Much has been written in recent years about data breaches where hackers attack a corporate or government website and database and make off with millions of passwords, credit card numbers, and other personal information.
What isn’t talked about often is how much your Mac is under attack; from without and from within. Hackers and bots hammer every Mac connected to the internet but Apple has most of the vulnerabilities plugged and whenever an exploit is found, manages to plug that hole, too. What about those apps on your Mac? Do they phone home and share data about you?
ET Phone Home
For the most part, macOS Sierra and predecessors have done a good job at keeping out those who would hack their way into your Mac. Updates are frequent. Holes are plugged. In fact, Apple is sufficiently secure in macOS that it doesn’t bother to turn on the built-in software firewall which could prevent outsiders from gaining access to your Mac.
Besides, everyone knows the most damaging conquests occur due to user error or someone nearby gaining access to your Mac. But what about those entities already on your Mac? Do such apps phone home?
Phoning home, in computing, refers to an act of client to server communication which may be undesirable to the user and/or proprietor of the device or software. It is often used to refer to the behavior of security systems which report network location, username, or other such data to another computer.
How can you tell which apps on your Mac are making contact with the outside world? Little Snitch is the app I use. We at Mac360 have written often of Little Snitch’s ability to capture and stop apps from phoning home, but there is a new feature that will knock your socks off. It’s a real time look at which apps are phoning home and where they phone.
What you see in the image above is a Mac’s location– the blue icon– and all the locations where various apps are phoning home. In real time. The left hand sidebar displays the most recent connections– from your Mac to a location. The Map in the middle displays the same data but graphically. The right hand sidebar display a summary of recent connections, including those denied, how much bandwidth– both up and down– has been used, and statistics on the apps which use the network the most.
Little Snitch, when first installed, automatically allows a number of connections from your Mac to servers elsewhere in the world. That means you can browse with Safari, use Mail for capturing spam (shameless plug for SpamSieve), connect with iTunes, iCloud, Calendar sync, and more. But when third party applications decide to phone home, they’re stopped and you get a pop alert with options to deny or accept the connection.
Most such connections are benign. Apps need to phone home to see if a new update is available. Many apps use iCloud, Dropbox, and other cloud services, and so need to connect with each one. And each one gives you a pop up window with options. After awhile, you won’t have many pop ups. What you will see are which apps are phoning home and where– geographically.
This is a recent screen grab from Little Snitch on my iMac (yes, I live in the middle of the Pacific ocean).
What you see above are the outbound connections my iMac is making to servers elsewhere in the world. As expected, most connections are to servers in the US, a few in Canada, even more to Europe (the UK, Germany, the Ukraine, and elsewhere). Those connections going west end up in Japan, China, and Russia.
You can track each one and connect the track to the app on your Mac. For example, I had one connection to Shanghai. I double clicked and found two connections from an application called Snippets Lab (which collects, stores, and manages code and text snippets). The connection to Russia came from Safari.
Here’s a look at the apps on my Mac that make connections to servers elsewhere in the world.
Little Snitch does far more than control outbound connection attempts, but also displays those outbound connections to specific IP addresses and geographic locations. The number of applications that phone home to those servers is enormous and surprising; even to someone who traces computer experience back to CP/M PCs running WordStar, SuperCalc, and dBase II.
If you are concerned about security and privacy while using the internet, Little Snitch is a good way to see exactly which apps phone home and where home is, and gives you more control over each one. It also comes with a try-before-you-buy option. That makes it highly recommended if you suffer from a bit of online paranoia. Remember, if everyone is out to get you, paranoia is the right attitude to have.
