Purism Lashes Out at Apple Over Remote Control of User Devices
Posted on November 14th, 2020 by Kyle Torpey and filed under Free Software.
In a blog post published on Friday, Purism Chief Security Officer Kyle Rankin lashed out at Apple’s use of a notary service as part of their code-signing process, which grants Apple control over whether applications can run on end users’ devices.
According to Rankin, the idea that Apple users own the laptops, smartphones, and other devices they purchase from the computer hardware giant was disrupted this week when MacOS users had problems launching various applications.
The issue, which was prevalent among Apple users, was caused by Apple’s use of a notary service that requires any signed application to get permission from a server owned and operated by Apple before it can run on the end user’s device.
“This means that Apple not only knows which applications you have installed, it knows each time you run them. While in the past this was an optional service, now it’s mandatory and starting with Big Sur, you can no longer use a tool like Little Snitch to block this service, or route it through Tor for some privacy. Apple (and anyone who can sniff this plaintext communication) can know when you launched Tor browser or other privacy tools, or how often you use competitors’ applications,” wrote Rankin.
From Rankin’s perspective, this feature of Apple devices is more about control than security. “While code signing already gave Apple control over whether you could install or upgrade software, this feature grants Apple control over whether you can run applications,” Rankin added.
Rankin also pointed out that Apple has already used their heavy control over iPhone devices to remove competitors’ applications from the App Store and remotely disable apps in the name of additional security or privacy benefits for their users. In Rankin’s view, there is no reason to think this sort of activity won’t now also be seen on Apple devices that run macOS.
Although not outlined explicitly by Rankin, a potential worry here for Bitcoin users or users of privacy-focused software like the Tor Browser is that Apple could eventually decide to block these apps from running on Apple devices or be motivated to do so by a nation state. From Rankin’s perspective, this move by Apple is about allowing them to control users’ devices rather than improving security for them.
Nov 16 Update: According to MacRumors, Apple has responded to the incident from last week. Apple says the notarization checks are not connected to the identities of individual Apple users. Additionally, Apple says they intend to develop a few changes to their notarization system, including the ability for users to opt out of the security measure entirely.
Kyle is the creator of The Crypto Feed. Before founding The Crypto Feed, Kyle was a longtime freelance Bitcoin writer at places like Forbes and Bitcoin Magazine.