How Apple’s security is becoming a disservice to users

You know that things are amiss when you arrive home to discover the locks have been changed. Although these days, maybe it just means that someone has hacked your IoT home devices and reprogrammed those locks.

I had an experience almost as disconcerting last Thursday morning. Having risen at 0530, I woke my Mac shortly after, and started opening the apps which I was going to use during the day. Each time I tried to start one which had been purchased through the Mac App Store, I saw the same alert which had confronted other users, including the person who sent in their question to me.

appstore173I immediately assumed that my hard drive had suffered a glitch during the night, and started trashing those apps and installing them again.

As we now know, it was nothing of the kind. Whoever is responsible for Apple’s security certificates had presumably gone on a long vacation, forgetting to renew that for the App Store. Since 2200 the previous evening, anyone who had tried to start a purchased app had been informed of the same issue: their apps were damaged and needed to be replaced. Only they weren’t damaged, it was the App Store’s DRM system which had broken, because the certificate had lapsed.

Aside from the miserable failure on Apple’s part – as a Certificate Authority – to keep its own certificates in date, the biggest problem was that the error message was completely bogus: the apps were not damaged in the slightest, nor would trashing them do anything purposeful, apart from causing each user even more hassle.

I have elsewhere drawn attention to another security problem which has reared its ugly head in El Capitan, the presence of SIP. Never fully explained to users (at least I cannot find it properly documented except in more arcane materials for developers), it can and does wreck some existing apps. Some which had worked fine under Yosemite now fail to start up at all, quit unexpectedly later, or simply behave erratically.

This is not because they are doing anything particularly silly or wrong, but because they tried to do things which El Capitan’s enhanced protection in SIP no longer permits.

Not that many users will ever discover the real cause, as the only clues are likely to be hidden away in opaque error messages in the logs, where even developers can be hard-pressed to interpret them.

Please don’t misunderstand me: I am not rebelling against the App Store’s DRM system, which normally works well and is transparent, nor against the significant security enhancement in SIP. But incorrect and misleading alerts and impervious error messages are not necessary components. They only upset users, waste their time, and lead them to assume that OS X is on the decline.

For its security to protect users, Apple must improve its dialogue with users. And the best place to start is informing them accurately of what has gone wrong, so that we know how best to react. Otherwise these services become a disservice.