The Pain of Apple's Notarization: Server Outage Exposes System Flaws, Opt-Out Feature Remains Enigmatic

The Pain of Apple's Notarization: Server Outage Exposes System Flaws, Opt-Out Feature Remains EnigmaticIn 2020, Apple released macOS Big Sur, which soon faced a massive server outage, sparking concerns among users about system security and stability. The outage had a wide impact, affecting services such as macOS installation, iMessage, and Apple Pay

The Pain of Apple's Notarization: Server Outage Exposes System Flaws, Opt-Out Feature Remains Enigmatic

In 2020, Apple released macOS Big Sur, which soon faced a massive server outage, sparking concerns among users about system security and stability. The outage had a wide impact, affecting services such as macOS installation, iMessage, and Apple Pay. The most severely affected service was the application notarization service.

Notarization: A Double-Edged Sword

When a Mac launches an application, it performs several verification checks, including application notarization. The notarization mechanism aims to ensure the security and integrity of applications, primarily through two verification methods:

• Malware Check: Ensuring the application is free from malware infections.

• Developer Certificate Verification: Ensuring the validity of the developer certificate associated with the application, preventing forgery and piracy.

Notarization plays a positive role in protecting user security, but it also has drawbacks. For instance, when the Mac is offline, notarization checks fail, making it difficult to launch applications.

Server Outage: Exposing the Vulnerability of the Notarization System

During the 2020 server outage, macOS continued to attempt to connect to servers for notarization checks, even when offline, resulting in abnormally slow application launch speeds. This incident exposed the high dependence of the notarization system on servers; if the servers fail, the entire system is affected.

Apple's Response: Some Promises Fulfilled, Opt-Out Feature Remains Enigmatic

To address the shortcomings of the notarization system, Apple announced a series of changes, including allowing users to completely opt out of online notarization checks. Additionally, Apple pledged to stop collecting IP addresses related to developer ID certificate checks and introduce new encryption protocols to enhance security.

It's commendable that Apple has fulfilled some of its promises, such as ceasing IP address collection and creating a new encryption protocol for developer ID certificate checks. However, Apple has remained silent on the option to completely opt out of online notarization checks.

Adding to the confusion, all references to this feature in Apple's support documents were completely removed sometime within the past year. This suggests that Apple may have abandoned its plans to allow users to bypass any form of online security checks before opening applications.

Questions and Outlook

This incident has raised questions about Apple's notarization mechanism, particularly regarding the cancellation of the opt-out feature, which has left many users confused and disappointed.

Apple may have implemented some underlying changes to ensure that server outages no longer affect application launches, but further clarification from Apple is required.

The notarization mechanism plays a vital role in system security, but it also needs to balance user experience and system stability. Apple must carefully consider user needs, ensuring system security while minimizing the impact on user experience.

Conclusion

Apple's notarization mechanism has exposed system vulnerabilities in the face of server outages, and the cancellation of the opt-out feature has raised concerns. Apple needs to actively address these concerns, promptly improve the notarization mechanism, making it more secure, reliable, and balanced with user experiences.