2.3.1 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled

Information

Apple provides a mechanism to send diagnostic and analytics data back to Apple to help them improve the platform. Information sent to Apple may contain internal organizational information that should be controlled and not available for processing by Apple.Turn off all Analytics and Improvements sharing.

Share Mac Analytics (Share with App Developers dependent on Mac Analytic sharing)

- Includes diagnostics, usage and location data

Share iCloud Analytics

- Includes iCloud data and usage information

Organizations should have knowledge of what is shared with the vendor and that this setting automatically forwards information to Apple.

Solution

Run the following commands to disable the sending of diagnostic data to Apple:

% /usr/bin/sudo /usr/bin/defaults write /Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist AutoSubmit -bool false

/usr/bin/sudo /usr/bin/defaults write /Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist ThirdPartyDataSubmit -bool false

% /usr/bin/sudo /bin/chmod 644 /Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist

% /usr/bin/sudo /usr/bin/chgrp admin /Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist

% /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Preferences/com.apple.assistant.support "Siri Data Sharing Opt-In Status" -int 2

See Also

https://workbench.cisecurity.org/benchmarks/17465