Is Apple really phoning home every time I start an application on macOS?

Question

I'm not sure if this sort of question is welcome here, but I'd imagine it could allow for some interesting discussion beyond the scope of the initial question.I'm living on an extremely restricted internet connection right now that completely drops out every few minutes (my ISP is Vodafone, fellow German users will know what I mean.) I noticed that when my internet connection stalls, but I'm still connected to the wifi, I'm unable to open certain apps. So far I've experienced it with VLC, VS Code and Firefox. I remember some time ago there were rumours that apple was actually sending usage statistics every time I launch an app back to their servers. If the connection is interrupted, the apps don't start. Is this actually the right explanation? If that is true, this would be so nightmarishly dystopian to me I'd consider switching back to linux. Thank you!

__d · Accepted Answer

It's kinda true.I think macOS will check that the developer certificate used to sign the application you're about to start hasn't been revoked.Search for ocsp.apple.com, around November 2020, for details.

runjake · Answer

It's checking for certificate status, not so much phoning home. To my knowledge, it is only sending some hashes to Apple. It is not sending any personal data.
Here is a good write-up on the issue:
https://www.sentinelone.com/blog/what-happened-to-my-mac-app...
I recommend that people not block oscp.apple.com as it has security benefits. If your threat model dictates blocking oscp.apple.com then you probably should not even be running macOS (or Windows).

rurban · Answer

Buy a proper firewall, like Little Snitch. Also beware of the Safari downloads sqlite DB.

ixacto · Answer

Yes they do. Also for account changes.

blondin · Answer

shouldn't be happening every time you open these applications though.