go to sections menu

There is a question about apple logging apps being ran on your system from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > There is a question about apple logging apps being ran on your system

Go to Homepage, contents or to navigation menu



There is a question about apple logging apps being ran on your system

We don’t really get Mac news, but recently we’ve had some. First, we’ve got this blog post linking to an article about Macs and how they’re bypassing filtering and VPN software. Today, although read the same day, I’m going to talk a little bit about whether apple logs every app we run.

I could just imagine this being done for IOS too, not just for Mac. If they did, it could be done to allow people to diagnose issues through apple support, but there could also be melicious things that happen so the question is probably a good one.

I believe if I remember correctly, the answer is probably “no” only because the first heading is talking about OCSP stapling which has been talked about on programs like Security Now some time back.

OCSP stands for Online Certificate Status Protocol1. As the name implies, it is used to verify the validity of a certificate without having to download
and scan large certificate revocation lists. macOS uses OCSP to make sure that the developer certificate hasn’t been revoked before an app is launched.

As Jeff Johnson explains in his tweet above, if macOS cannot reach Apple’s OCSP responder it skips the check and launches the app anyway – it is basically
a fail-open behaviour. The problem is that Apple’s responder didn’t go down; it was reachable but became extremely slow, and this prevented the soft failure
from triggering and giving up the check.

It is clear that this mechanism requires macOS to contact Apple before an app is launched. The sudden public awareness of this fact, brought about by Apple’s
issues, raised some privacy concerns and a post from security researcher Jeffrey Paul2 became very popular on Twitter. He claims that

In the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it.

That would be creepy indeed. …

The issue is a well known issue with OCSP and that is the server contact on each app launch to verify the validity of the application’s certificate. By reading this article, the question on logging is a very clear no, but understanding what the technology is and how it works is the big question.

Do you want to learn more? Please feel free to read the article Does Apple really log every app you run? A technical look  and it comes from a blog entitled the Jacopo Jannone blog. The heading that says “diving deeper” goes in to detail about OCSP and some basics that need to be known. I would suggest reading this full blog post, because it’ll go in to much more detail than I could about this. I’ll be talking about this on a future security now program. Thanks so much for reading and participating, and make it a great day!


Informazioni sull'articolo

There is a question about apple logging apps being ran on your system was released on November 19, 2020 at 12:00 pm by tech in article commentary.
Last modified: November 19, 2020.


Comments (0)

No comments yet.

Leave a comment

You must be logged in to post a comment.

go to sections menu


navigation menu

go to sections menu