Ask HN: Is Apple really phoning home every time I start an application on macOS?
9 comments
It's kinda true.
I think macOS will check that the developer certificate used to sign the application you're about to start hasn't been revoked.
Search for ocsp.apple.com, around November 2020, for details.
I think macOS will check that the developer certificate used to sign the application you're about to start hasn't been revoked.
Search for ocsp.apple.com, around November 2020, for details.
I found this related HN thread: https://news.ycombinator.com/item?id=25076588
I wonder why this didn't blow up more, it sounds like such a privacy nightmare.
I wonder why this didn't blow up more, it sounds like such a privacy nightmare.
Yeah.
For me, I accept that there's a tradeoff between being able to revoke the signed status of an application, and doing a certificate check at launch time.
And you're already trusting Apple with a bunch of stuff, so one more thing isn't that much worse.
But yeah, it's still creepy, and ripe for abuse.
For me, I accept that there's a tradeoff between being able to revoke the signed status of an application, and doing a certificate check at launch time.
And you're already trusting Apple with a bunch of stuff, so one more thing isn't that much worse.
But yeah, it's still creepy, and ripe for abuse.
It's checking for certificate status, not so much phoning home. To my knowledge, it is only sending some hashes to Apple. It is not sending any personal data.
Here is a good write-up on the issue:
https://www.sentinelone.com/blog/what-happened-to-my-mac-app...
I recommend that people not block oscp.apple.com as it has security benefits. If your threat model dictates blocking oscp.apple.com then you probably should not even be running macOS (or Windows).
Here is a good write-up on the issue:
https://www.sentinelone.com/blog/what-happened-to-my-mac-app...
I recommend that people not block oscp.apple.com as it has security benefits. If your threat model dictates blocking oscp.apple.com then you probably should not even be running macOS (or Windows).
Buy a proper firewall, like Little Snitch. Also beware of the Safari downloads sqlite DB.
I was under the impression Apple first party apps could bypass these with special privileges?
Yes they do. Also for account changes.
shouldn't be happening every time you open these applications though.
I'm living on an extremely restricted internet connection right now that completely drops out every few minutes (my ISP is Vodafone, fellow German users will know what I mean.) I noticed that when my internet connection stalls, but I'm still connected to the wifi, I'm unable to open certain apps. So far I've experienced it with VLC, VS Code and Firefox. I remember some time ago there were rumours that apple was actually sending usage statistics every time I launch an app back to their servers. If the connection is interrupted, the apps don't start. Is this actually the right explanation? If that is true, this would be so nightmarishly dystopian to me I'd consider switching back to linux. Thank you!