Apple, ex machina

I have to admit I'm kind of tin foil hat person taping my laptops camera and not putting private files into the cloud. But before Easter I got surprised by a little story I would like to share.

My MacBook Pro from one day to another had a broken N key. Even though the keyboard has plenty of keys, you'll miss the N key quite soon and therefore I gave it to the Apple Store for being repaired. So far, no problem. They fixed the problem within 3 weeks and it is working fine now.

Suddenly a new account

But what puzzled me a bit was, that on the login screen I found a new account called Apple. Since in everyone there is some nature of a hacker I tried to login and boom, my first try apple as a password logged me in. It was a standard account that Apple probably had added to test the hardware.

But how did they do that? I cannot remember that I gave them my login data explicitly, I just had to agree they can check my computer. And following the login logs (type last on the Terminal) that was obviously the moment when the Apple account became active:

shutdown  ~                         Sat Mar 31 11:44 
shutdown  ~                         Tue Mar 27 08:09 
apple     ttys000                   Tue Mar 27 08:08 - 08:08  (00:00)
apple     console                   Tue Mar 27 08:08 - 08:09  (00:01)
reboot    ~                         Tue Mar 27 08:08 
shutdown  ~                         Mon Mar 12 11:38 
apple     console                   Mon Mar 12 10:58 - 11:38  (00:40)

So okay, I have my keychain synced to the iCloud and my admin account on that machine is connected to my iTunes and iCloud accounts. Apple should indeed be in possession of everything they need to unlock my computer. But I didn't think it would have been that easy before ;)

Especially because I have FileVault activated I thought it would be harder to get on the machine. But I do not have activated root and set to a custom password. Maybe a failure?

File access rights considerations

A second thing I noticed was, that I was able to access most data on my regular users home directory from the new Apple account. That is not surprising since the access rights of all folders I created myself are like drwxr-xr-x. Stupid me, but as I noticed then these are the access rights that are used by default on folder creation:

$ umask -S
u=rwx,g=rx,o=rx

This should usually be fine, but it does not fit my needs very well. Of course there are ways to fix it. I adjusted it like this for my needs:

$ sudo launchctl config user umask 077

And where appropriate fix previously granted access rights:

$ chmod -R go-rwx *

Tin foil hat

Certainly there is nobody else to blame than myself, but in the end it shows that my tin foil hat doesn't work that well in general :)

Update 2018-04-10 It turns out that changing the umask is working as expected, but it causes other problems. The most severe one for me was, that Code Signing and uploading to the AppStore does not work any more. The alternative would be to just try to set the users root directory access rights to something more defensive.