Apple Addresses Privacy Concerns Surrounding App Authentication in macOS

Following the release of macOS Big Sur on Thursday, Mac users began to experience issues with opening apps while connected to the internet. Apple's system status page attributed the situation to issues with its Developer ID notary service, with developer Jeff Johnson specifying that there were connection issues with Apple's OCSP server.

macosmojaveprivacy
Shortly after, security researcher Jeffrey Paul shared a blog post titled "Your Computer Isn't Yours," in which he raised privacy and security concerns related to Macs "phoning home" to Apple's OCSP server. In short, Paul said that the OCSP traffic that macOS generates is not encrypted and could potentially be seen by ISPs or even the U.S. military.

Apple has since responded to the matter by updating its "Safely open apps on your Mac" support document with new information, as noted by iPhoneinCanada. Here's the new "Privacy protections" section of the support document in full:

macOS has been designed to keep users and their data safe while respecting their privacy.

Gatekeeper performs online checks to verify if an app contains known malware and whether the developer's signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.

These security checks have never included the user's Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

Apple clarifies that user-specific data is not harvested during the security check and that it plans on removing all IP information from the logs. In addition, it plans on introducing several changes to the system over the next year, including:

  • a new encrypted protocol for Developer ID certificate revocation checks
  • strong protections against server failure
  • a new preference for users to opt out of these security protections

Some users have advocated blocking the traffic to Apple's authentication servers, but it appears that Apple will provide this option to end-users in the future as well.

Popular Stories

iPhone 17 Air Pastel Feature

iPhone 17 Air Battery Capacity and Weight Allegedly Revealed

Monday May 19, 2025 2:22 am PDT by
Apple is expected to launch an all-new ultra-thin iPhone 17 Air later this year, and while there have been plenty of rumors about the camera's overall design and thinness, we haven't heard any details about the device's weight and battery capacity until now. According to the leaker going by the account name "yeux1122" on the Korean-langauge Naver blog, the 6.6-inch iPhone 17 Air has a weight ...
Apple Glass

Apple Smart Glasses: Everything We Know So Far

Wednesday May 21, 2025 8:21 am PDT by
Google made waves yesterday by showcasing a set of lightweight smart glasses featuring deep Gemini integration and an optional in-lens display. The demo has reignited interest in Apple's own smart glasses project, which has been the subject of rumors for nearly a decade. Here's a recap of where things stand. Current Development Status Apple is actively working on new chips specifically...
Apple CarPlay Ultra instrument cluster themes 01

Apple's CarPlay Ultra Is Here – Does Your iPhone Support It?

Thursday May 15, 2025 5:17 am PDT by
Apple's recently announced CarPlay Ultra promises a deeply integrated in-car experience, but not all iPhone users will be able to take advantage of the new feature. According to Apple's press release, CarPlay Ultra requires an iPhone 12 or later running iOS 18.5 or later. This means if you're using an iPhone 11, iPhone XR, or any older model, you'll need to upgrade your device to access...
Apple CarPlay Ultra instrument cluster themes 01

Apple's 'CarPlay Ultra' Experience Now Available

Thursday May 15, 2025 5:07 am PDT by
Apple today announced that its next-generation CarPlay experience, now dubbed "CarPlay Ultra" begins rolling out today, starting with Aston Martin vehicles. Subscribe to the MacRumors YouTube channel for more videos. CarPlay Ultra is now available with new Aston Martin vehicle orders in the U.S. and Canada. It will also be available for existing models that feature the brand's next-generation ...
WWDC 2025 Banner

Apple Announces WWDC 2025 Schedule, Including Keynote Time

Tuesday May 20, 2025 8:13 am PDT by
Apple today announced a more detailed schedule for its annual developers conference WWDC, which runs from June 9 through June 13. The schedule confirms that Apple's keynote will begin on Monday, June 9 at 10 a.m. Pacific Time, with a live stream to be available on Apple.com, in the Apple TV app, and on YouTube. During the keynote, Apple is expected to announce iOS 19, iPadOS 19, macOS 16,...
macOS 16 visionOS Inspired Feature 1

macOS 16: Everything We Know So Far

Tuesday May 20, 2025 7:31 am PDT by
The Worldwide Developers Conference (WWDC), Apple's annual developer and software-oriented event, is less than three weeks away. We haven't heard a great deal about macOS 16 ahead of its announcement this year, so we could be in for some major surprises when June 9 rolls around. Here's what we know so far about the next major update to Apple's Mac operating system. macOS 16 Name? Every year ...
maxresdefault

OpenAI Buys Jony Ive's AI Startup to 'Completely Reimagine What It Means to Use a Computer'

Wednesday May 21, 2025 10:27 am PDT by
OpenAI is acquiring io, the hardware-based AI startup co-created by Jony Ive, OpenAI announced today. Ive has been working with OpenAI CEO Sam Altman on io for two years, and the duo expects to develop a family of AI devices. In a video shared by OpenAI, Altman and Ive outlined their partnership and what they expect to create as a result of the merger. "I have a growing sense that everything ...

Top Rated Comments

dracarysar Avatar
59 months ago
The larger issue here in my opinion is that Apple is bypassing firewalls and vpn apps and exposing your public ip. If you go to the trouble of using a vpn to hide your traffic apple shouldn’t be bypassing those measures and broadcasting unencrypted packets.

Although this particular traffic is relatively harmless, the very idea that they thought that was a good design decision is disturbing.
Score: 70 Votes (Like | Disagree)
Kung gu Avatar
59 months ago
Good to see them addressing this and not keeping quiet!!
Score: 57 Votes (Like | Disagree)
jjjlevin Avatar
59 months ago
im glad apple is actually responding to this. I half expected them to ignore it.
Score: 45 Votes (Like | Disagree)
DiscoToast Avatar
59 months ago
Still hella sketchy. I still trust Apple more than any other big tech company... but honestly not by much.
Score: 33 Votes (Like | Disagree)
dracarysar Avatar
59 months ago

They didn't explain or acknowledge this at all.
Exactly, which is arguably worse because they are basically acting like that aspect wasn’t a big deal.
Score: 30 Votes (Like | Disagree)
Bandaman Avatar
59 months ago

The larger issue here in my opinion is that Apple is bypassing firewalls and vpn apps and exposing your public ip. If you go to the trouble of using a vpn to hide your traffic apple shouldn’t be bypassing those measures and broadcasting unencrypted packets.

Although this particular traffic is relatively harmless, the very idea that they thought that was a good design decision is disturbing.
They didn't explain or acknowledge this at all.
Score: 26 Votes (Like | Disagree)