Apple is responding to the gatekeeper situation with upcoming fixes

0
19

Apple updated a documentation page detailing the company's next steps to prevent last week's Gatekeeper bug from happening again, as Rene Ritchie noted. The company plans to implement the corrections next year.

Apple had a difficult start day last week. The company released macOS Big Sur, a major update for macOS. Apple then suffered from server-side problems.

Third-party apps couldn't start because your Mac couldn't verify the app's developer certificate. This feature called Gatekeeper ensures that you haven't downloaded a malware app masquerading as a legitimate app. If the certificate does not match, macOS prevents the app from starting.

Hey Apple users:

Now, if you're having trouble launching apps on Mac, I figured out the problem with Little Snitch.

It is trustworthy to connect to https://t.co/FzIGwbGRan

Denying this connection fixes the problem as OCSP is a soft bug.

(Also disconnect from the Internet.) Pic.twitter.com/w9YciFltrb

– Jeff Johnson (@lapcatsoftware) November 12, 2020

Many were concerned about the impact of the security feature on privacy. Does Apple log every app you launch on your Mac for competitive insights into app usage?

It turns out that answering this question is easy because the server doesn't dictate encryption. Jacopo Jannone intercepted an unencrypted network request and determined that Apple was not secretly spying on you. Gatekeeper really does what it says on the tin.

“We never combined data from these reviews with information about Apple users or their devices. We do not use data from these scans to learn what individual users are starting or running on their devices, ”the company wrote.

However, Apple goes a step further and is communicating about the company's next steps. The company stopped logging IP addresses on its servers last week. This data does not have to be saved for gatekeepers.

“These security checks never revealed the user's Apple ID or the identity of their device. In order to further protect data protection, we have stopped the logging of IP addresses in connection with the verification of developer ID certificates and ensure that all IP addresses collected are removed from the logs, ”writes Apple.

Finally, Apple revised the design of the network requirement and added a user-related opt-out option.

"In addition, we will be making some changes to our security controls over the next year:

A new encrypted protocol for verifying the revocation of developer ID certificates
Strong protection against server failure
A new preference for users to disable these security measures. "