https://lapcatsoftware.com/articles/2024/5/3.html
Previous: Apple started cheating me out of App Store bundle purchases
Articles index Jeff Johnson (My apps, PayPal.Me, Mastodon)
Feedback Assistant Boycott
Updating from macOS Ventura to Sonoma silently enables iCloud
Keychain
May 19 2024
This is not a new issue. It was discovered last year, and it also
affects updating from iOS 16 to iOS 17. As far as I'm aware, I'm the
first to have noted the issue publicly:
The latest iPadOS beta seems to have silently enabled iCloud
Keychain.
(Although I don't actually have any passwords on the iPad.)
Jul 25, 2023
Later, after iOS 17 and macOS 14 were released, the issue was
publicized by the security researcher Mysk:
If you've never enabled iCloud Keychain and recently upgraded to
iOS 17, chances are good that your passwords are now stored on #
Apple servers. As confirmed by many users, #iOS17 secretly turns
iCloud Keychain on. This video shows the entire process step by
step: Video
Oct 2, 2023
More context from Mysk: Sep 27, 2023 Oct 09, 2023 Oct 10, 2023
I've discovered today that unfortunately this issue--this bug, I would
call it, though who knows whether Apple considers it a bug or
"expected behavior"--still exists with the latest versions of macOS
Ventura and Sonoma, 13.6.7 and 14.5 respectively.
My main development machine, a 2021 M1 MacBook Pro, is still on
Ventura, but I plan to update it soon to Sonoma in preparation for
Apple's Worldwide Developer Conference (WWDC) in June, because the
new WWDC beta version of Xcode will undoubtedly require the latest
version of macOS, as usual. Nowadays, Xcode is the only thing that
drags me kicking and screaming to the latest and worst version of
macOS. However, I remembered the iCloud Keychain bug and was wary of
it, so I decided to do a trial run on an external hard drive to see
whether the bug was still there, and sadly it was. The external drive
had a macOS Ventura 13.6.7 boot volume with iCloud enabled but iCloud
Keychain disabled. After updating the volume to macOS Sonoma 14.5,
iCloud Keychain was enabled. (I then disabled iCloud Keychain, which
actually caused System Settings to hang and eventually crash, but
afterward iCloud Keychain did seem to be disabled.)
I generally try to avoid "cloud" services, because they've proven
untrustworthy in terms of both reliability and privacy. I avoided
iCloud entirely for many years. Ultimately, though, I caved in and
enabled iCloud in order to add iCloud sync to my browser extension
StopTheMadness, because my customers kept requesting it. Money talks.
Nonetheless, I still don't use iCloud for any of my personal data,
only for development purposes, so I have most iCloud settings
disabled, including iCloud Keychain. While I do trust the inherent
security of iCloud Keychain to keep my passwords encrypted, I don't
trust iCloud Keychain to sync reliably. Moreover, the user interface
of iCloud Keychain is totally opaque, which I find totally
unacceptable. And the recent issue with deleted photos reappearing
certainly doesn't inspire confidence in iCloud.
What I'd like to do is update from Ventura to Sonoma without an
internet connection, giving Sonoma no chance to upload my passwords
or other data to iCloud before I can disable iCloud Keychain.
However, I haven't found a way to do that. Even though I ran
softwareupdate --download first in Terminal, and even though I
disabled System Integrity Protection (SIP) to allow any version of
macOS to boot my Mac, softwareupdate --install still refused to
install with my WiFi disabled. I may have to perform some more trial
runs, perhaps disconnecting my WiFi router after macOS reboots into
the updater. Hopefully that won't brick my Mac! We used to be able to
update macOS and Mac OS X without an internet connection, so it's
frustrating, not to mention a violation of privacy, that Apple now
requires Macs to phone home to Cupertino.
You might wonder why I don't sign out of iCloud before I update from
Ventura to Sonoma. It turns out that there's no point in that, due to
another bug, "Signing out of iCloud and signing back in again forgets
all of your previous iCloud settings" (FB12168173), which I also
discovered last year. Apple's "resolution" of this bug was
"Investigation complete - Unable to diagnose with current
information". Incidentally, Apple silently resolved this issue
without asking me for more information. They don't seem to care.
Addendum: Success!
On my second trial run, I managed to find a way to update from
Ventura to Sonoma without an internet connection. My "mistake" in the
first trial run was to use softwareupdate --install --restart, which
automatically restarts if required to complete the installation. In
the second trial, I omitted the --restart argument. When
softwareupdate is ready/done it just sits there in Terminal without
prompting you, so you'll need to take the initiative. After
successfully running softwareupdate --install, I disabled WiFi,
opened System Settings, and deleted my WiFi password from Network
settings. You can confirm that the password is gone by checking
keychain and also by calling nvram -p | grep preferred-networks in
Terminal to make sure the WiFi password is not available to the
recovery volume. After that, I simply rebooted, and the Mac
automatically goes into install mode.
When the update was done, macOS Sonoma automatically enabled both
WiFi and Bluetooth, but it wasn't connected to WiFi, because it
didn't have the password. (macOS and iOS automatically re-enable
Bluetooth after every software update.) Curiously, iCloud Keychain
was not enabled, so I'm guessing that perhaps it tries to enable
iCloud Keychain and falls back to disabled if it fails. Thankfully,
iCloud Keychain remained disabled after I connected to WiFi again,
and even after I rebooted, so this seems like a permanent solution!
Now I need to go back and reinstall Ventura on my Mac mini (where I
ran the second trial), because I still need a Ventura test volume.
Sigh.
Feedback Assistant Boycott
Jeff Johnson (My apps, PayPal.Me, Mastodon) Articles index
Previous: Apple started cheating me out of App Store bundle purchases