Apple Responded to macOS Privacy Concerns

It is clear that Apple’s macOS Big Sur installation had problems. The Verge reported that many Mac users had trouble opening apps after installing the update. You may have read an extremely detailed blog post by Jeffrey Paul titled “Your Computer Isn’t Yours”, in which he discussed a security problem involving the macOS.

It appears that iPhone in Canada was the first to report that Apple updated its support document titled: “Safely open apps on your Mac”. The update is under the Privacy protections header, which is the last header on the document.

Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

Apple continued by stating: “These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.”

In addition, Apple is making changes to their security checks over the next year. Specifically:

  • A new encrypted protocol for Developer ID certificate revocation checks
  • Strong protections against server failure
  • A new preference for users to opt out of these security protections

It is not entirely clear if Apple’s update is in response to Jeffrey Paul’s blog post, but I suspect it may have influenced Apple to provide more clarification. I think the issue became a controversy because Apple’s developers understood how the security in the macOS functioned – but failed to realize that consumers might need more context in order to understand what was happening.