HomeTech PlusTECH & OTHER NEWSApple responds to Gatekeeper issue with upcoming fixes

Apple responds to Gatekeeper issue with upcoming fixes

Apple has updated a documentation page detailing the company’s next steps to prevent last week’s Gatekeeper bug from happening again, as Rene Ritchie spotted. The company plans to implement the fixes over the next year.

Apple had a difficult launch day last week. The company released macOS Big Sur, a major update for macOS. Apple then suffered from server-side issues.

Third-party apps failed to launch as your Mac couldn’t check the developer certificate of the app. That feature, called Gatekeeper, makes sure that you didn’t download a malware app that disguises itself as a legit app. If the certificate doesn’t match, macOS prevents the app launch.

Many have been concerned about the privacy implications of the security feature. Does Apple log every app you launch on your Mac to gain competitive insights on app usage?

It turns out it’s easy to answer that question as the server doesn’t mandate encryption. Jacopo Jannone intercepted an unencrypted network request and found out that Apple is not secretly spying on you. Gatekeeper really does what it says it does.

“We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices,” the company wrote.

But Apple is going one step further and communicating on the company’s next steps. The company has stopped logging IP addresses on its servers since last week. It doesn’t have to store this data for Gatekeeper .

“These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs” Apple writes.

Finally, Apple is overhauling the design of the network request and adding a user-facing opt-out option.

“In addition, over the the next year we will introduce several changes to our security checks:

  • A new encrypted protocol for Developer ID certificate revocation checks
  • Strong protections against server failure
  • A new preference for users to opt out of these security protections”

By TechCrunch Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS