Apple recently revealed its new operating system – macOS Catalina – during the annual Worldwide Developers Conference.
Since we usually focus on the cybersecurity side of things, let’s see what the latest OS update brings in terms of privacy and security. Of course, there are a whole lot of new features presented, but we will go through the privacy and security improvements that macOS Catalina includes.
Тhe Sign In with Apple Feature
This is definitely one of the most interesting announcements Apple made during the Worldwide Developers Conference. The feature is designed with the idea of the privacy of Apple’s consumers and how they can be more private when accessing apps with the iOS ecosystem. Even though the feature met positive responses at first, several concerns also appeared. As pointed out by Aaron Parecki in an article for Entrepreneur, there are “concerns about Apple mandating use of the sign-in feature for developers and what it means for the platform giant to make demands that potentially sway consumer behaviors.“
By mandating that developers adopt Sign In with Apple if they’re using any third party identity provider, Apple is loading the dice in favor of Sign In with Apple’s success. Broad adoption is certainly likely, and while Facebook and Google may publicly be seen as privacy scofflaws, Apple itself is a platform just like Google and Facebook. By putting itself directly between the relationship of an app developer and a consumer, Apple has the potential to derive even more value from the apps that sit in its ecosystem, Parecki wrote.
How does Sign In with Apple work?
The feature works in a way similar to Sign in with Google or Sign in with Facebook. The identity features are based on the open standards known as OAuth and OpenID Connect to share customer identities with app builders. These standards have wide support which makes them quite efficient for app builders. Unlike the Google and Facebook sign in features, Sign In with Apple is intended to limit the data sharing including email address, name, user’s profile information.
Apple gives the opportunity for the user to choose whether they want use an anonymized email or an alternative full name. The anonymized email address should forward emails from the app developer to the user’s authentic email address. This way the app developer communicates with the user without invading their privacy.
More specifically, by using Sign In with Apple, the user can either enter their name and email address, or they can choose to be assigned a random email address. This email address will be used for the particular site or app that is forwarded to their iCloud email address. The email would be something like: email@example.com.
It’s also noteworthy that the Sign In with Apple feature may turn out to be a platform lock-in, similar to the way Facebook and Google can keep users linked to their platforms. It’s also yet to be determined whether the user will need to use an iCloud email address to receive the forwarded emails. However, as a lot of users don’t use iCloud email addresses as their Apple IDs, the feature may be able to function with various email providers.
Activation Lock for Macs
As explained by Apple, “all Mac models with the Apple T2 Security Chip now support Activation Lock — just like your iPhone or iPad. So if your Mac is ever misplaced or lost, the only person who can erase and reactivate it is you”. It’s important to note that the feature is already present on iPhone and iPad, and now it’s becoming available for Mac users. Its idea is to limit the thefts of these devices.
The enhanced Gatekeeper will make sure that all new apps installed on the device are checked for known security issues before the user runs them for the first time and after that, periodically. “This extends the protection from the app’s source to include automated checks for what’s in the app,” Apple explained.
Just yesterday we wrote about a new malware type that is bypassinga known Gatekeeper vulnerability. This vulnerability was disclosed in May by security researcher Filippo Cavallarin. The bug could allow a malicious binary downloaded from the internet to bypass Gatekeeper’s scanning process.
“On MacOS X version <= 10.14.5 (at time of writing) it is possible to easily bypass Gatekeeper in order to execute untrusted code without any warning or user's explicit permission,” the researcher wrote in May upon his discovery. So far, the researchers’ theory is that the malware maker was “merely conducting some detection testing reconnaissance“. Nonetheless, this is another reminder that malware developers are actively experimenting with new methods to bypass Apple’s built-in protection mechanisms. Let’s hope that the enhanced Gatekeeper of macOS Catalina will be powerful enough to prevent any attacks.
Other Noteworthy Security Features in macOS Catalina
Dedicated system volume
It’s noteworthy that macOS Catalina is designed to run “in a dedicated, read-only system volume. This means that it is separate from all other data, thus making sure that nothing can overwrite the critical operating system files.
“Previously many hardware peripherals and sophisticated features needed to run their code directly within macOS using kernel extensions, or kexts. Now these programs run separately from the operating system, just like any other app, so they can’t affect macOS if something goes wrong“, Apple said.
MacOS Catalina is designed to ask the user before allowing an app to access their data in Documents, Desktop, and Download folders, as well as iCloud Drive, the folders of third-party cloud storage providers, removable media, and external volumes. The user is also asked before an app performs key logging or capturing of video of the screen.
Perhaps you’ve heard about Project Catalyst, or the idea to merge the development for iOS and Mac apps, enabling consumers to use them interchangeably on all kinds of Apple devices. In other words, Project Catalyst aims at making apps across macOS and iOS universal. In fact, the project was officially revealed during the Worldwide Developers Conference in 2018.
There is evidence within macOS Catalina suggesting that Apple has more in store for Project Catalyst.
Developer Steve Troughton-Smith recently shared on Twitter evidence that Apple is working on Catalyst versions of two new applications, Messages and Shortcuts. But why is Apple working on such a project?
The reasons may vary. Some people speculate that Apple may be looking for a way to save Mac App Store as it has been a bit of deserted recently. Twitter removed its app from the store for the reason that most users use the web application. Furthermore, it appears that the number of developers using it is rather small. So, if Apple can grab the intensity of its iOS third-party development and bring it to Mac, the company will have plenty of new possibilities in a new market.