macOS has been designed to keep users and their data safe while respecting their privacy.
Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.
Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.
These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
In addition, over the the next year we will introduce several changes to our security checks:
- A new encrypted protocol for Developer ID certificate revocation checks
- Strong protections against server failure
- A new preference for users to opt out of these security protections
“Over the next year” isn’t great. Perhaps they require a major revision of macOS to make these changes, and given the calls for stability in macOS its better to see them taking their time if this change is a major overhaul of this verification system.
The user-controlled toggle to enable or disable it sounds excellent. Users should be given more control (or at least explanation) of what is happening with their computers!
Previously: Apple’s OCSP Problem