Apple made a huge macOS privacy promise four years ago, but it’s still unfulfilled

Share via:


Shortly after the release of macOS Big Sur back in 2020, Apple faced widespread server outages. The outage affected macOS installations, iMessage, Apple Pay, and most notably: the notarization service. This meant that users had major issues opening apps, revealing a flaw in how Apple handles app verification on the Mac.1

Background

For some context, your Mac does a couple verification checks whenever you launch an app. One of the checks is to verify the app isn’t malware, and the other is to make sure the developer certificate associated with the app is still valid. These checks are meant to keep users safe, and are widely referred to as app notarization.

Normally, if you’re using your Mac offline, the checks just fail and your app will launch as usual. However, when this server outage occurred, macOS was still attempting to check the servers rather than just failing. This resulted in apps taking a painful amount of time to launch.

Apple’s promised changes

After this incident occurred, Apple announced changes to address the issues, including an option to allow users to completely opt out of online notarization checks. The changes were supposed to roll out starting in 2021.

Initially, Apple announced these improvements because there were concerns around whether or not the company was using the notarization process to collect data on what apps people were using. The company reassured that this wasn’t the case, and highlighted some changes they were going to make in a support document:

To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

In addition, over the the next year we will introduce several changes to our security checks:

  • A new encrypted protocol for Developer ID certificate revocation checks
  • Strong protections against server failure
  • A new preference for users to opt out of these security protections

Potential scrap of the feature

To Apple’s credit, it did implement some of the changes it promised, such as stopping collection of IP addresses. It also created a new encrypted protocol for Developer ID certificate checks.

However, there’s still no word on when they’ll release a complete opt-out of online notarization checks. Furthermore, all references on the support document regarding the feature were completely scrubbed sometime in the past year.

Developer Jeff Johnson also highlighted this situation on his blog.

It would appear that Apple has scrapped its plans on allowing users to launch apps without any form of online security checks before opening, which is a bit of a shame if true. Although rare, it is bizarre that apps could suddenly take far longer to launch due to servers being down.

9to5Mac’s Take

Allowing users to opt out of notarization checks would undoubtedly be a huge privacy win, and would challenge the narrative that your Mac isn’t really your computer.

Apple likely made other underlying macOS changes to assure that server outages would never prevent apps from launching properly in the future. Regardless, it would still be greatly appreciated for the promised notarization opt out to finally release. Apple needs to provide clarity on their plan here.

H/T: Polar Hacker


Follow Michael: X/TwitterThreadsInstagram

FTC: We use income earning auto affiliate links. More.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Apple made a huge macOS privacy promise four years ago, but it’s still unfulfilled


Shortly after the release of macOS Big Sur back in 2020, Apple faced widespread server outages. The outage affected macOS installations, iMessage, Apple Pay, and most notably: the notarization service. This meant that users had major issues opening apps, revealing a flaw in how Apple handles app verification on the Mac.1

Background

For some context, your Mac does a couple verification checks whenever you launch an app. One of the checks is to verify the app isn’t malware, and the other is to make sure the developer certificate associated with the app is still valid. These checks are meant to keep users safe, and are widely referred to as app notarization.

Normally, if you’re using your Mac offline, the checks just fail and your app will launch as usual. However, when this server outage occurred, macOS was still attempting to check the servers rather than just failing. This resulted in apps taking a painful amount of time to launch.

Apple’s promised changes

After this incident occurred, Apple announced changes to address the issues, including an option to allow users to completely opt out of online notarization checks. The changes were supposed to roll out starting in 2021.

Initially, Apple announced these improvements because there were concerns around whether or not the company was using the notarization process to collect data on what apps people were using. The company reassured that this wasn’t the case, and highlighted some changes they were going to make in a support document:

To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

In addition, over the the next year we will introduce several changes to our security checks:

  • A new encrypted protocol for Developer ID certificate revocation checks
  • Strong protections against server failure
  • A new preference for users to opt out of these security protections

Potential scrap of the feature

To Apple’s credit, it did implement some of the changes it promised, such as stopping collection of IP addresses. It also created a new encrypted protocol for Developer ID certificate checks.

However, there’s still no word on when they’ll release a complete opt-out of online notarization checks. Furthermore, all references on the support document regarding the feature were completely scrubbed sometime in the past year.

Developer Jeff Johnson also highlighted this situation on his blog.

It would appear that Apple has scrapped its plans on allowing users to launch apps without any form of online security checks before opening, which is a bit of a shame if true. Although rare, it is bizarre that apps could suddenly take far longer to launch due to servers being down.

9to5Mac’s Take

Allowing users to opt out of notarization checks would undoubtedly be a huge privacy win, and would challenge the narrative that your Mac isn’t really your computer.

Apple likely made other underlying macOS changes to assure that server outages would never prevent apps from launching properly in the future. Regardless, it would still be greatly appreciated for the promised notarization opt out to finally release. Apple needs to provide clarity on their plan here.

H/T: Polar Hacker


Follow Michael: X/TwitterThreadsInstagram

FTC: We use income earning auto affiliate links. More.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

CCI Rejects Apple’s Plea To Put Antitrust Report On...

The Competition Commission of India (CCI) has reportedly put...

CCI Rejects Apple’s Plea To Put Antitrust Report On...

SUMMARY The CCI has reportedly put iPhone maker Apple’s...

AgriNext Conference 2024: A Landmark Success in Driving Agricultural...

Next Business Media has successfully concluded the inaugural AgriNext...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!