Does 'macOS Big Sur', which made a major update for the first time in 20 years, really send the application startup log to the outside?

On November 13, 2020, the distribution of ' macOS Big Sur ', which is the OS version 11.0 for Mac, started. Although macOS Big Sur was positioned as a major update since Mac OS X, many bugs have been reported, and the ' Online Certificate Status Protocol (OCSP) ' protocol for digital certificates has caused privacy debates.

Does Apple really log every app you run? A technical look – Jacopo Jannone --blog
https://blog.jacopo.io/en/post/apple-ocsp/

macOS Big Sur telling Apple what app you've opened isn't a security or privacy issue | AppleInsider
https://appleinsider.com/articles/20/11/15/big-sur-telling-apple-what-app-youve-opened-isnt-a-security-or-privacy-issue

OCSP is a protocol that verifies that the developer certificate has not been revoked just before launching the app. This OCSP has suddenly attracted attention because it was attributed to the problem that occurred when Big Sur was released, 'causing slowdowns not only in Big Sur but also in other versions of macOS such as Catalina and Mojave.' The situation has occurred.

With the release of the latest OS 'macOS Big Sur' for Mac, the speed will be slowed down to OSs other than Big Sur --GIGAZINE

As OCSP got a lot of attention, it was claimed that 'every time an application is launched, information such as' which application was launched 'is sent to Apple via OCSP.' Security researcher Jeffrey Paul, who made this claim, said that OCSP conducts HTTP data communication in clear text, so anyone can snoop on this information, and the US National Security Agency (US National Security Agency) Since Apple has been involved in the large-scale surveillance program ' PRISM ' implemented by the NSA since October 2012, he claimed that there was a 'privacy problem'.

Jeffrey Paul: Your Computer Isn't Yours
https://sneak.berlin/20201112/your-computer-isnt-yours/

Paul's allegations have received a lot of attention, but several news media have argued that 'at least no information about which application was launched is sent.' Security engineer Jacopo Jannone has demonstrated that the OCSP request sent does not contain any personal information by experimenting with actually getting the OCSP request sent to Apple. .. The following is the information extracted by OpenSSL from the X.509 certificate sent when Firefox is actually started on Mac.

[code] openssl x509 -inform der -in codesign0 -text

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 488521955867797808 (0x6c794216c7aa930)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Developer ID Certification Authority, OU = Apple Certification Authority, O = Apple Inc., C = US
Validity
Not Before: May 8 19:08:58 2017 GMT
Not After: May 9 19:08:58 2022 GMT
Subject: UID = 43AQ936H96, CN = Developer ID Application: Mozilla Corporation (43AQ936H96), OU = 43AQ936H96, O = Mozilla Corporation, C = US
... [/ code]

Below is the information extracted from the certificate sent when you start Thunderbird, the same Mozilla email client as Firefox.

[code] codesign -d --extract-certificates /Applications/Thunderbird.app

openssl x509 -inform der -in codesign0 -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 488521955867797808 (0x6c794216c7aa930)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Developer ID Certification Authority, OU = Apple Certification Authority, O = Apple Inc., C = US
Validity
Not Before: May 8 19:08:58 2017 GMT
Not After: May 9 19:08:58 2022 GMT
Subject: UID = 43AQ936H96, CN = Developer ID Application: Mozilla Corporation (43AQ936H96), OU = 43AQ936H96, O = Mozilla Corporation, C = US
... [/ code]

Since this information is exactly the same, we know that information such as 'which application was launched' is indistinguishable. 'MacOS only sends opaque information about developer certificates, at least it doesn't collect information about launched applications,' Jannone said. Apple Insider, an Apple news site, made a similar point, saying, 'It makes more sense to monitor a unique port for each application, such as port 23399 used by Skype calls.'

On the other hand, it is true that Big Sur has various problems. Since Big Sur has a specification that 'communication of Apple applications will not be controlled by firewalls etc.', it is expected that malware that can slip through firewalls will appear using this specification.

MacOS Big Sur reveals that Apple app communication cannot be controlled by firewall --GIGAZINE

In addition, it has been reported that the 13-inch MacBook Pro made in 2013-2014 has a lot of problems that the machine does not start and 'bricks' after updating to Big Sur.

macOS Big Sur Update Bricking Some Older MacBook Pro Models --MacRumors
https://www.macrumors.com/2020/11/15/macos-big-sur-update-bricking-some-macbook-pros/

・ Continued
Introducing a VPN that can avoid the 'Apple app firewall bypass problem' of macOS Big Sur --GIGAZINE