysar Avatar
20 months ago
The larger issue here in my opinion is that Apple is bypassing firewalls and vpn apps and exposing your public ip. If you go to the trouble of using a vpn to hide your traffic apple shouldn’t be bypassing those measures and broadcasting unencrypted packets.

Although this particular traffic is relatively harmless, the very idea that they thought that was a good design decision is disturbing.
Score: 70 Votes (Like | Disagree)
Kung gu Avatar
20 months ago
Good to see them addressing this and not keeping quiet!!
Score: 57 Votes (Like | Disagree)
jjjlevin Avatar
20 months ago
im glad apple is actually responding to this. I half expected them to ignore it.
Score: 45 Votes (Like | Disagree)
DiscoToast Avatar
20 months ago
Still hella sketchy. I still trust Apple more than any other big tech company... but honestly not by much.
Score: 33 Votes (Like | Disagree)
dracarysar Avatar
20 months ago

They didn't explain or acknowledge this at all.
Exactly, which is arguably worse because they are basically acting like that aspect wasn’t a big deal.
Score: 30 Votes (Like | Disagree)
Bandaman Avatar
20 months ago

The larger issue here in my opinion is that Apple is bypassing firewalls and vpn apps and exposing your public ip. If you go to the trouble of using a vpn to hide your traffic apple shouldn’t be bypassing those measures and broadcasting unencrypted packets.

Although this particular traffic is relatively harmless, the very idea that they thought that was a good design decision is disturbing.
They didn't explain or acknowledge this at all.
Score: 26 Votes (Like | Disagree)

Related Stories

apple wallet drivers license feature

Apple Delays iOS 15 Feature for Adding Your Driver's License to Your iPhone Until Early 2022

Tuesday November 23, 2021 9:35 am PST by
Apple recently updated its website to indicate that an upcoming iOS 15 and watchOS 8 feature that will let you add your driver's license or state ID to your iPhone and Apple Watch in participating U.S. states has been delayed until early 2022. Apple previously said the feature would launch in late 2021. In September, Apple said Arizona and Georgia would be among the first states to introduce ...
Facebook Feature

Facebook's New 'Privacy Center' Will Help Educate Users on Data Collection and Privacy Options

Friday January 7, 2022 8:41 am PST by
Facebook today announced a new "Privacy Center" section on its website on the desktop. This new area will offer users a "new place to learn more about our approach to privacy across our apps and technologies" and "provides helpful information about five common privacy topics," Meta announced today in a press release. The new Privacy Center, rolling out to a small pool of Facebook users in...
ios15 mail privacy feature

watchOS 8.5 Fixes Mail Privacy Protection Loophole That Could Expose IP Addresses

Tuesday March 15, 2022 6:42 am PDT by
watchOS 8.5 fixes a security vulnerability in the Mail app that could leak a user's IP address when downloading remote content, security researchers have found. Last year, it emerged that Apple's Mail Privacy Protection feature was undermined by a lack of Apple Watch support. Mail Privacy Protection was a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP...
apple security banner

Apple Outlines How It Will Notify Users Who Have Been Targeted by State-Sponsored Spyware Attacks

Tuesday November 23, 2021 8:15 pm PST by
Earlier today, Apple announced that it had filed suit against NSO Group, the firm responsible for the Pegasus spyware that has been used in state-sponsored surveillance campaigns in a number of countries. NSO Group seeks to take advantage of vulnerabilities in iOS and other platforms to infiltrate the devices of targeted users such as journalists, activists, dissidents, academics, and government...
ios15 mail privacy feature

Mail Privacy Protection Seemingly Undermined by Apple Watch [Updated]

Tuesday November 16, 2021 6:28 am PST by
The security provided by Apple's Mail Privacy Protection feature is seemingly undermined by a lack of Apple Watch support, security researchers have found. Mail Privacy Protection is a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP address so senders are not able to determine your location or link email habits to your other online activity. It also...
macOS Big Sur Feature Triad

Apple Releases macOS Big Sur 11.6.1 With Security Fixes

Tuesday October 26, 2021 12:53 am PDT by
Apple today released macOS Big Sur 11.6.1, a minor update to the macOS Big Sur operating system that first came out in November 2020. macOS Big Sur 11.6.1 comes roughly six weeks after the launch of macOS Big Sur 11.6. The new ‌‌‌‌‌‌‌macOS Big Sur‌‌‌‌‌‌ 11.6.1 update can be downloaded to all eligible Macs using the Software Update section of System Preferences....
iOS App Store General Feature JoeBlue

U.S. Bills Allowing Sideloading Would Cause Consumers to Be Hit With 'Malware, Ransomware, and Scams,' Says Apple

Tuesday January 18, 2022 11:42 am PST by
U.S. bills that would require major changes to the App Store would ultimately cause consumers to be targeted with malware, ransomware, and scams, Apple's Senior Director of Government Affairs Timothy Powderly said in a letter that was sent today to the Senate Judiciary Committee and that was obtained by MacRumors. Apple sent the letter as the Judiciary Committee prepares to consider the Amer...
General Insta Facebook Messenger Feature Blue

Facebook Delays Plans to Use End-to-End Encryption As Default for Messenger and Instagram Messages Until at Least 2023

Monday November 22, 2021 6:32 am PST by
Facebook, now rebranded to "Meta," is delaying plans to use end-to-end encryption for Messenger and Instagram messages until at least 2023, a year later than the previous deadline promised by the social media behemoth. Writing in The Telegraph, Meta's head of global safety, Antigone Davis, said that the company is pushing back its deadline to roll out end-to-end encryption as the default...

Popular Stories

apple ar headset concept 1

Apple's Headset Said to Feature 14 Cameras Enabling Lifelike Avatars, Jony Ive Has Remained Involved With Design

Friday May 20, 2022 6:50 am PDT by
Earlier this week, The Information's Wayne Ma outlined struggles that Apple has faced during the development of its long-rumored AR/VR headset. Now, in a follow-up report, he has shared several additional details about the wearable device. Apple headset render created by Ian Zelbo based on The Information reporting For starters, one of the headset's marquee features is said to be lifelike...
iPhone 14 Purple Lineup Feature

Will the iPhone 14 Be a Disappointment?

Saturday May 21, 2022 9:00 am PDT by
With around four months to go before Apple is expected to unveil the iPhone 14 lineup, the overwhelming majority of rumors related to the new devices so far have focused on the iPhone 14 Pro, rather than the standard iPhone 14 – leading to questions about how different the iPhone 14 will actually be from its predecessor, the iPhone 13. The iPhone 14 Pro and iPhone 14 Pro Max are expected...
sony headphones 1

Sony's New WH-1000XM5 Headphones vs. Apple's AirPods Max

Friday May 20, 2022 12:18 pm PDT by
Sony this week came out with an updated version of its popular over-ear noise canceling headphones, so we picked up a pair to compare them to the AirPods Max to see which headphones are better and whether it's worth buying the $400 WH-1000XM5 from Sony over Apple's $549 AirPods Max. Subscribe to the MacRumors YouTube channel for more videos. First of all, the AirPods Max win out when it comes ...
studio display 3

Apple's Rumored 27-Inch Mini-LED Display Now Said to Launch in October

Friday May 20, 2022 8:07 am PDT by
Apple now plans to release a new 27-inch display with mini-LED backlighting in October due to the Shanghai lockdown, which has resulted in production of the display being delayed, according to display industry consultant Ross Young. In a tweet, Young said Apple is in the process of moving production of the display from Quanta Computer to a different supplier and/or location, resulting in a...
HomePodandMini feature green

Kuo: Apple to Release New HomePod in Late 2022 or Early 2023

Friday May 20, 2022 8:55 am PDT by
Apple is working on an updated version of the HomePod that could come in the fourth quarter of 2022 or the first quarter of 2023, according to Apple analyst Ming-Chi Kuo. Kuo says that there "may not be much innovation in hardware design" for the new HomePod, and there is no word on what size the device will be and if it will be a HomePod mini successor or a larger speaker. Apple would ...
airtag purple

Best Apple Deals of the Week: Save on AirTag, AirPods 3, and iPads

Friday May 20, 2022 8:01 am PDT by
Solid markdowns on the AirTag, AirPods 3, and a few iPad models were introduced this week, and below you'll find all of the best deals of the past few days that are still available to purchase. AirTag Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. What's the...