Apple has denied claims that the company’s anti-malware software collects details of apps running on Mac devices, along with the devices’ IP addresses, which contain city and country identifiers. The clarification has come in light of a heated debate around privacy concerns within the Apple ecosystem, as alleged by German security researcher Jeffery Paul in a recent blog post.
Paul, in a blog post titled “Your Computer Isn’t Yours”, had alleged that Apple’s Gatekeeper feature, which ensures that a user’s Man runs only software that is pre-approved by Apple, collects IP addresses. This software allows Apple to stop an app from running on its devices if its developer’s certificate is revoked. In theory, this feature allows Apple to stop users from installing malware on their devices. But, according to Paul, Gatekeeper gives Apple a lot more information than the company is letting on.
- ‘Unique hash for each app’: The latest version of macOS (Big Sur), Paul said, collects a hash (unique identifier) of “each and every program you run, when you run it”. Additionally, Apple has access to the user’s IP address, and hence, geographical location. “Apple (or anyone else) can, of course, calculate these hashes for common programs: everything in the App Store, the Creative Cloud, Tor Browser, cracking or reverse engineering tools, whatever.”
- ‘Apple know how you use your apps’: In continuation, Paul claimed that Apple has a very good idea of what apps its users are using, what devices they are using them from, and where they are using it (at home, office and so on).
“This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. They know when you open Premiere over at a friend’s house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city” — Jeffery Paul, security researcher
- ‘This information is not encrypted’: These transmissions are unencrypted, meaning “[e]veryone who can see the network can see these, including your ISP”. “This data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns. For some people, this can even pose a physical danger to them.”
Apple’s rebuttal: ‘Security checks never included user’s Apple ID, identity of device’
Soon enough, Apple responded with an updated support document, presumably in response to Paul’s blog post and the discussion it elicited on Reddit and other platforms. Apple said that Gatekeeper only performs online checks to verify if an app contains known malware and if a developer’s signing certificate is revoked.
“We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices” — Apple’s updated support document
Apple emphasised on how the security checks have never included users’ Apple ID, or the identity of their devices. At the same time, however, the company said it will delete any IP addresses it has collected so far, perhaps admitting indirectly that it indeed had collected some IP addresses: “To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs [emphasis ours]”.
Additionally, the company committed to introducing more changes to its security checks’ mechanism:
- The communication protocol for checking developer certificate will be encrypted.
- Users will be able to opt out of these security protections.
How other apps/ecosystems handle telemetric data collection: Almost all apps and programs collect telemetry data, which is a term for data that helps developers understand how their software is performing. However, it is considered ideal when this data collected is anonymised — that it cannot be used to identify the user in any way. Firefox, for instance, allows users to know what data is being collected from them, which is anonymised to protect their privacy. Similarly, all projects that are part of the Linux Foundation need to anonymise telemetric data to ensure that users’ personal data or any other sensitive data is not at risk.