Apple responds to Gatekeeper issue with upcoming fixes

Apple has updated a documentation page detailing the company’s next steps to prevent the Gatekeeper error that occurred last week again.

And according to Rene Ritchie, the iPhone manufacturer plans to implement repairs within the next year.

Apple had a tough launch day last week, releasing macOS Big Sur, a major update to macOS, but then plagued it with server issues.

Third-party apps fail to run; Because the Mac was unable to verify the application developer certificate.

This feature, called Gatekeeper, makes sure that you haven’t downloaded a malware application masquerading as a legitimate application.

If the certificate does not match, macOS prevents the app from running.

Many were concerned about the privacy implications of the security feature, and feared that Apple would record every app you run on your Mac in order to gain competitive insights into app usage.

It turned out that the server was not enforcing encryption, as Jacopo Jannone intercepted an unencrypted network request, and discovered that Apple was not secretly spying on you.

The company wrote: We have never combined data from these checks with information about Apple users or their devices, and we do not use data from these checks to find out what users are running across their devices.

Apple provided details about its next steps. It has stopped logging IP addresses through its servers since last week, and it has become unnecessary to store this data for the Gatekeeper.

And Apple wrote: These security checks never included a user’s Apple ID or device ID, and to further protect privacy, we have stopped recording IP addresses associated with developer ID certificate checks, and we are ensuring that any aggregated IP addresses are removed from the records.

Apple is fixing the network request design and adding a user-facing unsubscribe option.

The company said: During the next year, we will introduce many changes to our security checks, including a new encrypted protocol for developer ID revocation checks, strong protection against server failures, and a new option for users to unsubscribe from these security protections.

Related Stories

Stay on op - Ge the daily news in your inbox

Recent Articles