MacOS Update Changes Data Collection Protocol
New Apple iOS 14 updates have committed to transmitting encrypted data when launching applications, also promises to stop retaining IP addresses tracking user activity.
Mac users are likely familiar with a security technology that authorizes application downloads known as Gatekeeper. Gatekeeper was initially released in 2012, its main function is to enforce code signing to protect its users. The Gatekeeper is used by MacOS to ensure new applications have been signed off by the appropriate developer and not an actor. Applications are recommended to be downloaded directly from the Mac App Store and are quarantined before downloads begin. This protocol allows the Gatekeeper to inspect the application’s developer ID to ensure the application has not been tampered with or compromised by an attacker.
In ‘System Preferences’ there are three main options to choose how to download applications:
- Mac App Store – Allows only applications downloaded from the Mac App Store to be launched.
- Mac App Store and identified developers – Allows applications downloaded from the Mac App Store and applications signed by certified Apple developers to be launched. This is the default setting since Mountain Lion.
- Anywhere – Allows all applications to be launched. This effectively turns Gatekeeper off. This is the default setting in Lion. Since macOS Sierra, this option is hidden by default. However, this option can be re-enabled by using the ‘sudo spctl –master-disable’ command from the Terminal and authenticating with an admin password.
Tip: The command-line utility spctl provides granular controls, such as custom rules and individual or blanket permissions, as well as an option to turn Gatekeeper off.
User’s should always keep these features enabled for the safety and integrity of their MacOS. When ‘Anywhere’ is chosen there can be a security breach from an infected application that has not been inspected by Gatekeeper. If the user can fully trust the application developer and knows the certificate is valid and up to date, that would be the only time recommended for disabling Gatekeeper.
A security certificate is a piece of code created with encryption that’s meant to be impossible to replicate. It serves as a guarantee that the app legitimately comes from the software maker it claims.
MacOS has always kept user security as a top priority and continually works hard to keep websites and downloads protected. Unfortunately, user downloads and IP addresses have been sent unencrypted back to Apple for monitoring. While trying to protect users, Apple has been tracking and recording user activity and may have put them in jeopardy. By giving the user a choice to opt out of the security check makes it harder track activity of each user.
This feature will ensure user privacy but may leave room for applications to be downloaded with malware attached. Apple has stopped logging user IP addresses collected by the feature and will delete previous logs of IP addresses. Apple also wants to encrypt data about app usage while it flows over the internet to the company’s servers, and it will let users opt out of the security check that collects the data. The security check works by connecting to a remote server, where it logs data about its checks. These security checks have never included the user’s Apple ID or the identity of their device.
Mac and iOS developer Jeff Johnson confirmed the OS was having problems connecting to an Apple server, and that blocking it by editing the hosts file solved the problem. The issue appears to be resolved now, but as TechCrunch points out, it is possible the servers were overloaded as people updated to Big Sur and suddenly flooded it with requests to reauthorize older apps.
Quick Guide of Updates:
- A new encrypted protocol for Developer ID certificate revocation checks
- Stronger protections against server failure
- A new preference for users to opt out of these security protections
These new features are great for user privacy, but it is at the user’s discretion and could lead to less security when downloading applications from unknown sources. By encrypting user data, servers are less likely to expose user IP addresses and allow third party interception.