Security News > 2020 > November > Security experts level criticism at Apple after Big Sur launch issues
Security expert Phil Vachon explained what happened on his blog Security Embedded, writing that an Online Certificate Status Protocol responder checking certificates of each and every application was to blame after an Apple server went down.
"In the aftermath of the OCSP responder outage, and the dust settling on the macOS Big Sur release, there are a lot of folks reasonably asking if they can trust Apple to be in the loop of deciding what apps should or should not run on their Macs. My argument is-who better than Apple?".
Some took issue with the idea that Apple felt the need to verify each and every application while others, like Berlin hacker and security researcher Jeffrey Paul, highlighted that for each instance of verification, the macOS sends a hash back to Apple "Of each and every program you run, when you run it."
"We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices. Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures. These security checks have never included the user's Apple ID or the identity of their device."
"No matter who you are, you will end up outsourcing this to someone-most users capable of running a security program that monitors for malicious apps. While I'm going to sound like an Apple apologist, I think the privacy arguments are far-fetched. Even if we took them to their extreme conclusion and Apple allowed users to disable all the controls they provide, we would cause more harm than good."