Shortly after the release of macOS Big Sur back in 2020, Apple faced widespread server outages. The outage affected macOS installations, iMessage, Apple Pay, and most notably: the notarization service. This meant that users had major issues opening apps, revealing a flaw in how Apple handles app verification on the Mac.
Background
For some context, your Mac does a couple verification checks whenever you launch an app. One of the checks is to verify the app isn’t malware, and the other is to make sure the developer certificate associated with the app is still valid. These checks are meant to keep users safe, and are widely referred to as App Notarization.
Normally, if you’re using your Mac offline, the checks just fail and your app will launch normally. However, when this server outage occurred, macOS was still attempting to check the servers rather than just failing. This resulted in apps taking a painful amount of time to launch.
Apple’s promised changes
After this incident occurred, Apple announced changes to address the issues, including an option to allow users to completely opt out of online notarization checks. The changes were supposed to roll out starting in 2021.
Initially, Apple announced these improvements because there were concerns around whether or not the company was using the notarization process to collect data on what apps people were using. The company reassured that this wasn’t the case, and highlighted some changes they were going to make in a support document:
To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
In addition, over the the next year we will introduce several changes to our security checks:
- A new encrypted protocol for Developer ID certificate revocation checks
- Strong protections against server failure
- A new preference for users to opt out of these security protections
Potential scrap of the feature
To Apple’s credit, it did implement some of the changes it promised, such as stopping collection of IP addresses. It also created a new encrypted protocol for Developer ID certificate checks.
However, there’s still no word on when they’ll release a complete opt-out of online notarization checks. Furthermore, all references on the support document regarding the feature were completely scrubbed sometime in the past year.
Developer Jeff Johnson also recently highlighted this situation on his blog.
It would appear that Apple has scrapped their plans on allowing users to launch apps without any form of online security checks before opening, which is a bit of a shame if true. Although rare, it is bizarre that apps could suddenly take far longer to launch due to servers being down.
9to5Mac’s Take
Allowing users to opt out of notarization checks would undoubtedly be a huge privacy win, and would challenge the narrative that your Mac isn’t really your computer.
Apple likely made other underlying macOS changes to assure that server outages would never prevent apps from launching properly in the future. Regardless, it would still be greatly appreciated for the promised notarization opt out to finally release. Apple needs to provide clarity on their plan here.
H/T: Polar Hacker
FTC: We use income earning auto affiliate links. More.
