2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled - Submission

Information

Apple provides a mechanism to send diagnostic and analytics data back to Apple to help them improve the platform. Information sent to Apple may contain internal organizational information that should be controlled and not available for processing by Apple. Turn off all Analytics and Improvements sharing.

Share Mac Analytics (Share with App Developers dependent on Mac Analytic sharing)

Includes diagnostics, usage and location data

Share iCloud Analytics

Includes iCloud data and usage information

Rationale:

Organizations should have knowledge of what is shared with the vendor and that this setting automatically forwards information to Apple.

Solution

Graphical Method:
Perform the following steps to disable diagnostic data being sent to Apple:

Open System Preferences

Select Security & Privacy

Select Privacy

Select Analytics & Improvements

Set Share Mac Analytics to disabled

Set Share with App Developers to disabled

Terminal Method:
Run the following commands to disable the sending of diagnostic data to Apple:

$ /usr/bin/sudo /usr/bin/defaults write /Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist AutoSubmit -bool false

/usr/bin/sudo /usr/bin/defaults write /Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist ThirdPartyDataSubmit -bool false

$ /usr/bin/sudo /bin/chmod 644 /Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist

$ /usr/bin/sudo /usr/sbin/chgrp admin /Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist

$ /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Preferences/com.apple.assistant.support 'Siri Data Sharing Opt-In Status' -int 2

example:

$ /usr/bin/sudo -u seconduser /usr/bin/defaults write /Users/seconduser/Library/Preferences/com.apple.assistant.support 'Siri Data Sharing Opt-In Status' -int 2

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.applicationaccess

The key to include is allowDiagnosticSubmission

The key must be set to <false/>

The key to also include is Siri Data Sharing Opt-In Status

The key must be set to <integer>2<integer/>

There must also be a second PayloadType string of com.apple.SubmitDiagInfo

The key to include is AutoSubmit

The key must be set to <false/>

Note: Since the profile method sets a system-wide setting and not a user-level one, the profile method is the preferred method. It is always better to set system-wide than per user.

See Also

https://workbench.cisecurity.org/files/4176