Apple’s latest operating system, macOS Big Sur, uses a new API to constantly send users’ data (including how, when, and where a Mac is used) to Apple. This data is transmitted to Apple without encryption, meaning anyone with access to the same network as the Mac can see the information.
There are plenty of reports of Google, Amazon, Facebook, and other big tech companies tracking and logging user data. Thankfully, Apple has been a bastion of respect for user privacy in both the computer and smartphone world. Right?
According to a new report from Jeffrey Paul, a computer privacy blogger and advocate, macOS Big Sur is constantly logging and transmitting user data. He reports that a recent Apple server failure brought attention to the tracking process. Apparently, macOS Big Sur communicates with Apple servers and logs which apps a user opens; the time the app is opened; and location data like the user’s IP address, city, state, etc.
Normally, this process either logs and send user data when a user is online. If the process cannot immediately connect with the server, it fails without notifying the user. Late last week, an Apple server got bogged down. The tracking process could still communicate with the server, but the longer connection times caused the code to skip past its quick-fail path. However, the issue caused apps to fail to open as they couldn’t verify the logging process.
What does this mean? In a nutshell, Apple receives data detailing exactly where, when, and how you use your macOS Big Sur device. Further still, Apple can prevent apps from opening on your computer, whether you know it or not.
This tracking has been present in prior versions of macOS, but privacy-focused apps and VPNs could trick the process. However, Big Sur introduces a new API that circumvents even these apps and VPNs. In other words, a VPN or firewall won’t shield your location from Apple’s own tracking.
Considering the new proprietary hardware Apple has put into its MacBooks (like the T2 security chip and the new M1 SoC), this tracking has become extremely difficult to circumvent as some processes appear to take place at the hardware level. Not only is it almost impossible to install another operating system through non-Apple-approved channels (i.e., dual-booting Linux), it is becoming harder to block or hamper Apple’s embedded tracking practices.
Perhaps worst of all, the data is sent to Apple through unencrypted channels. That means anyone with access to the computer’s connected network (e.g., your ISP or anyone on the same public WiFi network) can see the data being transmitted with little trouble. Apple does hash the application data, but if history is any lesson, hashes like these are cracked in due time.
As Jeffrey Paul states, your MacBook is no longer yours.
What do you think of Big Sur’s tracking process? Let us know in the comments.