Apple tries to clear the air about its anti-malware software accused of collecting users’ IP addresses – MediaNama.com

Posted: November 22, 2020 at 9:48 pm

Apple has denied claims that the companys anti-malware software collects details of appsrunning on Mac devices, along with the devices IP addresses, which contain city and country identifiers. The clarification has come in light of a heated debate around privacy concerns within the Apple ecosystem, as alleged by German security researcher Jeffery Paul in a recent blog post.

Paul, in a blog post titled Your Computer Isnt Yours, had alleged that Apples Gatekeeper feature, which ensures that a users Man runs only software that is pre-approved by Apple, collects IP addresses. This software allows Apple to stop an app from running on its devices if its developers certificate is revoked. In theory, this feature allows Apple to stop users from installing malware on their devices. But, according to Paul, Gatekeeper gives Apple a lot more information than the company is letting on.

This means that Apple knows when youre at home. When youre at work. What apps you open there, and how often. They know when you open Premiere over at a friends house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city Jeffery Paul, security researcher

Soon enough, Apple responded with an updated support document, presumably in response to Pauls blog post and the discussion it elicited on Reddit and other platforms.Apple said that Gatekeeper only performs online checks to verify if an app contains known malware and if a developers signing certificate is revoked.

We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices Apples updated support document

Apple emphasised on how the security checks have never included users Apple ID, or the identity of their devices. At the same time, however, the company said it will delete any IP addresses it has collected so far, perhaps admitting indirectly that it indeed had collected some IP addresses: To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs [emphasis ours].

Additionally, the company committed to introducing more changes to its security checks mechanism:

How other apps/ecosystems handle telemetric data collection: Almost all apps and programs collect telemetry data, which is a term for data that helps developers understand how their software is performing. However, it is considered ideal when this data collected is anonymised that it cannot be used to identify the user in any way. Firefox, for instance, allows users to know what data is being collected from them, which is anonymised to protect their privacy. Similarly, all projects that are part of the Linux Foundation need to anonymise telemetric data to ensure that users personal data or any other sensitive data is not at risk.

Here is the original post:
Apple tries to clear the air about its anti-malware software accused of collecting users' IP addresses - MediaNama.com

Related Posts