Last week, Apple had a bit of an issue on its hands among the flood of people attempting to update to macOS Big Sur. As Apple’s servers were overwhelmed, a number of Mac users discovered that they couldn’t launch apps. This turned out to be an issue with Apple Gatekeeper, which verifies that developer certificates are still valid before you run an app on your Mac, in an attempt to make sure that you’re about to run a legitimate application.
With Apple’s servers sidelined by the rush of people looking to download Big Sur, so too was Gatekeeper’s verification process. In the time since that incident, there’s been some concern that Apple is tracking users by way of Gatekeeper, and today the company updated its support page on the utility to describe just what it tracks and what it doesn’t.
“Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked,” Apple said. “We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.”
Furthermore, Apple says that the checks have “never included the user’s Apple ID or the identity of their device,” but the company says that it has nevertheless decided to stop “logging IP addresses associated with Developer ID certificate checks,” and that it will “ensure that any collected IP addresses are removed from logs.”
Beyond that, the company says that it will make a handful of changes to its Gatekeeper security checks over the course of the next year. Those changes include a “new encrypted protocol for Developer ID certificate revocation checks,” better protections against server failure (which will probably be a big relief for users after what happened last week), and a preference that gives users the ability to opt out of security checks.
While some users probably aren’t willing to take Apple at its word regarding these privacy issues, it’s worth pointing out that security researcher Jacopo Jannone has published…