←back to thread

macOS unable to open any non-Apple application

(twitter.com)
2603 points mattsolle | 1 comments | 12 Nov 20 21:00 UTC | HN request time: 0s | source
Show context
Lammy ◴[12 Nov 20 21:38 UTC] No.25075443[source]
Maybe it's just me but the idea that my computer lets Apple (+ any LE organizations) surveil my app launches seems so much scarier than any malware.
replies(6): >>25075490 #>>25075500 #>>25075562 #>>25075747 #>>25075841 #>>25076444 #
brundolf ◴[12 Nov 20 21:44 UTC] No.25075490[source]
I don't know about you, but hashes of the binaries I run don't exactly reveal any sensitive personal information about me. That said, obviously they should have much more graceful degradation in place for when something is wrong with the service.
replies(8): >>25075523 #>>25075525 #>>25075542 #>>25075578 #>>25076133 #>>25076290 #>>25076425 #>>25076603 #
djsumdog ◴[12 Nov 20 21:46 UTC] No.25075523[source]
In this case, isn't the hash of the binary consistent across all devices, so Apples can in fact derive exactly which binary you're running (assuming they have a large database of application binary and hashes)?
replies(3): >>25075572 #>>25075582 #>>25075672 #
brundolf ◴[12 Nov 20 21:59 UTC] No.25075672[source]
Yes. My personal data involves what I do within those apps, not which ones they are.
replies(3): >>25075725 #>>25075758 #>>25075894 #
thelean12 ◴[12 Nov 20 22:03 UTC] No.25075725[source]
That's not even close to true. Apps that you have downloaded can reveal a massive amount of potentially personal information.

Think about someone having a dating app that would out them. Or a therapy app that they don't want people to know about. And that just scratches the surface.

replies(2): >>25075858 #>>25075965 #
valuearb ◴[12 Nov 20 22:13 UTC] No.25075858[source]
Only if linked to personally identifiable information. Do we have any evidence this is happening?
replies(4): >>25075991 #>>25075995 #>>25076004 #>>25077372 #
deadbunny ◴[13 Nov 20 00:41 UTC] No.25077372{3}[source]
I'm not an Apple user so forgive my ignorance here.

1. Do you need an apple account to use the app store?

2. Do you need to provide personal information to use an apple account (I'm thinking at least enough to get a credit card working for app purchases/subscriptions)?

3. Is the data sent to this anti-malware service linked to your Apple account or an apple hardware id? (Has someone wiresharked the data to confirm/deny)

replies(1): >>25077666 #
brundolf ◴[13 Nov 20 01:17 UTC] No.25077666{4}[source]
1. Yes

2. Yes

3. I doubt it

But regardless of 3, simply by using the App Store at all (similarly to any other App Store out there) you're already giving them more information than they get from these hashes (at least for the apps that come from the store). I know for a fact that they keep a record of which apps you've downloaded there, associated with your account, because they check for updates and let you re-download them. As does the Android store. As does the Windows store.

replies(1): >>25078248 #
1. damnencryption ◴[13 Nov 20 02:50 UTC] No.25078248{5}[source]
Correction: You don't need to login to install apps from Microsoft store and software control on Linux.

Android, yes playstore requires an account but you can install an alternative store without signing in.