close
close

Apple has yet to deliver on that macOS promise it made four years ago

Posted on by darion

MacBook Pro Security Lock

Shortly after the release of macOS Big Sur in 2020, Apple was plagued with widespread server outages. The outage affected macOS installations, iMessage, Apple Pay, and most notably: the notary service. This meant that users had significant trouble opening apps, exposing a flaw in the way Apple handles app verification on the Mac.

Background

For some context, your Mac performs a few verification checks every time you launch an app. One is to check that the app isn’t malware, and the other is to check that the developer certificate associated with the app is still valid. These checks are designed to keep users safe, and are commonly referred to as app notarization.

Normally, if you use your Mac offline, the checks would simply fail and your app would launch normally. However, when the server crashed, macOS still tried to check the servers instead of just failing. This caused apps to take an agonizing amount of time to launch.

Apple’s Promised Changes

Following the incident, Apple announced changes to address these issues, including an option to allow users to opt out of online notary checks altogether. The changes were set to roll out in 2021.

Apple initially announced these improvements because there were concerns about whether the company was using the notarization process to collect data about what apps people were using. The company assured that this was not the case and highlighted some changes it intended to make in a support document:

To further protect your privacy, we have stopped logging IP addresses associated with Developer ID certificate verification and will ensure that any IP addresses collected are removed from the logs.

Additionally, over the next year we will be making several changes to our security checks:

  • New encrypted protocol for checking developer ID certificate revocations
  • Solid protection against server failure
  • New preference for users to opt out of these protections

Potential feature removal

Apple has made some of its promised changes, such as stopping collecting IP addresses, and has created a new encrypted protocol for checking Developer ID certificates.

However, there is still no word on when they will release a complete shutdown of online notary checks. Furthermore, all references in the support document to this feature have been completely removed over the past year.

Developer Jeff Johnson also recently addressed the situation on his blog.

Apple appears to have abandoned plans to allow users to run apps without any form of online security check before they open, which is a bit of a shame if true. While rare, it is odd that apps could suddenly take significantly longer to launch due to server outages.

9to5Mac Review

Allowing users to opt out of notarization verification would undoubtedly have huge privacy benefits and would challenge the stereotype that a Mac is not really a user’s computer.

Apple has likely made other fundamental changes to macOS to ensure that server outages never prevent apps from running properly in the future. Regardless, it would still be greatly appreciated if the promised option to opt out of notarization were finally released. Apple needs to clarify its plan on this.

H/T: Polar Hacker

FTC: We use income-generating affiliate links. More.