Apple Defends The Role Of Gatekeeper After Users Can T Open Mac Apps

It’s a frustrating situation when you rely on your computer for work, but can’t do anything because a server is messed up. That’s right, as developer Jeff Johnson noted, the issue was caused by Apple’s Online Certificate Service Protocol (OCSP) server crashed — largely due to many users downloading the new update simultaneously. The OCSP server is responsible for authenticating digital certificates of all apps — both Apple and third-party. Apple calls this feature Gatekeeper, and the company claims it helps to prevent apps without valid certificates from opening to maintain user security. It doesn’t matter if you’ve downloaded your app from the App Store or not. So when users were trying to just open their apps, they had to wait for the OCSP server to authenticate the app for them, but they weren’t getting any response. The easiest solution was to turn off the internet to launch apps. Apple evidently fixed the problem in a few hours.

If you’re now experiencing hangs launching apps on the Mac, I figured out the problem using Little Snitch. It’s trustd connecting to https://t.co/FzIGwbGRan Denying that connection fixes it, because OCSP is a soft failure. (Disconnect internet also fixes.) pic.twitter.com/w9YciFltrb — Jeff Johnson (@lapcatsoftware) November 12, 2020 After the incident, security researcher Jeffery Paul wrote a blog alleging that macOS sends app hashes to Apple every time you run them. He also accused the company of knowing your rough location. Later, developer Jacopo Jannone explained that the company doesn’t really send hashes to servers every time you launch apps. In response, Apple has updated its support page called “Safely open your apps” by defending its Gatekeeper mechanism and said the company never collects users data for it: The Cupertino tech giant noted that next year it’ll launch a project to reduce server dependencies and even give its users an option to opt-out of these security measures. We’ll have to wait for the implementation to see how they act in real-life usage. Hopefully, we won’t have to face the frustration of waiting for a server to authenticate an app that you downloaded and used plenty of times. Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.