Apple first commented on the massive macOS problems last Thursday evening. In connection with the release of macOS 11 alias Big Sur, various servers at the company went on strike for hours, which led to a certificate check that was not possible. Macs that were on the Internet then refused to start numerous apps, and neither a restart nor other measures seemed to help. If the machine was disconnected from the network, the OCSP server request (Online Certificate Status Protocol) was automatically stopped and the apps ran as desired.

How gatekeeper works In a freshly supplemented support document, Apple now writes what the group is actually doing – and even praised improvement. macOS is “designed in such a way that it ensures user security, protects their data and at the same time respects their privacy.” The gatekeeper routine carries out an online check to determine whether an app contains malware and whether its developer signature has been withdrawn. Apple has “never combined data from these reviews with information about Apple users or their devices.” The data obtained during these checks are also not used to “find out what individual users start or run on their devices”.

IP addresses were saved The notarization checks whether an app contains known malware and uses “an encrypted connection that is” stable “against server errors. Why did the outages on Thursday nevertheless occur? Unfortunately, Apple does not explain. Furthermore, the company announces that these security checks “never” included the Apple ID of the user or the identity of the device. However, the company apparently saved the associated IP address until recently, but it now has “ended”. In the future, IP addresses in connection with developer ID certificate checks will no longer be logged, and they will also “ensure that all IP addresses collected are removed from the logs.” This is the first time that Apple is involved to this logging that poses a problem in terms of data protection, extremely.

Apple wants to revise the protocol and offer an opt-out Furthermore, the group announced that it will work in the future with a “new encryption protocol” to check developer ID certificates for their withdrawal – why this is planned – and whether the existing protocol has any weaknesses – says the company Not. In addition, Apple promises “strong protection against server failures” in the future, as well as a new settings menu with which users can completely switch off these security checks (opt-out). Apple did not specify the time for this.

(bsc)