There are times in tech where I need to eat humble pie. Macbook is one of those things. I used to give out about people calling their Apple laptops “Macbooks”. They’re just laptops like, what makes them so special? Then I bought one and I fell in love. I suddenly got it, I got the appeal. I’m no closer to understanding why anyone buys iPhone but I got Macbook and today my trusty 15-inch Mac is probably my favourite gadget. I’ve just updated the the latest MacOS known as Big Sur but on the operating system’s launch day something unusual happened. As a result a wide range of security issues with the new Apple operating system has surfaced and Apple’s near pristine approach to security has taken a hit.
What Is Big Sur?
Apple has a history of naming its operating systems along with giving them release numbers. The most recent release is MacOS 11, also known as Big Sur. Before it became an OS name, Big Sur referred only to an unmapped wilderness area in California. It was called El Sur Grande, The Big South or Big Sur.
What Happened On Big Sur Launch Day?
Apple’s launch of Big Sur was accompanied by lots of fun for the Californian company. Apple experienced server outages which meant users were unable to download or install the new OS. Worse was the fact iMessage and Apple Pay also went down. Most surprisingly of the lot was performance issues for users running older operating systems on their Macbooks. In fact everything from MacOS Catalina and before saw performance issues, my own included. At the time I was worried my Macbook was finally coughing and spluttering but no. It was a centralised issue affecting all Apple laptops. Seems odd right?
Well, it seems odd only because I’ve been reading about how a security researcher dug deep into the release and has flagged some pretty frightening issues for a company heavily reliant on security as a brand cornerstone.
Apple’s Ethos
Apple is a bit like Trump. Wait now and hear me out. Apple perpetuates an image and keeps saying things so that we all believe it. “It just works” was their old battle cry, but like Trump’s “I won big”. If you say things enough, enough people will believe it without scratching the surface. Yep, people believe Trump won and people do believe Mac “just works”. Apple has also pushed the privacy side of their operating systems. “We at Apple believe that privacy is a fundamental human right” said Apple CEO Tim Cook.
The Big Sur release heavily undermined two of Apple’s pillars; functionality and privacy. Here’s how bad it is.
Big Sur Privacy Issues
Security researcher Jeffry Paul has published the innards of what’s going on. He outlines how the days of simply powering on your Macbook to do a task are gone. Instead, the simplest boot to undertake a simple task means a log of your activity gets sent to Apple. Paul has found evidence that Apple’s OS sends the company a unique identifer containing every program you run as you’re running it. You’d never notice it because it runs quietly in the background but it surfaced with the Big Sur release when things slowed and crashed, the two incidents being directly linked.
This isn’t a small privacy issue either. You might even be asking yourself “so what?”. Well, here are the things Apple is harvesting:
- Date
- Time
- Computer
- ISP
- City
- State
- Application Hash
Apple can determine quite a lot here. They can tell what you’re doing, when you’re doing it and why. Apple also has access to your IP address which can be considered personal data. Paul also highlights that since October 2012, Apple has signed up to PRISM, a program which allowed the US federal police and military access to all of this data freely, access they made use of over 30,000 times in 2019 alone.
Paul spells out the simple truth that “this data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns. For some people, this can even pose a physical danger to them”.
Un-privacy By Design
Now, as is often the case, things like this emerge and through a simple installation, the problem is solved. Like online ads. They’re annoying so we install ad blockers. Until Big Sur, a program called Little Snitch. This allowed you to block all communication between your laptop and Apple. Nice, right? Well, Big Sur prevented Big Sur from working properly. To me, it sounds like Apple really wants that data.
I’m no stranger to GDPR and am a little concerned about what Apple might be gathering all this data for. Sure, I’ve got nothing to hide but that doesn’t change the fact it’s my data and my decision what to share, not Apple’s.
For now, there’s not really much you can do about it all. However, if you think Apple is really security focused it might be time to recalibrate your thinking. I know I have.