Change In The Developer Certificate Issue Data Access Concerns

Seneca
Seneca
Community Member
in Mac

I experienced the issue due to an expired provisioning profile and a format change in the developer certificate; I know you identified and solved these issues in an update for version 6.5.5. My 1password account is working fine again.

I will admit that I did find this whole situation disconcerting because I realized that there is a lot of data that I have in 1password. Not having the ability to launch the software could cause me a significant amount of data loss. I assume that I would always be able to open a version of the software installed on my computer.

Are there any suggestions for a solution to have some sort of a backup available to launch the software if something like this were to happen again. I just want a way to be able to access my data.

I certainly have great confidence in Agile Bits, but I've had significant data loss from legacy software from other companies I trusted primarily from the OS 9 to X transition.

Any suggestions that you have would be greatly appreciated. Thank you.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Ben
    Ben

    Hi @Seneca,

    Thanks for taking the time to write to us with this concern.

    If you have a 1Password.com subscription membership you can always login on the website as well:

    1Password

    Additionally if you have 1Password installed on multiple devices (computer, mobile, tablet, etc), which we would recommend, you can access your data from another device. :)

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • Seneca
    Seneca
    Community Member

    Thanks for the response!

    I never thought about that. I automatically went to the Agile Bits website and downloaded the software update. I never thought about accessing different device like IOS.

    It was just very disconcerting to feel like I had no access to my data because the certificate expired. it's one thing when you're installing new software it's completely different issue when you have something running on your machine and the "faucet" can effectively be turned off by Apple with the user having no control.

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @Seneca,

    On behalf of Ben, you're quite welcome! :)

    Indeed, it can be upsetting to suddenly not be able to launch 1Password and access your data. This was definitely an unusual and unexpected situation! It's not something Apple did on purpose, as the whole thing essentially boils down to a problem in the OS, and our developers are working with Apple to see what can be done to make sure this type of thing won't happen again.

    In case you're interested, we posted a couple articles on our blog to explain the technical details of what happened:

    If you have more questions about that, please let us know. Cheers! :)

  • Seneca
    Seneca
    Community Member
    edited March 2017

    Drew,

    Thank you for the reply, and I appreciate you sharing the links.

    I think what is disconcerting to me is the ability to turn off software on my machine by revoking a certificate. Agile Bits and Apple have been Gold Standard Operators in this area, but that doesn’t mean that process could not be used by an entity like a government force a certain type of software just to stop working. For example, a government bans using a certain type of encryption and instructs companies like Apple and Microsoft to comply by revoking the certificate of that software. Very Scary.

    One of the reasons that you use something like 1password is to try to protect yourself in the digital world. The ability to shut software down that’s been installed on a machine for a long period of time without the developer or the software licensee having any control over that process is still incredibly jaw-dropping disconcerting to me.

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @Seneca,

    We agree - apps shouldn't suddenly stop working like that! But just to be clear, Apple didn't purposely do anything to "turn off" 1Password - this was caused by a problem in the OS. Once it is fixed, the scenario you described really shouldn't be a concern. And in fact, Apple has already made changes to the developer center to help with this. Please be sure to take a look at the blog articles from my previous post for more information about all that.

    But keep in mind that, as Ben previously explained, even if for some reason you aren't able to use the 1Password app on your Mac, there are other ways to access your data. Hopefully that won't be necessary though, as we're working with Apple to ensure a problem like this doesn't happen again. :)

  • Seneca
    Seneca
    Community Member

    Drew,

    I appreciate the reply.

    I'm now looking at the bigger picture. Including a world where the "Internet of things" world your TV potentially may be a surveillance device.

    It sounds like I have my "tinfoil hat" on but look how far the line in the sand has gone over the last couple of years.

    I guess it's just surprising to me that revoking a certificate can effectively shut down software. I certainly understand what you posted above, but that certainly would not prevent the government from passing a law indicating, for example, a piece of software like 1 password can no longer use the type of robust encryption that you're using. Before this, I thought if this were to happen i would say "go fly a kite" I am still going to keep using this now banned software. Now I see that you can effectively shut down a piece of software by revoking it's certificate. It's one thing to prevent installation of software it is a whole another thing to just be able to disable it without the software company or computer user having any control.

    As much as I trust Apple and Agilebits, I also realize that you both would comply if a " big brother" law would happen to get passed.

    What would stop a government from demanding in implementation of a piece of legislation to revoke a particular software's certificate rendering that software usable?

    I use one password to protect more than passwords and being cut off from my data was very disconcerting and eye opening.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Seneca: I think there may be some confusion here. The whole point of certificate revocation is to shut down software (for apps, or SSL/TLS for websites) However, the AgileBits certificate was not revoked, and while revocation does exist, it's an important security feature in both browsers and OSes these days. There have been cases where certificates were being misused both for apps and websites, and having the ability to revoke them has prevented users from being affected. You're right that this could be inconvenient to users as well, and while I enjoy Apple's hardware and software, there are alternatives out there if it comes to the doomsday scenario you posit. Fortunately that hasn't come to pass. And while I'm sorry for the scare you experienced with 1Password, I hope that the fact that we had a solution in place so quickly so that you could simply download a new version (instead of truly being unable to use it on your Mac) will help you sleep better at night. I know I do. :)

  • Seneca
    Seneca
    Community Member

    "And while I'm sorry for the scare you experienced with 1Password, I hope that the fact that we had a solution in place so quickly so that you could simply download a new version (instead of truly being unable to use it on your Mac) will help you sleep better at night."

    Brenty,

    Quite the contrary. I thought Agilebits handled this whole situation incredibly well and I continue to have the utmost confidence in you.

    "Apple's hardware and software, there are alternatives out there if it comes to the doomsday scenario you posit."

    Sadly the doomsday scenario is significantly closer in 2017 than I ever imagined it to be.

    "The boiling frog is an anecdote is at work here with our digital data the story describing a frog slowly being boiled alive. The premise is that if a frog is put suddenly into boiling water, it will jump out, but if the frog is put in cold water which is then brought to a boil slowly, it will not perceive the danger and will be cooked to death."

    I believe Apple and Agilebits are the good guys in my cause. But seeing how certificate revocation works was very surprising to me.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Seneca: It's important to draw a distinction between certificate revocation (in which a certificate is nullified, often due to a security issue) and certificate expiration. Both are important, as it provides an opportunity to vet software (and its vendors), and take action if necessary. For example, without revocation, someone malicious who was able to get an website certificate for apple.com from a rogue or compromised certificate authority, or get malware in the App Store, could benefit from a single mistake for as long as people could visit the site or download the app. And without expiration, the same certificate could be used perpetually for other attempts in perpetuity.

    In the case of 1Password (and PDFPen, and perhaps others I'm not aware of) though, this is simply a learning experience where we see how the system handles certificates. While I think some changes are in order, it's better for it to err on the side of security than be overly permissive — which would defeat the purpose of these security measures in the first place. Cheers! :)

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2017

    @Seneca: I wanted to follow up here again because as I was thinking about it and discussing a question of security, I realize that it ties all of this together nicely:

    Certificates and digital signatures are important for the digital security we depend on. For example, while it could be possible for someone to compromise the AgileBits server, we don't keep our digital signatures there. So while someone could offer a 1Password download that was malicious, it wouldn't be signed by us (or Apple — even the AgileBits Store version of 1Password is signed by the AgileBits developer certificate, which is signed by Apple, to comply with Gatekeeper):

    Interestingly, the inconvenient, unceremonious breakage of 1Password for Mac version 6.5.3 offers hope here. The reason everyone had to update the app manually was because the built-in updater checks not only that the server certificate matches the AgileBits it expects (as opposed to an impostor), it also checks the signature of the download. Because we had to change it, it didn't match the old one, and the updater rejected it. The same would happen if someone malicious were posing as the AgileBits update server and/or giving users a file that we didn't sign ourselves. Because of certificate revocation and (in this case in particular) expiration, we can protect all 1Password users (including ourselves) from attackers impersonating our website and/or 1Password itself. :sunglasses:

    P.S: @rudy kindly reminded me of something I'd meant to mention but forgot: our new certificate doesn't expire until March 3rd, 2022, so that gives us plenty of cushion as well. ;)

  • Seneca
    Seneca
    Community Member

    I truly appreciate all of these responses and is giving me a much better understanding of this area.

    Here's the million dollar question for me.

    If I have a piece of software that does X. Maybe uses a robust form of encryption.

    I like X which I paid for a license to operate on my machine.

    There is a developer that makes the software do something that Apple does not like, or a law passes like in my example above watering down encryption, etc. Apple decides to revoke the software's certificate. Apple may not even want to revoke the certificate but certainly, is not going to violate a mandate by a government to do so.

    The developer does not want to change the software and chooses not to.

    I as the software licensee know the risk and want to continue to use the software. Not update the software but just continue to run it on my Apple desktop computer.

    Without the developers, blessing is it possible for Apple to revoke the certificate before the certificate expires disabling the software?

  • AGAlumB
    AGAlumB
    1Password Alumni

    I truly appreciate all of these responses and is giving me a much better understanding of this area.

    @Seneca: You're very welcome! I think it's great that you're interested in how all of this works. Not everyone is. :)

    Here's the million dollar question for me. If I have a piece of software that does X. Maybe uses a robust form of encryption. I like X which I paid for a license to operate on my machine. There is a developer that makes the software do something that Apple does not like, or a law passes like in my example above watering down encryption, etc. Apple decides to revoke the software's certificate. Apple may not even want to revoke the certificate but certainly, is not going to violate a mandate by a government to do so. The developer does not want to change the software and chooses not to. I as the software licensee know the risk and want to continue to use the software. Not update the software but just continue to run it on my Apple desktop computer. Without the developers, blessing is it possible for Apple to revoke the certificate before the certificate expires disabling the software?

    Absolutely. If Apple only disabled apps if it was okay with the developer, then certainly they would't be getting the "blessing" of malware creators to do so.

    Whomever controls the platform can do as they see fit, and that goes for Google and Microsoft (with Android and Windows respectively) in addition to Apple (with macOS and iOS). Linux and FreeBSD are interesting in that there is no one entity that is in charge. I chose to stick with "disable" since this could take different forms, not just certificates, but simply telling the OS to kill a certain app. Certificates are just a way of verifying the source. In most cases, malware isn't signed (unless they're doing so to bypass security restrictions, as with those who co-opted Transmission).

    So that sounds pretty dire until you consider that companies have a business interest in not simply doing what governments tell them to. It's not a perfect analogy, but think of Apple's refusal to comply with the FBI's demand for a backdoor in the San Bernadino case. That was pretty good publicity for Apple, and it was a chance for them to demonstrate that not only is iOS secure enough to keep the FBI out of our data, but also that as a company they're willing to stand up for their customers' right to privacy. It was risky, and certainly there was also some backlash against Apple. But for those of us using iPhones every day, it's good to know that when push comes to shove they really can't give anyone access to all of our data, nor are they willing to make it possible to do so going forward.

    And more to the point of this discussion, Apple disabling apps has a real impact on their customers, so it isn't something they can take lightly. If either of us end up getting the short end of that stick, we're likely to reconsider where we spend our money, and it's the same for anyone else affected. Apple would very much like to continue to be an incredibly profitable technology company, and you can bet they weigh these things carefully so as not to damage their reputation and bottom line. When there's a decision like this to be made, even if money is the only consideration, they have to weigh the cost of not taking action against an app against that of doing so. In the case of security issues that impact their customers, not doing anything about it is going to be much more costly. And while what you hypothesize is possible, when it comes to taking action on behalf of a government agency which could really hurt their ability to acquire and/or keep customers, there would probably have to be a really, really good reason for them to comply. I don't really see that happening, but we'll cross that bridge if and when the time comes.

  • Seneca
    Seneca
    Community Member

    I appreciate everybody's responses.

    I think the problem was lack of understanding by me that I would be able to run a stand alone app on a machine as long as I didn't update the OS. Having an important app cut off the way that it happened was very disconcerting.

    Having multiple ways to access the data as suggested earlier in the thread gives me more peace of mind that I am not going to be cut off from incredibly important data that I rely on 1password to protect. Certainly, I can backup the data file and encrypt it, but if I can't utilize the program to open the data file, it can be very scary.

  • Seneca
    Seneca
    Community Member

    I also appreciate the very thorough explanation that you have giving me which helps me understand how this stuff works in an easy to digest fashion. Thank you!

  • Drew_AG
    Drew_AG
    1Password Alumni

    On behalf of Brenty, you're very welcome! I'm glad his information helped to explain how this all works, as it can certainly be a bit complex and confusing. (Even for us! :lol: )

    We're always happy to help, so please let us know if you need anything else. :)

This discussion has been closed.