Finally, users will also be given the option of opting out of these security protections all together, a change that seems designed to appease complaints like Paul’s.Ĭorrection November 16th, 2:58PM ET: An earlier version of this story conflated Apple’s developer ID certificate check process with Apple’s notarization malware check process. Over the next year the company says it will roll out a new encrypted protocol for developer ID certificate checks while adding “strong protections against server failure” - that is, protections against the issues that stopped apps from opening last week. However, something about these complaints do seem to have registered with Apple, as the company says it’s changing how it handles these checks in the future. “We do not use data from these checks to learn what individual users are launching or running on their devices.” “We have never combined data from these checks with information about Apple users or their devices,” writes the iPhone-maker. The company also says it’s stopped logging IP addresses associated with the Developer ID certificate checks.
#IS APPLE SERVER DOWN SOFTWARE#
In its updated support document, Apple makes clear that security checks it makes when authenticating software do not include a user’s Apple ID or device identity.
However, Paul argues that since many developers only publish a single app it wouldn’t be hard to infer which app someone is using from information about its developer. One blog post by cybersecurity student Jacopo Jannone notes that the data sent to Apple’s OCSP server contains information that could identify an app’s developer but not the app itself.
However, not everybody agreed with Paul’s analysis. The end result, wrote Paul, is that anyone use a modern version of macOS can’t do so without “a log of activity being transmitted and stored.” In a blog post titled “ Your Computer Isn’t Yours,” Paul claimed that this security process means Apple collects a hash of every program a Mac user runs, along with their IP address, over an unencrypted connection. The outage lead to scrutiny of Apple’s practices, most notably by security researcher Jeffrey Paul. This security feature checks that an app’s developer certificate hasn’t been revoked before it’s allowed to launch. This will display all Apple’s available services, iCloud, and Stores.
#IS APPLE SERVER DOWN HOW TO#
“We do not use data from these checks to learn what individual users are launching or running on their devices”Ĭomplaints about this verification process focused on a protocol known as the online certificate status protocol service, or OCSP. Here is how to check if Apple servers are down: Step 1: Open Apple’s official site, locate Support menu, Type System Status, and hit the hyperlink under the first option.