Shortly after the release of macOS Big Sur in 2020, Apple faced widespread server outages. The outage affected macOS installations, iMessage, Apple Pay, and most notably, the Notarization service. This meant that users experienced major issues opening apps, exposing a flaw in how Apple handles app verification on the Mac.
Background
For more context, your Mac performs several checks every time you launch an app. One of these checks is to verify that the app isn’t malware, and the other is to ensure that the developer certificate associated with the app is still valid. These checks are meant to keep users safe and are commonly referred to as app notarization.
Normally, if you use your Mac offline, the checks would fail and your app would launch normally. However, when this server outage occurred, macOS was still trying to check the servers instead of just failing. This resulted in apps taking an agonizingly long time to launch.
The changes promised by Apple
Following the incident, Apple announced changes to address the issues, including an option for users to opt out of online notarization verifications altogether. These changes were expected to roll out starting in 2021.
Apple initially announced these improvements because there were concerns about whether or not the company was using the notarization process to collect data about the apps people were using. The company assured that this was not the case and outlined some of the changes it would be making in a support document:
To better protect privacy, we have stopped logging IP addresses associated with developer ID certificate checks and will ensure that all collected IP addresses are removed from logs.
Additionally, over the next year we will be introducing several changes to our security controls:
- A new encrypted protocol for revocation checks of developer ID certificates
- Strong protections against server failures
- A new preference for users to opt out of these security protections
Potential feature abandonment
Apple deserves credit for implementing some of the promised changes, such as stopping the collection of IP addresses. It also created a new encrypted protocol for verifying developer ID certificates.
However, it is still unclear when they will release an option to completely disable online notarization verifications. Additionally, all references on the support document regarding this feature have been completely removed over the past year.
Developer Jeff Johnson also recently highlighted this situation on his blog.
It seems that Apple has abandoned plans to allow users to launch apps without any form of online security checks before opening them, which is a bit of a shame if true. While rare, it is strange that apps can suddenly take significantly longer to launch due to servers being down.
9to5Mac’s review
Allowing users to opt out of notarization controls would undoubtedly be a huge privacy win and would challenge the idea that your Mac isn’t really your computer.
Apple has likely made other underlying changes to macOS to ensure that server outages will never prevent apps from launching properly in the future. Regardless, it would still be greatly appreciated if the promise to remove notarization was finally made public. Apple needs to clarify its plan here.
H/T: Polar Hacker
FTC: We use income generating automatic affiliate links. More.
