Apple addresses the issue of 'Mac slows down because Apple collects information about running apps' and explains what was really happening



Since the latest OS ' macOS Big Sur ' for Mac was released, the problem that 'Mac sends information to Apple via OCSP every time the application is started' has been talked about. It turns out that Apple has addressed this issue and added a new item to the support page.

Apple responds to privacy concerns over Mac software security process --The Verge
https://www.theverge.com/2020/11/16/21569316/apple-mac-ocsp-server-developer-id-authentication-privacy-concerns-encryption-promises-fix

Apple Responds to macOS Privacy Concerns, Explains Why Apps Were Slow to Launch | iPhone in Canada Blog
https://www.iphoneincanada.ca/mac/apple-responds-to-macos-privacy-concerns-explains-why-apps-were-slow-to-launch/

In macOS Big Sur, in addition to the trouble that the Mac became bricked during the update, there were reports that the entire OS slowed down when it was released.

With the release of the latest OS 'macOS Big Sur' for Mac, the speed will be slowed down to OSs other than Big Sur --GIGAZINE



The cause of the slowdown of the OS was the down of the Online Certificate Status Protocol (OCSP) server, but this problem triggered 'The problem is that information is sent to Apple via OCSP every time the application is launched on the Mac. There is. ' Security researcher Jeffrey Paul said that OCSP communicates HTTP data in plain text, so anyone can snoop on this information and the National Security Agency (NSA) will do it. Since Apple has been involved in the large-scale surveillance program 'PRISM' since October 2012, he claimed that there was a privacy issue. Paul's claim and the security engineer's counterargument that 'the OCSP request sent to Apple does not contain personal information' are detailed in the following article.

Does 'macOS Big Sur', which made a major update for the first time in 20 years, really send the application startup log to the outside? --GIGAZINE



And as of November 16, 2020, tech analyst Rene Ritchie discovered that Apple was updating its support page for a series of issues.

Apple has added a new Privacy protections item to its security page. In it, Apple explains that a service called Gatekeeper 'checks online to see if your app contains known malware and if your developer has been revoked.' 'Apple does not collect information about the Apple users and devices used for these checks, and has never used this data to determine which apps each user is launching,' Apple said. Clarified that the data did not contain Apple ID or device-identifying information, and that it used a secure, encrypted connection for communication.

Safely open apps on your Mac --Apple Support
https://support.apple.com/en-us/HT202491



In addition, Apple will stop recording IP addresses related to developer ID verification checks to enhance privacy protection and will confirm that all IP addresses have been removed from the logs. And after 2021, the following points will be changed regarding the check.

· Use an encrypted protocol to check if developer ID authentication has been removed
-Provide strong protection against server failures
· Add a way to opt out of these security protections

Apple also explained that the cause of the OCSP server problem that caused the OS to slow down was 'server-side misconfiguration.' The problem has already been fixed by a server-side update, and macOS is now able to cache the OCSP check for developer IDs for a longer period of time. Apple said that Mac users who have experienced slowdown issues should be able to resolve the issue automatically without any action.

in Software,   Security, Posted by logq_fa