When you first check whether your new Mac’s security data files are up to date, you’re in for a surprise. Instead of the Gatekeeper version number being the latest, 181 and 8.0, it will be reported as being really ancient, such as 94 and 8.0. Gatekeeper data version 94 was pushed by Apple on 9 August 2016, when we were still running El Capitan. Surely, there must be some mistake?
If you’ve checked this using my free utility SilentKnight, in the full text report you’ll see that there’s an element of doubt:
Gatekeeper 94, 8.0 should perhaps be 181, 8.0
That’s because current Macs can have either version installed, and it doesn’t matter which, as that data is apparently no longer used by macOS.
Back in the days when Gatekeeper’s data was being updated, those updates came frequently. Even in 2019, its version number climbed from 161 to 181 by 26 August, then suddenly stopped when Apple released Catalina that October. Since then, although Apple has pushed fairly frequent updates to XProtect and MRT, there hasn’t been a single update to the Gatekeeper data.
When a Mac has already had Gatekeeper version 181 data installed, upgrading and updating its macOS normally retains that version, so checking a Mac which has been successively upgraded from High Sierra to Big Sur will most commonly show version 181 is still present. But Macs which have never received the 181 update now get the version supplied with more recent macOS, which is curiously not that last version, but the ancient 94.
There’s nothing that you can do about this: security data isn’t updated how you want, but depends on what Apple’s servers push to your Mac. And since at least Big Sur, they don’t push any version of Gatekeeper data more recent than 94. In some ways, it’s a memento from the past, that your latest M1 Mac still has the Gatekeeper data from El Capitan, almost five years ago.
Apple doesn’t of course explain why any of this happened. Until 2019, it appears that macOS stored information about certificate revocations locally, in this Gatekeeper database at /private/var/db/gkopaque.bundle. Those Macs which have kept pace with the latest release of macOS stopped accessing that database in September 2019, prior to the release of macOS 10.15 Catalina. Instead, Catalina and Big Sur now check all executable code on loading, and, when that code is signed with a developer certificate, perform an online check with Apple’s OCSP service.
So if you see that your Mac’s Gatekeeper data is still stuck in the summer of 2016 with version 94, don’t worry about it: Catalina and Big Sur ignore that database now, and not only doesn’t the old version make any difference, but you can’t update it anyway. SilentKnight and LockRattler only report this for compatibility purposes.