and you appear to be a little confused between the purposes of 'gate keeper' and 'notarisation'
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
macOS Big Sur Potential Security Issues Revealed
- Thread starter SpiritSoul1008
- Start date
-
- Tags
- security & privacy
- Sort by reaction score
The false claims that Apple somehow bypasses the firewall have been debunked multiple times. Some links to relevant discussion:
Big no on Big Sur: Mullvad disallows Apple apps to bypass firewall
Despite Apple’s changes to macOS with the release of Big Sur, we can confirm that the Mullvad app still performs as intended by not allowing Apple’s own apps to bypass our VPN firewall.
Also, where do you get the information that the location is part of Apples certificate validation request? As far as I am aware, all they send is the hash of the developers certificate.
What does notarization has to do with any of this? We are talking about Apples use of RFC 6960 to communicate revoked software certificates.
notarisation does the cert check EVERY time you call up an appThe false claims that Apple somehow bypasses the firewall have been debunked multiple times. Some links to relevant discussion:
Big no on Big Sur: Mullvad disallows Apple apps to bypass firewall
Despite Apple’s changes to macOS with the release of Big Sur, we can confirm that the Mullvad app still performs as intended by not allowing Apple’s own apps to bypass our VPN firewall.mullvad.net
Also, where do you get the information that the location is part of Apples certificate validation request? As far as I am aware, all they send is the hash of the developers certificate.
What does notarization has to do with any of this? We are talking about Apples use of RFC 6960 to communicate revoked software certificates.
gate keeper does a single malware verification check the FIRST time you load up an app
and that article points to one packet filter firewall product and is a general justification for the argumentThe false claims that Apple somehow bypasses the firewall have been debunked multiple times. Some links to relevant discussion:
Big no on Big Sur: Mullvad disallows Apple apps to bypass firewall
Despite Apple’s changes to macOS with the release of Big Sur, we can confirm that the Mullvad app still performs as intended by not allowing Apple’s own apps to bypass our VPN firewall.
Also, where do you get the information that the location is part of Apples certificate validation request? As far as I am aware, all they send is the hash of the developers certificate.
What does notarization has to do with any of this? We are talking about Apples use of RFC 6960 to communicate revoked software certificates.
What are you even talking about. Notarization is the process of having an app tested for malicious code and verified by Apple. This is something that the developer of the app needs to do before distributing it. Notarization is done one time only and the user receives an already notarized application. There are no notarization checks when an app gets started.
Gatekeeper is the service responsible for checking whether an app is safe on runtime. I don't know too much about what components are formally parts of Gatekeeper, but I very much assume that certificate validity check is one of its core responsibilities.
I find it hilarious how people start writing some cryptic and difficult to decipher messages after you make it clear they are in the wrong. I have no idea what your post means. I don't know what "the argument" is. The fact is: you were claiming that Apple is bypassing network transport laters and violate tunneling protocol. These claims are factually false. The links I have posted explain why they are false.
To sum it up: these false clams are based on the API misuse by some popular apps, which were using an application-level firewall to implement filtering instead of the system-level firewall. Basically, some people sued the wrong tool to do the job, suddenly discovered that the tool doesn't do the job it was never intended to do and started to blame the tool manufacturer. This is not a story of a malicious corporation trying to steal your data, this is a simple story of developer incompetence.