Reports of trouble opening applications on macOS last week prompted larger questions about how, exactly, Apple uses data sent to its servers; now the company has responded to those concerns. Users voiced their worries loudly enough that it would’ve been shocking if Apple chose to ignore them.
Last week’s slowdown, it seems, was provided courtesy of Apple’s baked-in security protocols. The company’s Mac operating system automatically checks in with a server system to ensure every app being opened has been verified as trusted by Apple. For some reason, this protocol — which is nothing new — slowed macOS users’ experiences last week.
Apple’s response to these concerns isn’t a direct one; the company chose instead to update a support page on its website with a section entitled “Privacy protections” in regards safely opening apps. More of a subtweet than an actual response, but hey, we’ll take what we can get.
Verification or tracking? — The concerns in question are straightforward: does the information sent for app security verification end up used for any other purposes? More specifically: is Apple using this information to track every Mac user’s app launches?
Security researcher Jeffrey Paul posted a widely read blog post called “Your Computer Isn’t Yours” claiming this practice to be just one cog in Apple’s behavior-tracking machine. “On modern versions of macOS,” Paul writes, “you simply can’t power on your computer, launch a text editor or eBook reader, and writer or read, without a log of your activity being transmitted and stored.”
Paul, along with others in the industry, focused their concern on Apple’s online certificate status protocol service (OCSP). This protocol, which Apple nicknames “Gatekeeper,” just checks that a company’s security certificates haven’t been revoked before launching an app. Some experts like Paul worried Gatekeeper was being used to compile a database of IP addresses and application codes to track users.
Apple says hey, no biggie — Apple’s updated support page takes the company’s classically breezy, matter-of-fact tone to remind the general public that, no, it isn’t using this data for anything other than security verification. In fact, Apple says, the transmitted data doesn’t have any device-specific information attached to it at all.
“We have never combined data from these checks with information about Apple users or their devices,” the company writes. “We do not use data from these checks to learn what individual users are launching or running on their devices.”
So no: Apple isn’t tracking every time you open Chrome to check your tracking notifications again. If you’re still worried about that, though, the company is planning to introduce an option for users to opt out of the security protections altogether in the next year.