Disabling Apple’s undocumented phone-to-home feature on my macOS Install
TL;DR: Install Lulu and block syspolicyd
if you are on macOS Catalina or above, it will improve first-run execution time on unsigned binaries and scripts and also improves privacy
Recommended Reading⌗
- Does Catalina 10.15 contact Apple servers when executing programs? - Ask Different
- Catalina is checking notarization of unsigned executables - Lapcat Software
- Does macOS phone home to Apple’s servers before running an app for the first time? - Ask Different
Consequences of phone-to-home⌗
-
Apple will have the ability to tie your IP Address to the applications and scripts that you execute on your Mac
-
Consequently, it may be tied to your iCloud account (or some other form of unique identifier) and could potentially lead to documentation of all the software installed on your device
Things required⌗
- The latest version of Objective See’s Lulu
Steps⌗
-
Install Lulu, perform a reboot and allow Lulu to whitelist Apple applications by default and blacklist everything else (then you will receive a flurry of prompts to whitelist or blacklist applications that you have already installed)
-
Go to the Apple tab and search for
syspolicyd
and right click on the allow checkmark and click ontoggle (block)
-
Now
syspolicyd
's embedded phone to home will be walled off from the internet (as of macOS Catalina 10.15.5)
Measuring performance⌗
Done using echo $'#!/bin/sh\necho Hello' > /tmp/test.sh && chmod a+x /tmp/test.sh && time /tmp/test.sh (from the recommended reading) && time /tmp/test.sh
with rm /tmp/test.sh
between runs
Performance before syspolicyd block⌗
Hello
real 0m0.285s
user 0m0.001s
sys 0m0.002s
Hello
real 0m0.004s
user 0m0.001s
sys 0m0.002s
Performance after syspolicyd block⌗
Hello
real 0m0.004s
user 0m0.001s
sys 0m0.002s
Hello
real 0m0.004s
user 0m0.001s
sys 0m0.002s