Apple stops logging users’ IP addresses when validating macOS apps and apply encryption to checks on developer ID certificates from apps. The company is making the changes after privacy criticism and app launch issues last week.
Apple will make changes to the way it validates apps in the coming year. That’s according to text passages apple has added to his support document about safely opening apps on macOS. The company will use a new encryption protocol for checks on Developer ID certificates, provide more protection if the servers fail, and provide an opt-out option to users who don’t want the protection.
The promises for the changes come after problems with launching apps at the release of macOS 11.0 Big Sur. These problems arose because the servers for the Online Certificate Status Protocol, or OCSP, were flattened. Apple uses these servers for its Gatekeeper technology, which verifies that apps contain malware and are properly signed with certificates by the developers. These are X.509 certificates and Apple can use this in real-time withdrawals if it finds problems after an online check, even though the app itself has been installed correctly.
In researching the nature of the app problems, security researchers highlighted that the OCSP requests were sent unencrypted. There was also criticism of collecting IP addresses, limiting network tool Little Snitch in macOS Big Sur and the disappearance of the ability in that OS to block validation in firewalls.
Apple reports to iPhone in Canada that the company never combines data from the checks with information from Apple users or their devices and that it also does not control what individual users are running for apps. The company reports that it has stopped logging IP addresses from the Developer ID checks and is going to delete ip addresses already collected.