Measures to take for blocking macOS apps from pilfering data

Sep 12, 2018 13:02 GMT  ·  By

In theory, having apps cryptographically signed using certificates issued by Apple and enabling the "Allow apps downloaded from App Store and identified developers" should protect you from rogue developers who want to steal your data.

This, coupled with the fact that Apple can revoke said certificates and effectively disable malicious apps, should spell privacy heaven for any security concerned Mac user.

However, as we've seen during the last few days, even macOS applications that got through Apple's App Store vetting system and were checked to respect the store's review guidelines, and ending up being distributed through the Mac App Store can't be trusted.

The problem is if you can do anything about it and if there are actions you can take to make sure that you won't be the next victim of a "security"-focused app or archive expander which decides that collecting your data and sending to its developer's servers is a good idea.

After contemplating the problem for a while, I think I have found a handful of steps one can take to increase the chances of his data to stay put on his Mac's hard drive.

So, what are the steps you take on your own to have your mind at ease and your data out of the sticky paws of computer criminals until Apple fixes the Mac App Store review process?

1. Install a network blocker

macOS has a built-in firewall capable of blocking incoming connections, but that is not very helpful.

For blocking outgoing connections you could use the PF firewall inherited from FreeBSD, but configuring it for our purpose would take quite some time.

Luckily, there are applications created to alert you whenever an app tries to connect to a remote server. The most user-friendly such tools I know of are Objective Development Software's Little Snitch and Objective-See's LuLu.

The first one provides you with a 30 days trial and the second one is a free and open source application.

Configuring them shouldn't be a problem seeing that both utilities will do their job right after being installed and will let you know whenever an app tries to connect to a remote server, giving you the option to block the connection.

2. Always use trustworthy apps

For most use cases, you can find an app developed either by Apple or by developers you 100% trust (being in the Mac App Store is NOT a warranty of the app being safe as we've all seen the past days).

3. Be VERY careful when giving apps access to your home folder and hard drive.

If you do not depend on the app asking for access to your hard drive to perform a vital task for you, don't give it access to your data. Let it live in its sandbox, as all honest apps should.

Particularly if the app doesn't fulfill the requirements of the step above.

4. Check if your apps are sandboxed

If you care about your data's security and your privacy, you should avoid running apps which are not sandboxed as much as possible.

In layman's terms, a sandboxed app is an app which has built-in rules that disallow or restrict access to system resources such as disk, memory and network access.

As detailed on StackOverflow, you can check if apps are sandboxed before launching them on your Mac by running the following command in a Terminal window (I added an example in the article's gallery): 

code
codesign -dvvv --entitlements :- executable_path

5. Be VERY wary when giving apps access to your home folder and hard drive.

Did I mention already that you have to be VERY cautious when giving apps access to your hard drive?

I know it's the same thing I said in step 3, but I can't stress enough the importance of this. Just do it.

If you think of any other possible measures one can take to increase the security of his data while using a Mac, please share them in the comments.

Photo Gallery (2 Images)

LuLu connection alert
Checking if Apple's Calendar is sandboxed
Open gallery