User profile for user: rpg25
rpg25 Author
User level: Level 1
62 points

Do you want the application “identityservicesd.app” to accept incoming network connections?

I just got this pop up. To be honest, my first response was


How the **** should I know?

But seriously, I don't know what "identityservicesd.app" is, nor do I know whether or not it should be accepting network connections.


I'd like to know about this specific issue, but in general this kind of message is a real usability issue for Apple. Without informing users about what this means -- we aren't even told what this application does -- and what tradeoffs are involved, it's impossible for us to make an intelligent choice. Either we deny, and maybe something stops working (we have no way to guess what that would be), or we are exposing ourselves to some security risk that we cannot identify.


This kind of thing is a big part of why computer security is a disaster.

MacBook Pro 16″, macOS 12.3

Posted on Mar 27, 2022 7:28 PM

Reply
Question marked as Top-ranking reply
User profile for user: lllaass
lllaass
User level: Level 10
210,513 points

Posted on Mar 28, 2022 9:24 AM

https://www.passfab.com/keychain/identityservicesd-wants-to-use-the-login-keychain.htmlhttps://apple.stackexchange.com/questions/356622/what-is-identityservicesd

View in context

Similar questions

7 replies
User profile for user: Owl-53
Owl-53
User level: Level 10
103,147 points

Mar 29, 2022 1:46 PM in response to rpg25

As previous mentioned (Identity Services Daemon) that deals with third-party credentials. so there must be some Third Party Application installed who's Credentials are being verified calling home.


Suggest downloading the Application Etrecheck directly from a well Respected ASC Contributor. And Safe to use.


The application is free or paid from added features. 


Run the application with Full Disc Access ( Security & Privacy - Full Disc Access ).


It will take a Snap Shot -  both the hardware and software.


 The Report will Not Reveal Any Personal Information. 


Post back the Full Report - copy and paste - using the Additional Text Icon ( 3rd Icon to last )



We can have a look at the report for possible issues and may have possible suggestions to resolve the issues.


Any Third Party Applications that will interfere with the normal operation of the OS, alter, modify, remove or delete or attempt to do so is an invitation for disaster and may require a Reinstallation of the OS in-order to replace any modified, altered, removed or corrupted elements of the OS this software has inflected on this computer 


Any of the below should be removed as per Developers Instructions 


This includes AntiVirus, Disk Cleaners, Disk Optimizes, UnInstaller etc.


This will include CleanMyMac , This will include BitDefender


This will included Norton Antivirus , Sophos Av Software


Intego AntiVirus, McAfee, MacKeeper, Avast AntiVirus


Ad Guard, Webroot


The The Built in Security  is all that is required.

Reply
User profile for user: Owl-53
Owl-53
User level: Level 10
103,147 points

Mar 28, 2022 9:14 AM in response to rpg25

identityservicesd is a background process (Identity Services Daemon) that deals with third-party credentials


One would not normally receive a " got this pop up. " nor " nor do I know whether or not it should be accepting network connections." unless the computer is running a Third Party Firewall like Little Snitch

Reply
User profile for user: Owl-53
Owl-53
User level: Level 10
103,147 points

Mar 28, 2022 2:47 AM in response to rpg25

The process is a Native and Benign Process to macOS


Open you Activity Monitor >> View >> View ALL Process. Top Right input identityservicesd and it shouldering up the specific process.


To see all the open files this process is using in the picture below with the Square Box - open it and muck around inside there to see all the open files this process uses.




Reply
User profile for user: rpg25
rpg25 Author
User level: Level 1
62 points

Mar 28, 2022 9:05 AM in response to Owl-53

Thanks! That is helpful, but doesn't go all the way to answering my question. Specifically:


  1. What does this benign process do?
  2. Why does this process need to accept incoming connections from arbitrary outside machines?
  3. More philosophical/rhetorical: If this benign process always needs to be open to the outside world, why on earth should Apple make me decide whether or not to open it, on a basis of complete ignorance, instead of Apple doing it for me? Why ask me questions I am in no position to answer? This kind of thing is a contributing cause to why computer security is such a disaster.
Reply
User profile for user: rpg25
rpg25 Author
User level: Level 1
62 points

Mar 29, 2022 1:09 PM in response to Owl-53

For what it's worth, I am only running Apple's firewall.


What's odd about this is that if I'm dealing with third-party credentials, shouldn't the identity services daemon only need to connect out to other systems? Why would third party credentials servers be initiating connections to my Mac from outside. This still seems kind of odd.


Is identityservicesd the same as Unix identd?


Also, TCP and UDP ports used by Apple software products - Apple Support does not list port 301, which is the port that identityservicesd has opened on my Mac, but does list "identification protocol" as listening on port 113. The Activity Monitor lists "Ports," but the help does not specify if those are source or destination (listening) ports. Google Drive Helper (Renderer) is listed at port 113, but I don't know if that is a listening port. Presumably so?


Anyway, while I do see identityservicesd in the activity monitor, neither lsof nor netstat show it as opening a listening port. So I am still pretty confused.

Reply
User profile for user: rpg25
rpg25 Author
User level: Level 1
62 points

Mar 29, 2022 1:16 PM in response to lllaass

Thanks. The passfab article explains what identityservicesd is, but again, doesn't say why it should be accepting connections from outside as opposed to initiating connections to outside.


The second (Apple Stackexchange) article is a little more helpful, the identity services allow a user to authenticate, so I guess that would call for accepting local connections from applications that want to use the identity service for authentication to some third party application. But again, why accept incoming connections from outside? Perhaps there's some handshaking where a local application can redirect an outside server to the identity server daemon to get credentials?


The API documentation referenced from the Stackexchange article (Introduction to Identity Services Programming Guide) doesn't explain why there would be external access, either.



Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Do you want the application “identityservicesd.app” to accept incoming network connections?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up