Shortly after the release of macOS Big Sur in 2020, Apple faced widespread server outages. The outage affected macOS installation, iMessage, Apple Pay, and most notably notary services. This means users will have major issues opening apps and reveals a flaw in the way Apple handles app validation on the Mac.1
background
In some situations, your Mac performs several validation checks every time you start an app. One of the checks is to ensure that the app is not malware, and another is to ensure that the developer certificate associated with the app is still valid. These checks are intended to ensure user safety and are commonly referred to as app notarization.
Typically, if you use your Mac offline, the check will simply fail and the app will start normally. However, when this server failure occurred, macOS was still trying to check the server instead of just failing. As a result, the app now takes a considerable amount of time to start.
Changes promised by Apple
After this incident occurred, Apple announced changes to address the issue, including an option for users to opt out of online notarization checks entirely. This change was scheduled to roll out starting in 2021.
Apple originally announced these improvements because of concerns about whether the company was using the notarization process to collect data about what apps people were using. The company reassured us that this is not the case and highlighted some changes it plans to make in its support documentation.
To further protect your privacy, we stop logging IP addresses associated with developer ID certificate checks and ensure that collected IP addresses are removed from our logs.
Additionally, we plan to introduce several changes to our security checks over the next year.
- New cryptographic protocol for developer ID certificate revocation checking
- Strong protection against server failure
- New settings for users to opt out of these security protections
Possible feature retirement
To Apple’s credit, it has actually implemented some of the changes it promised, such as stopping the collection of IP addresses. We also created a new cryptographic protocol for developer ID certificate checking.
However, there is no announcement yet as to when the complete opt-out of online notarization checks will be lifted. Additionally, all references in the support documentation to this feature were completely removed sometime last year.
Developer Jeff Johnson also highlighted this situation on his blog.
Apple appears to have backed away from plans to allow users to launch apps without any online security checks before opening them, which would be a bit of a shame if true. Although rare, it’s strange that an app can suddenly take significantly longer to start because the server is down.
9to5Mac’s opinion
Allowing users to opt out of notarization checks would definitely have major privacy benefits and challenge the notion that your Mac isn’t actually your computer.
Apple may have made other fundamental changes to macOS to prevent future server outages from preventing apps from starting properly. In any case, it will still be very appreciated that the promised notarization opt-out is finally released. Apple needs to clarify its plans here.
H/T: Polar Hacker
Follow Michael: X/Twitter, Thread, Instagram
FTC: We use automated affiliate links that generate income. more.
