Apple Addresses Privacy Concerns Surrounding App Authentication in macOS
Following the release of macOS Big Sur on Thursday, Mac users began to experience issues with opening apps while connected to the internet. Apple's system status page attributed the situation to issues with its Developer ID notary service, with developer Jeff Johnson specifying that there were connection issues with Apple's OCSP server.
Shortly after, security researcher Jeffrey Paul shared a blog post titled "Your Computer Isn't Yours," in which he raised privacy and security concerns related to Macs "phoning home" to Apple's OCSP server. In short, Paul said that the OCSP traffic that macOS generates is not encrypted and could potentially be seen by ISPs or even the U.S. military.
Apple has since responded to the matter by updating its "Safely open apps on your Mac" support document with new information, as noted by iPhoneinCanada. Here's the new "Privacy protections" section of the support document in full:
macOS has been designed to keep users and their data safe while respecting their privacy.
Gatekeeper performs online checks to verify if an app contains known malware and whether the developer's signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.
Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.
These security checks have never included the user's Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
Apple clarifies that user-specific data is not harvested during the security check and that it plans on removing all IP information from the logs. In addition, it plans on introducing several changes to the system over the next year, including:
- a new encrypted protocol for Developer ID certificate revocation checks
- strong protections against server failure
- a new preference for users to opt out of these security protections
Some users have advocated blocking the traffic to Apple's authentication servers, but it appears that Apple will provide this option to end-users in the future as well.
Related Stories
Apple recently updated its website to indicate that an upcoming iOS 15 and watchOS 8 feature that will let you add your driver's license or state ID to your iPhone and Apple Watch in participating U.S. states has been delayed until early 2022. Apple previously said the feature would launch in late 2021.
In September, Apple said Arizona and Georgia would be among the first states to introduce ...
Facebook today announced a new "Privacy Center" section on its website on the desktop. This new area will offer users a "new place to learn more about our approach to privacy across our apps and technologies" and "provides helpful information about five common privacy topics," Meta announced today in a press release.
The new Privacy Center, rolling out to a small pool of Facebook users in...
watchOS 8.5 fixes a security vulnerability in the Mail app that could leak a user's IP address when downloading remote content, security researchers have found.
Last year, it emerged that Apple's Mail Privacy Protection feature was undermined by a lack of Apple Watch support. Mail Privacy Protection was a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP...
Earlier today, Apple announced that it had filed suit against NSO Group, the firm responsible for the Pegasus spyware that has been used in state-sponsored surveillance campaigns in a number of countries. NSO Group seeks to take advantage of vulnerabilities in iOS and other platforms to infiltrate the devices of targeted users such as journalists, activists, dissidents, academics, and government...
The security provided by Apple's Mail Privacy Protection feature is seemingly undermined by a lack of Apple Watch support, security researchers have found.
Mail Privacy Protection is a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP address so senders are not able to determine your location or link email habits to your other online activity. It also...
Apple today released macOS Big Sur 11.6.1, a minor update to the macOS Big Sur operating system that first came out in November 2020. macOS Big Sur 11.6.1 comes roughly six weeks after the launch of macOS Big Sur 11.6.
The new macOS Big Sur 11.6.1 update can be downloaded to all eligible Macs using the Software Update section of System Preferences....
U.S. bills that would require major changes to the App Store would ultimately cause consumers to be targeted with malware, ransomware, and scams, Apple's Senior Director of Government Affairs Timothy Powderly said in a letter that was sent today to the Senate Judiciary Committee and that was obtained by MacRumors. Apple sent the letter as the Judiciary Committee prepares to consider the Amer...
Monday November 22, 2021 6:32 am PST by
Sami FathiFacebook, now rebranded to "Meta," is delaying plans to use end-to-end encryption for Messenger and Instagram messages until at least 2023, a year later than the previous deadline promised by the social media behemoth. Writing in The Telegraph, Meta's head of global safety, Antigone Davis, said that the company is pushing back its deadline to roll out end-to-end encryption as the default...
Popular Stories
Earlier this week, The Information's Wayne Ma outlined struggles that Apple has faced during the development of its long-rumored AR/VR headset. Now, in a follow-up report, he has shared several additional details about the wearable device. Apple headset render created by Ian Zelbo based on The Information reporting For starters, one of the headset's marquee features is said to be lifelike...
With around four months to go before Apple is expected to unveil the iPhone 14 lineup, the overwhelming majority of rumors related to the new devices so far have focused on the iPhone 14 Pro, rather than the standard iPhone 14 – leading to questions about how different the iPhone 14 will actually be from its predecessor, the iPhone 13.
The iPhone 14 Pro and iPhone 14 Pro Max are expected...
Sony this week came out with an updated version of its popular over-ear noise canceling headphones, so we picked up a pair to compare them to the AirPods Max to see which headphones are better and whether it's worth buying the $400 WH-1000XM5 from Sony over Apple's $549 AirPods Max.
Subscribe to the MacRumors YouTube channel for more videos. First of all, the AirPods Max win out when it comes ...
Apple now plans to release a new 27-inch display with mini-LED backlighting in October due to the Shanghai lockdown, which has resulted in production of the display being delayed, according to display industry consultant Ross Young.
In a tweet, Young said Apple is in the process of moving production of the display from Quanta Computer to a different supplier and/or location, resulting in a...
Apple is working on an updated version of the HomePod that could come in the fourth quarter of 2022 or the first quarter of 2023, according to Apple analyst Ming-Chi Kuo. Kuo says that there "may not be much innovation in hardware design" for the new HomePod, and there is no word on what size the device will be and if it will be a HomePod mini successor or a larger speaker. Apple would ...
Solid markdowns on the AirTag, AirPods 3, and a few iPad models were introduced this week, and below you'll find all of the best deals of the past few days that are still available to purchase.
AirTag
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
What's the...
Top Rated Comments
Although this particular traffic is relatively harmless, the very idea that they thought that was a good design decision is disturbing.